For Immediate Release

SKYBOX SECURITY EMPOWERS SECOND WAVE OF REGULATORY COMPLIANCE WITH INDUSTRY'S FIRST CONTINUOUS RISK MANAGEMENT COMPLIANCE PLATFORM

Unique Modeling, Impact Analysis and Attack Simulation Features Extended to Enable Compliance Risk Management with Introduction of Skybox View 2.0

PALO ALTO, CA - December 13, 2004 - Skybox ® Security, Inc., the leader of Security Risk Management (SRM), today announced the availability of Skybox View version 2.0, setting a new standard that helps enterprises deploy a measurable, predictable and repeatable risk management program as a best practice in order to meet regulatory compliance reporting requirements. With Risk Management for Compliance, Skybox View becomes the industry's first enterprise software platform to give risk officers and auditors exactly what they need - a continuous measurement of their security risk profile and its impact on regulated assets, as well as a proactive and automated process to eliminate out of compliance exposures. Under a separate announcement Skybox unveiled its Worm Defense Management (WDM) initiative and introduced a new worm attack simulation feature to its latest version of the highly acclaimed software.

"Skybox View 2.0 represents a quantum leap forward in addressing the challenge of correlating security risk management with regulatory compliance," said Gidi Cohen, CEO of Skybox. "Our customers have made it clear that regulatory compliance hinges on well-executed risk management programs. By enhancing current best practices and internal controls with automated risk management analysis and compliance risk management, the security, network and business units can work more effectively as a team," Cohen concluded.

Fortune 1000 companies who are nearing the completion of Sarbanes Oxley Act, Gramm-Leach-Bliley Act, HIPAA and Basel II deadlines are now looking to address the next phase of compliance - continuous monitoring and response - and expanding their systems to address new regulations such as those coming from the United States Sentencing Guidelines Commission and state initiatives such as CA SB 1386. Due to limited visibility into new vulnerabilities, threats and constant network change, the ability to continuously predict, measure and control risks represents one of the biggest regulatory challenges for 2005. An automated alternative to today's manual compliance risk assessment approach is required.

"Skybox View's modeling, compliance reporting and risk classification features provide us with a solution to mitigate risk smartly," says Preston Wood, CISO for Zions Bancorporation. "Using Skybox technology to have a consolidated view of our layered security controls we can simulate threats, consolidate and analyze data from multiple threat scanning systems, and continuously monitor our security and compliance posture," Wood concluded.

According to Paul Hamerman, vice president of Forrester Research, in his August 2004 report, Sarbanes-Oxley Software Solutions Gaining Momentum , "We will see an even stronger second wave of software adoption in 2005 by companies that elected to comply initially with in-house and auditor tools. These companies will progress to more sophisticated solutions to make the compliance process repeatable and more collaborative."

Risk Management for Compliance - An Adaptive Process, Not an Annual Event

Driven by IT governance and internal service level goals, organizations are under tremendous pressure to rapidly and accurately benchmark, trend and manage risk exposure as it applies to regulatory compliance. These pressures are most notable in the areas of internal controls, outsourcing applications, deploying shared information services and M&A activity. As a result, board of directors are increasingly looking to the CIO and CISO to provide the proof and assurance that risk and compliance assessment and mitigation planning processes conform to best practices and continuous due care is being undertaken to protect critical business assets from cyber threats.

Adds Michael Rasmussen, principal analyst of Forrester, "Compliance is not something that is achieved at a point in time and then forgotten. Rather, compliance is a critical business process that changes and adapts to new regulatory and business requirements." This involves an "understand, integrate and respond" model. In his March 2004 report, Demystifying Compliance , he continues, "When gaps in compliance appear the organization needs to respond quickly to resolve the issue. Do not delay in identifying exceptions, incidents, and remediation plans to keep the organization aligned with compliance."

Skybox View's Risk Management for Compliance capability enables security professionals to classify, measure, manage, and predict potential regulatory exposures, reduce the risk of non-compliance due to infrastructure vulnerabilities and weaknesses and prove effectiveness of security network controls.

Skybox View 2.0 Compliance Risk Management Benefits

Skybox View 2.0 helps enterprises precisely understand the business, technical and compliance risk and guides them on how to stay in compliance with regulatory demands. Skybox View's abundant reports enable security, IT operation and business teams to communicate more effectively with each other and deliver documentation that the legal and auditing teams require in order to interact with regulators. With Skybox View enterprises can:

•  Integrate regulatory compliance into the security risk management process

•  Understand how internal or external threats can impact regulated business assets

•  Identify compliance gaps and their risk before exploitation by hackers or worms

•  Respond quickly to get back in compliance for fastest "mean-time-to-compliance"

•  Measure proactively the overall effectiveness of security controls

•  Increase visibility of "state of risk compliance" in business terms

•  Report due care and continuous progress for historical analysis

With Skybox View security and executive management teams can feel confident that they're demonstrating due care and measuring continuous progress through a sound risk management program as a critical IT Governance best practice.

Price and Availability

Skybox View 2.0 is immediately available. Skybox View pricing starts at $50,000 and increases based on size of network.

About Skybox Security

Skybox ® Security, Inc. is the leader of next-generation Security Risk Management (SRM) solutions. The company's flagship product, Skybox ® View, is the first enterprise software platform that raises vulnerability assessment, threat analysis, remediation planning and change management to the business risk level where it belongs. By combining business impact analysis and simulation with vulnerability data and network modeling, enterprises can continuously maintain risk-resilient networks, reduce regulatory compliance exposures, and shrink the window of exposure from months to hours.

With Skybox View security professionals can take a disciplined approach to measure business risk exposure, understand effectiveness of remediation alternatives, justify mitigation efforts (ROI), and minimize damage from attacks while lowering operating cost. By enhancing current best practices and internal controls with automated risk management analysis, security, network and business units can work more effectively as a team. Skybox solutions have been successfully deployed at highly respected Global 2000 companies worldwide.

Founded in 2002 the company is headquartered in Palo Alto , California and is backed by Benchmark Capital, Lightspeed Venture Partners, Carmel Ventures, and Mofet Technology Fund. For more information contact (650) 565-8060 or http://www.skyboxsecurity.com .

About Skybox View

Skybox ® View automates labor-intensive risk assessment and remediation planning processes. Skybox View helps enterprises continuously collect, identify visualize and understand the total risk exposure of digital assets and proactively prioritize and optimize the mitigation steps necessary to prevent internal and external attacks. It represents the missing piece for assessing, evaluating and mitigating pre-attack exposures, taking network information and business impact into account. Unique patented modeling and attack simulation technologies generate a virtual map of business asset exposures, distilling thousands of vulnerabilities down to the one to two percent that really matter. "What if" planning analysis puts security, network and business teams on the same page, empowering IT organizations to balance the cost and benefit of proposed remediation, network changes or patches before deployment. Open collection architecture leverages existing and future investments in firewall, router, network and vulnerability scanner technologies.

###

Contact:

Leslie Kesselring

Kesselring Communications, LLC

leslie@kesselring.net

503-656-2847