MOUNTAIN VIEW, Calif., September 3, 2003 - Citing the recent high-profile cyber attacks from MSBlaster, Welchia and other worms, Securify, Inc., a pioneer and leader in network security management, today proposed that top-down, policy-driven network security management, like that provided by Securify SecurVantage™, is the best defense against current and future worm attacks. Unlike threat-oriented systems that rely on signature detection or intrusion prevention techniques to stop attacks in progress, SecurVantage verifies that the defense infrastructure is responding appropriately, provides prioritized actions and quantifies the overall level of risk.

The number of vulnerabilities and exploits is rising exponentially. According to CERT, more than 76,000 security incidents occurred in the first two quarters of 2003. That figure represents a significant increase on an annualized basis from about 82,000 incidents in 2002. Rather than attempt to keep pace with the rapidly increasing volume of exploits, SecurVantage employs a customer-specific policy to describe the “correct” operation of a network, and treats all non-conforming events as alerts. By monitoring transactions on the network, SecureVantage presents relevant, actionable and prioritized information for resolving misconfigurations, removing potential vulnerabilities and, ultimately, preventing attacks.

“The risk-oriented methodology we have helped customers deploy starts with visibility into network security and creates a structured workflow that enables organizations to respond effectively to events of this nature,” said Taher Elgamal, chairman and chief technology officer at Securify. “Building an effective security process, eliminating misconfigurations and hardening the infrastructure have prepared our customers to respond effectively based on quantitative information. Securify has eliminated the infinite rule problem inherent in traditional threat-oriented tools, relying instead on a finite rule base of acceptable network behavior defined by the enterprise.”

With SecurVantage, the issues of false positives, false negatives and false alarms disappear because any unanticipated network traffic will trigger an alarm if, and only if, it violates one or more of the rules in the customer-specific policy. Further, this approach also detects misconfigurations, by far the single largest cause of network security problems, responsible for 65 percent of all network exploits.

Traditional security tools assume all network traffic is acceptable unless it is explicitly determined to be otherwise. Developed in the early days of enterprise networks, this approach is fundamentally flawed because it assumes the impossible burden of having to know in advance every possible way of exploiting a network. Methods based on identification of what is "bad," are blind to the new attacks appearing virtually daily.

SQL Slammer, Blaster and More to Come
Last January, a Securify customer used a large-scale deployment of SecurVantage to detect and prevent threats from the SQL Slammer worm. The worm targeted Microsoft SQL servers, replicating rapidly and wreaking havoc on poorly defended networks by vastly increasing traffic loads. Many organizations reported network and system outages ranging from e-mail disruption to breakdowns in ATM and emergency response networks.

Because the Securify customer had deployed SecurVantage, they noticed an abrupt increase in violations generated by the monitor positioned in their DMZ network. This early warning occurred well before any internal or external reports of the attack. The customer was able to confirm that their interior firewalls and routers were properly blocking the attack and that no systems were vulnerable within the DMZ. Further, the customer was able to use information from several other monitors, deployed at additional geographic locations, to confirm that the worm was not propagating.

Since then, this customer has successfully employed SecurVantage to protect their company from all the subsequent worms that have wreaked havoc on less prepared organizations.

About SecurVantage
Securify SecurVantage consists of Securify SecurVantage Studio, the policy development and analysis environment; Securify SecurVantage Monitor, the monitoring and compliance system; and Securify SecurVantage Enterprise, which aggregates and analyzes relevant data across an enterprise and presents it in a variety of reports. Using SecurVantage, enterprises can specify a formal set of requirements network traffic must comply with – a "policy" describing the "correct" behavior of the network – based on corporate security policy and industry best practices. Using these requirements, SecurVantage continuously evaluates, in real time, the packets moving across the network at all levels of the protocol stack, and makes decisions as to whether or not the traffic is consistent with the policy. This information is then clearly presented in a Web-based analysis environment in a format appropriate to the specific business.

The SecurVantage solution provides detailed information on all aspects of network security, including network topology; applications and services for logical network groups; and asset vulnerabilities. Additionally, trend reports based upon policy violations can assess specific areas of network operation. These reports include violation trends by host group; root cause analysis of recurring events; total traffic and violations by type of service; device configuration status; access procedure compliance; service status by host group; and quality of service for encryption and password strength.

About Securify, Inc.
Securify is a pioneer and leader in network security policy solutions. The company's flagship product line, Securify SecurVantage™, is an automated security system that enables customers to rapidly generate and deploy business-driven security policies, monitor networks for compliance in real time and respond proactively. This results in greater protection of network assets and significantly reduced costs. Securify is headquartered in Mountain View, California. For more information, please call (650) 812-9400 or visit the Securify web site at www.securify.com.

Securify SecurVantage™ and associated marks are registered trademarks of Securify, Inc. All other trademarks, service marks and company names are the property of their respective owners.