Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

...Security Researchers Identify the Most Critical Vulnerabilities and Attacks Plaguing Corporate Networks...

ATLANTA — June 30, 2003 — Internet Security Systems, Inc. (ISS) (Nasdaq: ISSX) today announced the availability of its X-Force™ Catastrophic Risk Index (CRI), a list of the most serious, high-risk vulnerabilities and attacks currently affecting computer networks. Developed by the X-Force, ISS’ world-renowned security intelligence group, the X-Force CRI acts as a best practices guide for customers applying Dynamic Threat Protection, ISS’ multi-layered approach to security. Always up-to-date and publicly available on the ISS Web site, the Catastrophic Risk Index helps companies prioritize protection around threats and vulnerabilities posing the greatest risk to confidentiality, integrity and availability of essential business systems. ISS experts will conduct a live Webinar discussing the X-Force CRI on Wednesday, July 9, 2003 at 2 p.m. ET (11 a.m. PT, and 6 p.m. GMT).
The X-Force CRI enables organizations to apply protection using a phased approach, addressing the most serious risks on mission-critical systems first, then targeting primary and general assets accordingly. With more than 10,000 vulnerabilities listed in the ISS X-Force database, catastrophic risks identified by the X-Force must meet the following criteria:
· Pervasive to almost all organisations, across all industries
· Serious threat to confidentiality, integrity and availability of critical data
· Potential cause of catastrophic business system failure
· Highly susceptible to virus and worm creation
“Our security intelligence team identifies and tracks 200-300 new vulnerabilities and threats each month, which is an enormous load for companies to keep up with while also focusing on their core business,” said Chris Rouland, vice president of ISS’ X-Force. “Customers have demanded help from ISS to address the most dangerous risks first. Easy-to-use and backed by X-Force intelligence, the CRI is a valuable management and risk reduction tool against which organisations can measure their preparedness for a catastrophic network attack or business system failure.”
The X-Force Catastrophic Risk Index is also available as a new policy in ISS’ award-winning Internet Scanner® vulnerability detection tool. The X-Force CRI policy in Internet Scanner automatically identifies critical vulnerabilities and provides guidance for effectively reducing the risk of attack. Knowing which vulnerabilities to address first, security administrators can easily apply Dynamic Threat Protection across network, server and desktop environments from the SiteProtector™ central management system.
The Catastrophic Risk Index provides instructions for configuring RealSecure® and Proventia™ protection agents to protect against vulnerabilities and attacks without actually applying a physical security patch. ISS calls this the Virtual Patch™ process. With the X-Force CRI, applying a Virtual Patch to critical vulnerabilities is made simple because remediation instructions are already part of the index. However, companies using ISS’ Dynamic Threat Protection™ platform can apply a Virtual Patch for almost any vulnerability because of the ability to correlate data between Internet Scanner, RealSecure and Proventia.
The X-Force CRI includes major exploits, pervasive worms and critical patches covering serious software weaknesses. The list and a corresponding whitepaper are available to the public on the ISS Web site at The Catastrophic Risk Index will now be referenced in all future releases of the Internet Risk Impact Summary (IRIS) report. Developed by the ISS X-Force, the IRIS is the only quarterly report to publish cyber attack trends based on factors such as the industry’s largest number of monitored security devices, actual attacks detected and researched vulnerabilities.
ISS will conduct a live Webinar to address the X-Force CRI on Wednesday, July 9, 2003 at 2 p.m. ET, 11 a.m. PT, and 6 p.m. GMT. Christopher Klaus, founder and chief technology officer of ISS, Chris Rouland, vice president of ISS’ X-Force, and Dan Ingevaldson, manager of ISS’ X-Force R&D, will host this event.
To register for the Webinar, please go to Once registered, dial-in information will be forwarded to the e-mail address you provide. If you do not receive a confirmation e-mail, please contact

About ISS’ Dynamic Threat Protection Platform
ISS’ Dynamic Threat Protection platform provides multi-layered security that maximizes protection while minimizing complexity. The Dynamic Threat Protection platform is driven by ISS’ SiteProtector central management application and unifies ISS’ security technologies -- including intrusion prevention and protection, vulnerability detection, firewall and blocking capabilities -- into one centrally managed protection platform. All Dynamic Threat Protection agents are based on a common protection engine that detects, prevents and responds to threats. The common protection engine is based on the most extensive security knowledgebase in existence, providing the most accurate detection necessary to prevent attacks. In addition, the common protection engine allows X-Force security intelligence updates to be pushed out across the network, server and desktop from ISS’ SiteProtector for faster, more efficient protection.

About Internet Security Systems, Inc.

Internet Security Systems, Inc. (ISS) is a world leader in Dynamic Threat Protection products and services that protect critical information assets from an ever-changing spectrum of threats and misuse. Products from Internet Security Systems dynamically detect, prevent and respond to sophisticated threats to networks, servers and desktops. Services include 24/7 system monitoring, emergency response and access to the X-Force, Internet Security Systems' renowned research and development team. Internet Security Systems is the trusted security provider for more than 11,000 corporate customers, including all of the Fortune 50, the top 10 largest U.S. securities firms, 10 of the world's largest telecommunications companies and major agencies and departments within U.S. local, state and federal governments. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East. For more information, visit or call 0800 085 2976.

For more information on Internet Security Systems, please contact:

UK: Richard Millar, UK/Ireland Sales and Marketing Director
Tel: +44 (0)20 7653 9191,

EMEA: Andrea Andernach, EMEA PR & Events Co-ordinator
Tel: +32 (0)2 479 67 97,

UK/Ireland press contacts for Internet Security Systems are:
Technology: Jane Lee, Dexterity
Tel: +44 (0)1273 470199,

Business: Andrew Smith, Object Marketing Ltd.
Tel: +44 (0)20 8762 9292,

# # #

Internet Security Systems, Dynamic Threat Protection, Proventia, SiteProtector and X-Force are trademarks and RealSecure and Internet Scanner are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.

This press release was distributed by ResponseSource Press Release Wire on behalf of Object Marketing in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit