SANTA CLARA, CALIF. — April 1, 2002 - Sanctum, Inc., the established leader in Web application security software, today introduced AppShield 4.0™, the next generation of Sanctum's patented application security firewall. Based on a positive security model, AppShield is the most advanced application firewall available in the market, providing a failsafe defense against application-level breaches. Through its patented Dynamic Policy Recognition Engine (DPRE) technology, AppShield automatically and intelligently identifies the legitimate requests made of an e-business site and permits only those actions to take place, enforcing the Web and business logic of the site.

"Securing Web applications is no longer an option, but a necessity," said Chris Christiansen, Program vice president of Internet Security at IDC. "A policy-based solution like AppShield offers effective protection against application intrusions, enabling companies to focus on business operations instead of wasting time and money on reactive fixes or cleaning up a successful attack's damage."

Maintaining application behavior is a critical requirement for e-businesses today. The first and only application firewall built on behavioral learning, AppShield integrates quickly and easily into any Internet infrastructure, maintaining application behavior 24/7 without the need for signatures or rules. AppShield provides maximum security in minimal time by preventing, logging and alerting administrators to any type of application manipulation through the browser, including both known and unknown attacks by hackers, worms and other imminent security threats. With AppShield's rapid deployment and ongoing enterprise manageability, IT administrators can accelerate and maintain comprehensive protection of their e-business operations, ultimately cutting excessive operating costs associated with security implementation and maintenance.

"Security breaches are an immediate threat that won't wait for the installation of new security tools. With AppShield, SiegeWorks was able to address the problem of application security threats quickly and easily, eliminating the typical headaches of a complicated deployment and configuration," said Raj Raghavan, vice president, Application Security, of SiegeWorks. "With AppShield's automatic policy generation and centralized management system, we were able to secure our site in a matter of hours. AppShield is a powerful security solution that simplified our overall security administration by providing a single point of application management and putting an end to continuous updates of rules and patches."

New features of AppShield 4.0 include:

Rapid Deployment

• Security Dashboard to simplify configuration for complex sites
• Automatic Policy Generation from a "trusted host" driven by behavioral learning from patented technology

Enterprise Manageability

• New Policy Organizer GUI designed for easy administration
• Powerful logging and reporting capabilities including auto backup of logs
• Easy integration with all major enterprise system management tools

Application Forensics

• Privacy Compliance supported through auto-hide feature of sensitive logs
• Application-level logging integrated into current event monitoring tools
• Simple searchable online logs for 24/7 detailed view of all site activity

Performance and Scalability

• Streamlined data flow resulting in over 100 percent increase in performance

"The stakes for enterprise security have gotten higher as enterprises face more complex and frequent security attacks. Not only must security solutions provide constant protection but they should serve as ongoing sources of intelligence to analyze attacks and hold those perpetrating the attacks responsible," said Milan Thanawala, senior product manager of Sanctum. "AppShield saves organizations measurable operating costs by providing full insight into Web site activity, eliminating the unforeseen security maintenance headache and reducing the overhead typically associated with installing patches and writing signatures."

Availability
AppShield 4.0 is available immediately for Windows 2000, Windows NT and Solaris platforms with I18N support.

About Sanctum, Inc. (www.SanctumInc.com)
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the recognized leader for Web application security solutions. Sanctum software solutions provide automatic enforcement of intended business processes, ensuring the protection of core information and data. By detecting and defending against any unauthorized behavior, Sanctum protects customers against malicious cybercriminal activity-from theft of intellectual property and customer data, to e-commerce fraud and Web site defacement-even if a site has unknown security holes or flaws. Sanctum's solutions complete a company's security infrastructure, assure regulatory compliance and create sustainable ROI. Sanctum's customers include industry leaders in finance, retailing, healthcare, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group, Mofet Israel Technology Fund and Walden Israel. For more information, visit www.SanctumInc.com or contact the Company directly at (408) 352-2000.

For Immediate Release
Contact:

Drea Garrison or Tara Dugan
Schwartz Communications, Inc.
(415) 512-0770
[email protected]