Back to GetFilings.com

Use these links to rapidly review the document
INDEX

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549

FORM 10-K

COMMISSION FILE NUMBER 0-20191

Intrusion Inc.
(Exact name of registrant as specified in its charter)

        Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ý    No o

        Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of the Registrant's knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. ý

        Indicate by check mark whether the Registrant is an accelerated filer (as defined in Exchange Act Rule 12-b2): Yes o    No ý

        State the aggregate market value of the voting and non-voting equity held by non-affiliates computed by reference to the price at which the common equity was last sold, or the average bid and asked price of such common equity, as of the last business day of the Registrants' most recently completed second fiscal quarter: $13,661,251. As of February 27, 2003, 20,648,425 shares of the Registrant's Common Stock were outstanding.

DOCUMENTS INCORPORATED BY REFERENCE

        Portions of the Registrant's definitive Proxy Statement filed in connection with the Registrant's 2003 Annual Meeting of Stockholders are incorporated by reference into Part III of this Form 10-K.

INTRUSION INC.


INDEX

2

PART I

Item 1. Business.

        In addition to the historical information contained herein, the discussion in this Form 10-K contains certain forward-looking statements, within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934, that involve risks and uncertainties, such as statements concerning: growth and anticipated operating results, developments in Intrusion Inc.'s markets and strategic focus; new products and product enhancements; potential acquisitions and the integration of acquired businesses, products and technologies; strategic relationships and future economic and business conditions. The cautionary statements made in this Form 10-K should be read as being applicable to all related forward-looking statements whenever they appear in this Form 10-K. Intrusion Inc.'s actual results could differ materially from the results discussed in the forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those discussed under the section captioned "Factors That May Affect Future Results of Operations" in Item 1 of this Form 10-K as well as those cautionary statements and other factors set forth elsewhere herein.

General

        We develop, market and support a family of network intrusion detection systems and security appliances that address vital issues facing organizations deploying business applications over the Internet or internally via Intranets. We currently provide network security solutions including intrusion detection systems and virtual private network and firewall appliances.

        We market and distribute our products through a direct sales force to end-users, distributors and by numerous domestic and international system integrators, managed service providers and value-added resellers. Our end-user customers include high technology, manufacturing, telecommunications, retail, transportation, health care, insurance, entertainment, utilities and energy companies, government agencies, financial institutions, and academic institutions.

        Our company was organized in Texas in September 1983 and reincorporated in Delaware in October 1995. For more than 15 years, we provided local area networking equipment and were known as Optical Data Systems or ODS Networks. On April 17, 2000, we announced plans to sell, or otherwise dispose of, our networking divisions, which included our Essential Communications division ("Essential") and our local area networking assets. In accordance with these plans, we have accounted for these businesses as discontinued operations. On June 1, 2000, we changed our name from ODS Networks, Inc. to Intrusion.com, Inc., and our NASDAQ ticker symbol from ODSI to INTZ to reflect our focus on intrusion detection solutions. On November 1, 2001, we changed our name from Intrusion.com, Inc. to Intrusion Inc.

        Our principal executive offices are located at 1101 East Arapaho Road, Richardson, Texas 75081, and our telephone number is (972) 234-6400. References to "we", "us", "our" or "Intrusion Inc." refer to Intrusion Inc. and its subsidiaries.

Recent Developments

        The economic and industry environment continued to be extremely challenging during 2002. As a result, our revenues continued to decline. We took measures to reduce operating costs throughout the year and even into the first quarter of 2003. Restructuring charges for the year totaled $0.2 million and were paid prior to December 31, 2002. Further restructuring charges of $0.1 million were taken in January 2003 as a result of further reductions in force made in January 2003 in an effort to reduce operating costs to a level consistent with revenue.

3

        We sold Essential Communications ("Essential") during the first quarter of 2002 and recognized a gain on sale of $0.4 million. During the fourth quarter of 2002, we successfully negotiated an early termination of the lease related to our discontinued operations, Essential. In addition, we wrote off all accounts receivable amounts related to Essential. The net impact of these transactions resulted in a $0.1 million gain on discontinued operations related to Essential for the fourth quarter and $0.5 million gain for the year.

        In conjunction with our annual review of all intangible assets, we determined that the goodwill and other intangible assets relating to the original acquisition of Mimestar were impaired. The impairment was determined to be the full value of the assets, as such, the remaining balances of the intangible assets were written off during December 2002. The amortization for the year on these assets totaled $0.8 million. The impairment charge during December 2002 to write off all intangible assets related to Mimestar was $3.0 million.

        During the fourth quarter of 2002 we performed a slow-moving and obsolete review of our inventory. During our review, we determined that inventory related to the SecureCom line of business should be completely reserved as it is an older generation product that is not being actively marketed. As a result, we recorded a $1.0 million charge to write down the value of the SecureCom inventory during December of 2002 to record the inventory at the lower of cost or market.

Industry Background

        In the last decade, network security has changed from being a technology deployed only by the government and the most sophisticated or most paranoid of companies, to a technology that is a core component of even the smallest networks. This change has come about with the permeation of the Internet as a business enabler. Today, email, WWW access, web sites, web-based applications and e-commerce are the core components of communications and operations for business and government.

        Although the Internet has many business advantages, its openness and accessibility makes it a potential threat to the networks and systems that are attached to it. Computer hackers, curious or disgruntled employees, contractors and competitors may compromise or destroy information assets or disrupt the normal operations and brand equity of the enterprise.

        Enterprises are therefore adopting a variety of security solutions to meet the challenge posed by malicious intruders, curious hackers and disgruntled employees. To be effective, an organization requires an enterprise-wide information risk management process that can be managed centrally and implemented on a distributed basis. Organizations seek systems with the optimum combination of best-of-breed capabilities and total cost of ownership. To secure the enterprise network requires two key elements:

•

Control: the ability to affect network traffic including access to the network or parts thereof. Control is paramount to enforcing a security policy. Control is provided by the firewall. Virtual Private Network ("VPN")/Firewall's control the flow of data between an internal network and outside networks or the Internet and protect information during transmission.



•

Visibility: the ability to see and understand the nature of the network and the traffic on the network. Visibility is paramount to decision making as well as crafting and constant improvement of a security policy. Visibility is provided by the Network Intrusion Detection Systems ("NIDS"). NIDS monitor the traffic on network segments to identify and respond to security breaches.

        Intrusion Inc. focuses on these two areas of network security, network intrusion detection systems and VPN/firewall security appliances.

4

Network Intrusion Detection Systems

        NIDS analyze network traffic for attacks. They examine individual packets within the data stream to identify threats from authorized users, back-door attacks and hackers who have thwarted the firewall to exploit network connections, cause system outages and access information assets. NIDS add a level of visibility into the nature and character of the network. They provide information about the use and usage of the network that can be used to:

•

Identify threats in real time so that human intervention can protect the network or so that automated responses can terminate offending communications,



•

Increase the value and efficacy of the control systems like firewalls and routers with evidence of the efficacy of the control policy, and



•

Provide decision support for the altering of the enterprise security policy and network management.

Security Appliances

        VPN/Firewall technology has become mainstream. Every size of business, from Small-Office, Home-Office (SOHO) to the distributed enterprise with a large Remote-Office, Branch-Office (ROBO) contingent, is using a firewall and connects mobile users and home user with VPNs. With these broadly deployed systems and mature technology, the primary value drivers have changed from best-of-breed technology to simplified management and reduced total cost of ownership.

        Security appliances simplify the deployment of security systems with preinstalled and preconfigured operating systems and application software and appliance management systems that simplify management and reduce or eliminate the learning curve for the system. Available in desktop or rack-mountable versions, these integrated appliances extend the reach of security administrators to remote and branch offices.

•

Desktop appliances are small, task-specific devices built to be deployed within the workplace, and managed remotely by the enterprise or a managed service provider (MSP).



•

Rack-mount appliances offer expandability and accessibility for datacenter and server room deployments where they can be managed locally or centrally through the network.

Intrusion Inc. Solution and Products

        Intrusion Inc. addresses the challenges of network security by developing, marketing and supporting a family of network intrusion detection systems and security appliances for deployment by enterprises, to include remote and branch offices, and for managed security service providers. We seek to protect information assets from attack and misuse and to safeguard data integrity. We believe implementing adequate perimeter defenses and monitoring network traffic to "trust-but-verify" are critical elements for the protection of information assets and integrity.

Intrusion SecureNet Network IDS Products

        Intrusion SecureNet network IDS provides industry leading protocol decode detection technology in a user customizable hybrid system. While Intrusion SecureNet Sensors are in the top-tier of the market for detection and throughput technology, the real benefits of the System are in the Total Cost of Ownership category.

        With the SecureNet system, Intrusion has simplified deployment, management and monitoring to reduce the total cost of ownership for an easy to set up and manage enterprise IDS. The Intrusion SecureNet system provides more customization and event flow options for the high-end deployments.

5

The Intrusion SecureNet system is a "plug-and-protect" network IDS and can tap into networks without interfering with the network operations.

        The SecureNet system provides intuitive and powerful data mining and configuration. Intrusion SecureNet Provider is the three-tier enterprise management and monitoring system. SecureNet Provider is for enterprise deployments with no license limitations placed on architecture. SecureNet Provider follows the workflow of the security analyst with a highly productive environment for intrusion research, resolution and decision support. Intrusion SecureNet WBI, the web browser interface for the sensor, provides for effortless Sensor configuration with SecureNet Provider. SecureNet WBI also delivers complete, stand-alone IDS for the small and medium business. Each Intrusion Sensor comes with SecureNet WBI for local management and monitoring. No other software or equipment is required—use any web browser to access a full power, full-features network IDS.

        The Intrusion SecureNet System has two primary components, Management and Sensors.

        Sensors are the components that are connected to the network and monitor the traffic for matches to signatures. Signatures are patterns, anomalies and traffic flows that match known attacks or indicate suspicious activities. When the Sensor matches traffic to a signature it will send an event to the Manager.

        The Intrusion SecureNet Sensor is available as an appliance with performance and pricing appropriate for networks ranging from 3Mb/s to Gigabit with a Common Criteria EAL2 certified Gigabit appliance. 95% of Intrusion SecureNet sales are appliance-based Sensors. Intrusion SecureNet Pro software Sensors are also available. Sensors include the following.

•

Intrusion SecureNet CC 7345 rack mount, highly redundant, gigabit Sensor with Common Criteria EAL2 certification—specifically for Government and Dept. of Defense deployments.



•

Intrusion SecureNet 7145 rack mount gigabit Sensor available with either a copper- or a fiber-monitoring interface.



•

Intrusion SecureNet 5545 rack mount 100Mb/s Sensor for server rooms and datacenters.



•

Intrusion SecureNet 5445 rack mount and 2445 desktop 50Mb/s sensors for network deployments and remote and branch offices.



•

Intrusion SecureNet 2045 and 2245 for remote and branch offices with throughput below 10Mb/s or below 3Mb/s. At about the price of a laptop, it is now feasible to put IDS in remote and branch offices.



•

Intrusion SecureNet SME is a channel-centric product for the standalone small office with a cable modem, ADSL, or T1 connection to the Internet.



•

Intrusion SecureNet SP is specifically for the managed service provider approaching the small-to-medium-sized business market.

        Management varies by the number of Sensors it can support and the features for analyzing data. Management breaks into the following categories.

•

Three-tier management includes a Sensor, Manager and Client software that is fully featured and capable of complex queries and highly productive analysis. Three-tier systems are for large enterprises or those who have either the volume or complexity of traffic to warrant the features and benefits of the architecture.



•

Two-tier management allows the user to scale from one to three Sensors. The two-tiers are the Sensor and a Manager that is a dedicated PC. Two-tier systems are for small/medium businesses deploying two or three Sensors.

6

•

One-tier management requires no additional infrastructure beyond the Sensor itself. One-tier systems are web browser interfaces where the user configures and monitors a single Sensor through a browser that is hosted on the Sensor. One-tier management is for small businesses who will only have a single Sensor or want to start their IDS project with a single Sensor.

        The Intrusion SecureNet Provider suite is a three-tier management system that is tuned for the needs of the distributed enterprise and managed service provider. SecureNet Provider follows the workflow of the intrusion detection security analyst and provides the most productive environment for intrusion issue resolution. The SecureNet Provider suite includes applications for event monitoring, policy creation and tuning and centralized software deployment—making up the complete suite of tools required to manage and monitor IDS architecture from five sensors to 100, and more.

        The Intrusion SecureNet WBI is a one-tier management system that is perfectly suited for initial IDS deployments and the small business wanting to deploy network IDS. The WBI provides a complete user experience from event monitoring, to signature tuning, to Sensor configuration.

        In addition to the standalone benefits of SecureNet WBI, it is also used with SecureNet Provider for its easy Sensor configuration capabilities.

PDS Family of Security Appliances

        Effective deployment of a security strategy involves installation, configuration, validation, and implementation of all systems. We believe the optimal solution is a combined software and appliance solution that enables increased performance, effectively leverages personnel and reduces the total cost of ownership to the enterprise.

        As organizations expand their operations to include remote offices, regional divisions, branch locations and telecommuters, securing the enterprise becomes more complex. We offer cost-effective integrated security software and appliance solutions that enable centralized management and allow businesses to more easily secure their networks by enabling a variety of complementary security technologies.

        The PDS Series of security appliances are Linux-based platforms with open Intel architecture that enable the deployment of market leading Check Point Software Technologies VPN-1®/FireWall-1® and Small Office software. PDS appliances deliver security software solutions for managed service providers, large enterprises, small businesses and remote offices.

        While many security platforms can be difficult or costly to manage, a PDS appliance delivers Web-based setup and administration with centralized policy management. The PDS family of security appliance products includes the following.

•

The PDS 2000 series is designed for standalone small offices as well as remote and branch offices. The appliances reduce the threat of unauthorized local access with no keyboard, video or mouse attachment. The PDS 2000 series of products offer the PDS Pilot appliance management software and Check Point VPN-1/FireWall-1 Small Office together in an integrated appliance package. The PDS 2000 series can also deliver Check Point's VPN-1/FireWall-1 enterprise software.



•

The PDS 5000 series is designed for server room, data center or managed service provider deployments where expansion may be required. PDS 5000 series may be configured as standalone gateways or for remote management. Also with PDS Pilot appliance management software, these appliances deliver high-end VPN/firewall security with hardened Red Hat Linux in a rack-mountable case.



•

The PDS 7000 series is designed for Gigabit deployments in server rooms, data centers and managed service providers where a very expandable, high performance system is required. PDS

7

7000 series may be configured as standalone gateways or for remote management. PDS 7000 come with PDS Pilot or Check Point Secure Platform for the broadest range of deployment and solution options.

Third-Party Products

        We believe that it is beneficial to work with third parties with complementary technologies to provide integrated solutions to our customers. As there is fast movement and many mergers and acquisitions in the security space, there can be no assurance that we will have access to all of the third-party products that may be desirable or for the term desirable to offer fully integrated solutions to our customers.

Customer Services

        In addition to offering our network security products, we also offer a wide range of services, including design and configuration, project planning, training, installation and maintenance.

Product Development

        The network security industry is characterized by rapidly changing technology, standards, economy and customer demands. We believe that our future success depends in large part upon the timely enhancement of existing products as well as the development of technologically advanced new products that meet industry standards, perform successfully and simplify the user's tasks so that they can do more with less resources, all to achieve market acceptance. We are currently marketing next-generation network IDS products and are developing products to meet emerging market requirements and are continuously engaged in testing to ensure that our products interoperate with other manufacturers' products, which comply with industry standards.

        During 2002, 2001 and 2000, our research and development expenditures were $6.1 million $12.5 million, and $13.1 million, respectively. All of our expenditures for hardware and software research and development costs have been expensed as incurred. At December 31, 2002, we had 24 employees engaged in research and product development.

Manufacturing and Supplies

        Our operational strategy relies on the outsourcing of manufacturing components, assembly and certain other operations to reduce fixed costs and to provide flexibility in meeting market demand.

        Our internal manufacturing operations consist primarily of replication of software on CDs, packaging, testing and quality control of finished units. Materials used in our manufacturing processes include semiconductors such as microprocessors, memory chips and application specific integrated circuits ("ASICs"), printed circuit boards, power supplies and enclosures.

        Our external manufacturing operations consists primarily of hardware assembly and configuration and the loading of the appropriate software.

Intellectual Property and Licenses

        Our success and our ability to compete is dependent, in part, upon our proprietary technology. While we have applied for certain patents, we currently rely on a combination of contractual rights, trade secrets and copyright laws to establish and protect our proprietary rights in our products. We have also entered into non-disclosure agreements with our suppliers, resellers and certain customers to limit access to and disclosure of proprietary information. There can be no assurance that the steps taken by us to protect our intellectual property will be adequate to prevent misappropriation of our

8

technology or that our competitors will not independently develop technologies that are substantially equivalent or superior to our technology.

        We have entered into software and product license agreements. These license agreements provide us with additional software and hardware components that add value to our security products. These license agreements do not provide proprietary rights that are unique or exclusive to us and are generally available to other parties on the same or similar terms and conditions, subject to payment of applicable license fees and royalties.

Sales, Marketing and Customers

        Field Sales Force.    Our direct sales organization focuses on major account sales, channel partners including distributors, Value Added Resellers ("VARs") and integrators; promotes our products to current and potential customers; and monitors evolving customer requirements. The field sales and technical support force provides training and technical support to our resellers and end users and assists our customers to design secure data networking solutions.

        We currently conduct sales and marketing efforts from our principal office in Richardson (Dallas), Texas; Washington, D.C.; and through foreign sales offices located in the following countries: England, France and Germany. In addition, we have sales personnel, sales engineers and sales representatives located in Los Angeles, Chicago, Canada, Spain, Eastern Europe, Israel, Malaysia, Taiwan, Japan, South Korea and Australia.

        Distributors.    We have signed distribution agreements with distributors in the United States, Europe and Asia. In general, these relationships are non-exclusive. Distributors typically maintain an inventory of our products. Under these agreements, we provide certain protection to the distributors for their inventory of our products for price reductions as well as products that are slow moving or have been discontinued. Recognition of sales to distributors and related gross profits are deferred until the distributors resell the merchandise. However, since we have legally sold the inventory to the distributor and we no longer have care, custody or control over the inventory, we recognize the trade accounts receivable and reduce inventory related to the sale at the time of shipment to the distributor.

        Resellers.    Domestic and international system integrators and VARs (collectively, "resellers") sell our products as stand-alone solutions to end users and integrate our products with products sold by other vendors into network security systems that are sold to end users. Our field sales force and technical support organization provide support to these resellers. Our agreements with resellers are non-exclusive, and our resellers generally sell other products that may compete with our products. Resellers may place higher priority on products of other suppliers who are larger than and have more name recognition than us, and there can be no assurance that resellers will continue to sell and support our products.

        Foreign Sales.    We believe that rapidly evolving international markets are important sources of future net sales. Our export sales are currently being made through a direct sales force supplemented by international resellers in Europe, Asia, Latin America and Canada. Export sales accounted for approximately 33.4%, 36.4% and 19.2% of net sales in 2002, 2001 and 2000, respectively. See "Management's Discussion and Analysis of Financial Condition and Results of Operations" included in this report for a geographic breakdown of our product revenue in 2002, 2001 and 2000. Sales to foreign customers and resellers generally have been made in United States dollars.

        Marketing.    We have implemented several methods to market our products, including public relations and placed articles, regular participation in and presenting during trade shows and seminars, advertisement in trade journals, telemarketing, distribution of sales literature and product specifications and ongoing communication with our resellers and installed base of end-user customers.

9

        Customers.    Our end-user customers include manufacturing, high technology, telecommunications, retail, transportation, health care, insurance, entertainment, utilities and energy companies, government agencies, financial institutions and academic institutions. Sales to certain customers and groups of customers can be impacted by seasonal capital expenditure approval cycles, and sales to customers within certain geographic regions can be subject to seasonal fluctuations in demand.

        Although we sell our products to many customers, direct sales to two resellers and end-user customers, iGov.com and TRW Systems & Information Technology ("TRW") have each accounted for 10% or more of our net sales in at least one of the past three fiscal years as indicated in the following schedule.

        In 2002, 19.9% of our revenue was derived from the sales to the U.S. government through system integrators and resellers. The loss of sales to the various U.S. government agencies could have a material adverse effect on our business and operating results if not replaced. No other customer accounted for 10% or more of our net sales in 2002, 2001 or 2000, respectively.

        Backlog.    We believe that only a small portion of our order backlog is non-cancelable and that the dollar amount associated with the non-cancelable portion is immaterial. We purchase inventory based upon our forecast of customer demand and maintain inventories of sub-assemblies and finished products in advance of receiving firm orders from customers. Orders are generally fulfilled within two days to eight weeks following receipt of an order. Due to the generally short cycle between order and shipment and occasional customer-initiated changes in delivery schedules or cancellation of orders that are made without significant penalty, we do not believe that our backlog as of any particular date is indicative of future net sales.

        Customer Support, Service and Warranty.    We service, repair and provide technical support for our products. Our field sales and technical support force work closely with resellers and end-user customers on-site and by telephone to assist with pre- and post-sales support services such as network security design, system installation and technical consulting. By working closely with our customers, our employees increase their understanding of end-user requirements and provide input to the product development process.

        We warrant all of our products against defects in materials and workmanship for periods ranging from 90 days to 12 months. Before and after expiration of the product warranty period, we offer both on-site and factory-based support, parts replacement and repair services. Extended warranty services are separately invoiced on a time and materials basis or under an annual maintenance contract.

Competition

        The market for network security solutions is intensely competitive and subject to frequent product introductions with new technologies, improved price and performance characteristics. Industry suppliers compete in areas such as conformity to existing and emerging industry standards, interoperability with networking and other security products, management and security capabilities, performance, price, ease of use, scalability, reliability, flexibility, product features and technical support. We believe that our approach focusing on the network perimeters with market leading VPN/firewall control technology and network intrusion detection visibility technology that reduce the total cost of ownership compared to the competition provides us with an advantage with large organizations with complex security requirements.

10

        There are numerous companies competing in various segments of the data security markets. Our principle competitors in the network intrusion detection market include Internet Security Systems, Inc., Cisco Systems, Inc., Enterasys Networks, Inc. and NFR Security, Inc. Our principle competitors in the Check Point Software Technologies Ltd. VPN/firewall appliance market include Nokia Corporation, Celestix Networks, Inc., International Business Machines Corp. and Hewlett Packard Company. Several of our competitors have substantially greater financial, technical, sales and marketing resources, better name recognition and a larger customer base than we do. In addition, many of our competitors may provide a more comprehensive networking and security solution than we currently offer. Even if we do introduce advanced products, which meet evolving customer requirements in a timely manner, there can be no assurance that our new products will gain market acceptance.

        Certain companies in the network security industry have expanded their product lines or technologies in recent years as a result of acquisitions. Further, more companies have developed products which conform to existing and emerging industry standards and have sought to compete on the basis of price. We anticipate increased competition from large networking equipment vendors, which are expanding their capabilities in the network security market. In addition, we anticipate increased competition from private "start-up" companies that have developed or are developing advanced security products. Increased competition in the security industry could result in significant price competition, reduced profit margins or loss of market share, any of which could have a material adverse effect on our business, operating results and financial condition. There can be no assurance that we will be able to compete successfully in the future with current or new competitors.

Employees

        As of December 31, 2002, we employed a total of 78 persons, including 40 in sales, marketing and technical support, 5 in manufacturing and operations, 24 in research and product development and 9 in administration and finance.

        None of our employees are represented by a labor organization, and we are not a party to any collective bargaining agreement. We have not experienced any work stoppages and consider our relations with our employees to be good.

        Competition in the recruiting of personnel in the networking and data security industry is intense. We believe that our future success will depend in part on our continued ability to hire, motivate and retain qualified management, sales and marketing, and technical personnel. To date, we have not experienced significant difficulties in attracting or retaining qualified employees.

Factors That May Affect Future Results of Operations

        In addition to the other information in this Form 10-K, the following factors should be considered in evaluating Intrusion Inc. and our business.

        Technological Changes.    The market for our products is characterized by frequent product introductions, rapidly changing technology and continued evolution of new industry standards. The market for security products requires our products to be compatible and interoperable with products and architectures offered by various vendors, including other security products, networking products, workstation and personal computer architectures and computer and network operating systems. Our success will depend to a substantial degree upon our ability to develop and introduce in a timely manner new products and enhancements to our existing products that meet changing customer requirements and evolving industry standards. The development of technologically advanced products is a complex and uncertain process requiring high levels of innovation as well as the accurate anticipation of technological and market trends. There can be no assurance that we will be able to identify, develop, manufacture, market and support new or enhanced products successfully in a timely manner. Further, we or our competitors may introduce new products or product enhancements that shorten the life cycle

11

of or obsolete our existing product lines, any of which could have a material adverse effect on our business, operating results and financial condition.

        Market Acceptance.    We are pursuing a strategy to increase the percentage of our revenue generated through indirect sales channels including distributors, value added resellers, system integrators, original equipment manufacturers and managed service providers. There can be no assurance that our products will gain market acceptance in these indirect sales channels. Further, competition among security companies to sell products through these indirect sales channels could result in significant price competition and reduced profit margins.

        We are also pursuing a strategy to further differentiate our product line by introducing complementary security products and incorporating new technologies into our existing product line. There can be no assurance that we will successfully introduce these products or that such products will gain market acceptance. We anticipate competition from networking companies, network security companies and others in each of our product lines. We anticipate that profit margins will vary among our product lines and that product mix fluctuations could have an adverse effect on our overall profit margins.

        Acquisitions.    Some of our competitors have acquired several security companies with complementary technologies, and we anticipate that such acquisitions will continue in the future. These acquisitions may permit such competitors to accelerate the development and commercialization of broader product lines and more comprehensive solutions than we currently offer. In the past, we have relied upon a combination of internal product development and partnerships with other security vendors to provide competitive solutions to customers. Certain of the recent and future acquisitions by our competitors may have the effect of limiting our access to commercially significant technologies. Further, the business combinations and acquisitions in the security industry are creating companies with larger market shares, customer bases, sales forces, product offerings and technology and marketing expertise. There can be no assurance that we will be able to compete successfully in such an environment.

        We have made acquisitions in the past, and we may, in the future, acquire or invest in additional companies, business units, product lines, or technologies to accelerate the development of products and sales channels complementary to our existing products and sales channels. Acquisitions involve numerous risks, including: difficulties in assimilation of operations, technologies, and products of the acquired companies; risks of entering markets in which we have no or limited direct prior experience and where competitors in such markets have stronger market positions; the potential loss of key employees of the acquired company; and the diversion of our attention from normal daily operation of our business. There can be no assurance that any other acquisition or investment will be consummated or that such acquisition or investment will be realized.

        Product Transitions.    Once current security products have been in the market place for a period of time and begin to be replaced by higher performance products (whether of our design or a competitor's design), we expect the net sales of such products to decrease. In order to achieve revenue growth in the future, we will be required to design, develop and successfully commercialize higher performance products in a timely manner. There can be no assurance that we will be able to introduce new products and gain market acceptance quickly enough to avoid adverse revenue transition patterns during current or future product transitions. Nor can there be any assurance that we will be able to respond effectively to technological changes or new product announcements by competitors, which could render portions of our inventory obsolete.

        Manufacturing and Suppliers.    Our operational strategy relies on outsourcing of product assembly and certain other operations. There can be no assurance that we will effectively manage our third-party contractors or that these contractors will meet our future requirements for timely delivery of products

12

of sufficient quality and quantity. Further, we intend to introduce a number of new products and product enhancements in 2003 that will require that we rapidly achieve volume production of those new products by coordinating our efforts with those of our suppliers and contractors. The inability of the third-party contractors to provide us with adequate supplies of high-quality products could cause a delay in our ability to fulfill orders and could have an adverse effect on our business, operating results and financial condition.

        All of the materials used in our products are purchased under contracts or purchase orders with third parties. While we believe that many of the materials used in the production of our products are generally readily available from a variety of sources, certain components such as microprocessors and motherboards are available from one or a limited number of suppliers. The lead times for delivery of components vary significantly and can exceed twelve weeks for certain components. If we should fail to forecast our requirements accurately for components, we may experience excess inventory or shortages of certain components that could have an adverse effect on our business and operating results. Further, any interruption in the supply of any of these components, or the inability to procure these components from alternative sources at acceptable prices within a reasonable time, could have an adverse effect on our business and operating results.

        Intellectual Property and Licenses.    There are many patents held by companies, which relate to the design and manufacture of network security systems. The holders of those patents could assert potential claims of infringement. We could incur substantial costs in defending our company and our customers against any such claim regardless of the merits of such claims. In the event of a successful claim of infringement, we may be required to obtain one or more licenses from third parties. There can be no assurance that we could obtain the necessary licenses on reasonable terms.

        Sufficiency of Cash Flow.    As of December 31, 2002, we had cash, cash equivalents and investments in the amount of approximately $10.7 million, down from approximately $20.4 million as of December 31, 2001. Although we believe we have sufficient cash resources to finance our operations and expected capital expenditures for the next twelve months, the sufficiency of our cash resources may depend to a certain extent on general economic, financial, competitive or other factors beyond our control. Moreover, despite actions to reduce our costs and improve our profitability, we expect our operating losses and net operating cash outflows to continue during 2003. As a result, we may not be able to achieve the revenue and gross margin objectives necessary to achieve positive cash flow or profitability without obtaining additional financing. We do not currently have any arrangements for financing as we believe that our cash flows are sufficient for the next twelve months, and we may not be able to secure additional debt or equity financing on terms acceptable to us, or at all, at the time when we need such funding. If our business does not generate sufficient cash flow from operations and sufficient future financings are not available, we may not be able to operate or grow our business, pay our expenses when due or fund our other liquidity needs.

        Dependence on Check Point Technologies.    Our PDS family of security appliances, which are integrated with Check Point Software Technologies' market-leading VPN-1®/FireWall-1® software, represents 29.1% of our 2002 sales. Although we are a certified appliance partner of Check Point and our PDS products have received certification from Check Point, we have no long-term agreement or exclusive relationship with Check Point. As a result, the loss or significant change in our relationship with Check Point, the failure of future PDS products to receive Check Point certification, the business failure of Check Point or its acquisition by or of one of our competitors, and the loss of market share of Check Point or market acceptance of its products could each have a material adverse effect on our business, financial condition and results of operations.

        Third-Party Products.    We believe that it is beneficial to work with third parties with complementary technologies to broaden the appeal of our security products. These alliances allow us to provide integrated solutions to our customers by combining our developed technology with third-party

13

products. As there is fast movement and many mergers and acquisitions in the security space, there can be no assurance that we will have access to all of the third-party products that may be desirable or for the term desirable to offer fully integrated solutions to our customers.

        Dependence on Key Customers.    In the past, a relatively small number of customers have accounted for a significant portion of our revenue. We expect to continue to derive a substantial portion of our net revenue from sales to U.S. government agencies, large system integrators and managed service providers. We continuously face competition from Internet Security Systems, Cisco, Enterasys, NFR, Nokia, Celestix, IBM, Hewlett Packard and others for U.S. government security projects and corporate security installations. Any reduction or delay in sales of our products to these customers could have a material adverse effect on our operating results.

        International Operations.    Our international operations may be affected by changes in demand resulting from fluctuations in currency exchange rates and local purchasing practices, including seasonal fluctuations in demand, as well as by risks such as increases in duty rates, difficulties in distribution, regulatory approvals and other constraints upon international trade. Our sales to foreign customers are subject to export regulations. In particular, certain sales of our data security products require clearance and export licenses from the U.S. Department of Commerce under these regulations. Any inability to obtain such clearances or any required foreign regulatory approvals on a timely basis could have a material adverse effect on our operating results.

        Impact of Government Customers.    In 2002, 19.9% of our revenue was derived from sales to the U.S. government, either directly by us or through system integrators and other resellers. Sales to the government present risks in addition to those involved in sales to commercial customers, including potential disruption due to appropriation and spending patterns and the government's reservation of the right to cancel contracts and purchase order for its convenience.

        Discontinued Operations.    In the second quarter of 2000, we discontinued our networking operations and accordingly have shown the networking operations as discontinued in the accompanying financial statements.

        During the first quarter of 2001, we closed the sale of our legacy local area networking division generating a gain of $2.1 million, which was used to reduce the estimated net realizable value of the net assets of the remaining discontinued operations of Essential. During the second quarter of 2001, in response to unfavorable market conditions and efforts to sell Essential, we recorded additional charges to write down the net assets of Essential to reflect an estimated net realizable value of $0.8 million. The $5.0 million second quarter charge included $0.8 million for operating losses expected to be incurred between July and the end of the first quarter of 2002 by which time we expected to have exited, disposed of or otherwise transitioned a majority of our ownership in Essential.

        In March 2002 we sold Essential for $1 million generating a gain on sale of $0.5 million. Terms of the sale included transferring $0.7 million in net property, plant and equipment, $0.1 million in current liabilities and product maintenance obligations for which $0.4 million was recorded in deferred revenue.

        A condition of the sale was to give Essential personnel 60 days to exit Essential's leased facility, the obligation for which we retained as part of the sale. Included in the gain on the sale of Essential was management's estimate of $0.3 million to terminate this lease agreement, which was equivalent to 2 years' lease and maintenance of the facility. The contractual term of the lease ran through February 2009. Successful termination of the lease during the fourth quarter of 2002 for less than $0.3 million resulted in additional gain on sale of $0.1 million.

        Effects of Military Actions.    United States military actions or other events occurring in response or in connection to them, including future terrorist attacks against United States targets, actual conflicts involving the United States or it allies or military or trade disruptions could impact our operations, including by:

14

•

Reducing government or corporate spending on network security products;


•

Increasing the cost and difficulty in obtaining materials or shipping products; and


•

Affecting our ability to conduct business internationally.

        Should such events occur, our business, operating results and financial condition could be materially and adversely affected.

        Restructuring and Cost Reductions.    We implemented a restructuring plan in 2002, which resulted in $0.2 million charge. The objective of our restructuring plan was to reduce our cost structure to a sustainable level that is consistent with the current macroeconomic environment. We also implemented other strategic initiatives designed to strengthen our operations. These plans involved, among other things, reductions in our workforce and facilities, aligning our organization around our business objectives, realignment of our research and development team, our sales force and changes in our sales management. Further workforce reductions were made in the first quarter of 2003, which resulted in additional restructuring charges. Any further workforce reductions could result in temporary reduced productivity of our remaining employees. Additionally, our customers and prospects may delay or forgo purchasing our products due to a perceived uncertainty caused by the restructuring and other changes. Failure to achieve the desired results of our initiatives could seriously harm our business, results of operations and financial condition.

        Potential Nasdaq Delisting.    The Nasdaq Stock Market maintains certain minimum requirements to maintain the listing for our common stock. These requirements include a minimum bid price for our common stock of $1.00. The trading price of our common stock has not been at least $1.00 since June 27, 2002, and we received a notice of noncompliance from Nasdaq on August 12, 2002. In order to take advantage of additional grace periods for compliance, we transferred the listing of our common stock from the Nasdaq National Market to the Nasdaq SmallCap Market, effective December 4, 2002. Although we expect to continue to have the opportunity to regain compliance for listing on the Nasdaq National Market, if the minimum bid price of our common stock is not at least $1.00 for at least 10 consecutive trading days on or prior to August 7, 2003, Nasdaq may seek to delist our common stock from the Nasdaq SmallCap Market. We cannot assure you that we will be able to meet the minimum bid price requirement prior to the deadline in order to maintain our listing on the Nasdaq SmallCap Market or that we will be able to maintain compliance with Nasdaq's other continued listing requirements.

        If we are unable to regain compliance with the minimum bid price requirement or fail to comply with other Nasdaq continued listing requirements, our common stock likely would trade in a less efficient market, such as the OTC Bulletin Board or in the "pink sheets" maintained by the National Quotation Bureau, Inc. Because these alternatives generally are considered to be less efficient markets, our stock price, the liquidity of our common stock and our general business reputation may be adversely impacted.

        General.    Sales of our products fluctuate, from time to time, based on numerous factors, including customers' capital spending levels and general economic conditions. While certain industry analysts believe that there is a significant market for network security products, there can be no assurance as to the rate or extent of the growth of such market or the potential adoption of alternative technologies. Future declines in network security product sales as a result of general economic conditions; adoption of alternative technologies or any other reason could have a material adverse effect on our business, operating results and financial condition.

        Due to the factors noted above and in "Management's Discussion and Analysis of Financial Condition and Results of Operations", our future earnings and common stock price may be subject to significant volatility, particularly on a quarterly basis. Past financial performance should not be considered a reliable indicator of future performance and investors should not use historical trends to anticipate results or trends in future periods. Any shortfall in revenue and earnings from the levels

15

anticipated by securities analysts could have an immediate and significant effect on the trading price of our common stock in any given period. Also, we participate in a highly dynamic industry, which often results in volatility of our common stock price.

Item 2. Properties.

        Our headquarters are located in a two-story building in Richardson, Texas, with an aggregate of approximately 95,000 square feet of floor space. This facility includes our corporate administration, operations, marketing, research and development, sales and technical support personnel. We occupy this facility under a lease, the base term of which expires in February 2005, with two seven-year options to extend the lease term, subject to compliance with certain conditions.

        Personnel of Essential were located in a 15,120 square foot leased property in Albuquerque, New Mexico. The lease was scheduled to expire in February 2009. In March 2002, we sold the assets of Essential (see Discontinued Operations). A condition of the sale was to give Essential personnel 60 days to exit the facility. Included in the total $0.4 million gain on the sale of Essential in March 2002 was a $0.3 million reserve to terminate the lease, which is the equivalent of 2 years' lease and maintenance of the facility. Successful termination of the Essential lease for less than $0.3 million resulted in a $0.1 million gain on disposition during the fourth quarter of 2002, for a total gain on Discontinued Operations for 2002 of $0.5 million.

        Much of our security software research and development staff is located in a 6,464 square foot leased property in San Diego, California. This lease was renewed in August 2002 and will expire in August of 2004. Research and development personnel occupy this facility.

        In addition, we lease small amounts of office space for sales and technical support personnel domestically and internationally in Washington D.C., England, France and Germany. We believe that the existing facilities at December 31, 2002 will be adequate to meet our requirements through 2003. See Note 5 of Notes to Consolidated Financial Statements for additional information regarding our obligations under leases.

Item 3. Legal Proceedings.

        We are subject to legal proceedings and claims that arise in the ordinary course of business. We do not believe that the outcome of those matters will have a material adverse affect on our consolidated financial position, operating results or cash flows. However, there can be no assurance such legal proceedings will not have a material impact.

        On March 22, 2002, Morgan Newton Company, L.P. ("Morgan Newton") filed suit against us in Dallas County District Court, Case No. DV02-02339-C, alleging claims for breach of contract, promissory estoppel, and fraud. The claims arise out of an alleged oral representation to Morgan Newton concerning a request for quotation for the purchase of a large amount of Morgan Newton's products. Morgan Newton has not specified the amount of damages it is seeking in the lawsuit, but it is possible that Morgan Newton may be seeking damages in excess of $2.0 million. In addition to actual damages, Morgan Newton is also seeking attorney's fees and punitive damages. We believe Morgan Newton's claims are without merit and intend to vigorously defend this lawsuit, generally denying all claims and asserting certain affirmative defenses. As of this time, discovery is substantially underway, and trial has been scheduled for October 2003.

Item 4. Submission of Matters to a Vote of Security Holders.

        There were no matters submitted to a vote of our security holders during the fourth quarter of 2002.

16

PART II

Item 5. Market for Intrusion's Common Equity and Related Stockholder Matters.

        Prior to December 4, 2002, our common stock traded on The Nasdaq National Market. Since December 4, 2002, our common stock trades on the Nasdaq SmallCap Market under the symbol "INTZ". As of February 27, 2003 there were approximately 212 registered holders of record of the common stock. The following table sets forth, for the periods indicated, the high and low per share intra-day sales prices for the common stock, as reported by The Nasdaq Stock Market.

        We have not declared or paid cash dividends on our capital stock in our two most recent fiscal years. We currently retain any earnings for use in our business and do not anticipate paying any cash dividends in the foreseeable future. Future dividends, if any, will be determined by our Board of Directors.

        All stock option plans under which our Common Stock is reserved for issuance have previously been approved by our shareholders. The following table provides summary information as of December 31, 2002 for all of our stock option plans (in thousands, except per share data). See Note 10 to our consolidated financial statements for additional discussion.

(1)

Included in the outstanding options are 1,479,567 from the 1995 Plan, 37,400 from the 1987 Plan, 150,000 from the 1995 Non-Employee Director Plan and 18,000 from previous director grants prior to 1995 Non-Employee Director Plan.

(2)

Does not include Employee Stock Purchase Plan. At December 31, 2002, 323,626 shares were available for future issuance under this plan.

Item 6. Selected Financial Data.

        The following selected consolidated financial data should be read in conjunction with "Management's Discussion and Analysis of Financial Condition and Results of Operations" in Item 7 of this Form 10-K and the consolidated financial statements and notes thereto included in Item 15 of this Form 10-K. Continuing operations consisted of our information security business, which began operations in 1998. Discontinued operations are composed of our local area networking divisions, which were discontinued in April 2000 and Essential, which was discontinued in March 2001.

17

Statement of Operations Data:
(In thousands, except per share data)