IronKey Unveils Trusted Access Solution to Protect Corporate Banking Customers Against Sophisticated Fraud and Malware Attacks

IronKey Extends Trusted Virtual Computing Platform to Protect Corporate Banking Customers

LOS ALTOS, California, February 23, 2010 - To help address the serious dangers posed by ever more sophisticated
malicious software ("malware") that is infecting the computers of users of
corporate online banking services, IronKey, the leader in secure and managed
portable computing solutions, today announced its Trusted Access for Banking
solution. This new product is an application and services suite that
leverages the capabilities of IronKey's Trusted Computing Environment
platform to allow banks to provide identity protection, strong authentication
and fraud protection at the endpoint for corporate banking customers.

The computer security industry is discovering increased numbers of
malicious software variants that are designed to steal identity credentials
and perform fraudulent transactions from the computers of infected banking
users. A recent Symantec report states there are 70,330 unique variants of
the Zeus banking Trojan malware, with the true absolute figure to be much
higher, making it hard to detect, and one of the top risks to users of online
corporate banking services.

"Organized cyber crime rings have begun to shift away from massive
phishing attacks against individual commercial banking customers, and instead
are targeting bigger players including corporate banks," said David Jevans,
CEO of IronKey. "We are committed to helping our corporate banking customers
protect their customers against these threats. The IronKey solution isolates
access to the online corporate banking system from the host PC, creating a
trusted virtual computing environment and protecting commercial banking
customers from current and next-generation malware and fraud schemes."

IronKey Trusted Access for Banking is a purpose-built application of the
IronKey multifunction security device. Corporate banking customers simply
plug it into a computer, and enter their device password. Once the IronKey
device is successfully unlocked, its virtualized operating system
automatically runs, and a secure Web browser launches and goes directly to
the bank's website. It incorporates a locked down Web browser that is
protected against malware from the host PC, and may also be configured to
allow users to visit only specific websites.

Zeus/Zbot is different than other Trojans because it gives hackers the
ability to alter a Web input rendered by the victim's browser to display its
own content, mimicking a bank's Web page form as a legitimate bank website.
When the unsuspecting user completes the additional fields on the form, these
private credentials are sent directly to the criminal. It can even be
customized to steal information from banks in a specific geographic region.

IronKey prevents these types of man-in-the-browser attacks, and enables a
trusted virtualized environment protected from malware-infected host
computers. The IronKey system conducts an anti-malware scan of the host
computer before enabling the secure environment, and even provides the option
to boot a host operating system from the IronKey device to protect against
threats on infected host computers. The IronKey solution is available with an
integrated RSA SecurID(R) software token that generates one-time passwords,
and as a result, provides a single device that serves as both a secure
banking platform and a mechanism for two-factor authentication. IronKey
Trusted Access for Banking has a SaaS or software centralized management
capabilities for policy control and reporting.

"Corporate resources are at very high risk as fraudsters combine
increasingly sophisticated malware and manipulative attack vectors with an
evolving ability to monetize stolen information," said Tom Corn, vice
president of product marketing at RSA, The Security Division of EMC. "It has
come to the point where we advise organizations that are taking additional
measures to prevent online threats to first assume that all of their
computers are compromised. By teaming up with IronKey, we can provide these
organizations with increased layers of protection that not only reduce
complexity but also increase confidence that identities, information and
infrastructure are better protected."

The IronKey Trusted Access for Banking solution is available in March and
can be seen in action at the RSA show March, 1-5 in San Francisco, CA, in the
IronKey booth #2333.

    Social Media Destinations and Resources:

    - IronKey CEO Blog: blog.ironkey.com/
    - IronKey Forum: https://forum.ironkey.com/
    - IronKey Security Policy:
      cs-www.ncsl.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1149.pdf
    - Symantec Zeus the King of Crimeware Toolkits:
      www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits

About IronKey:

IronKey is the global leader in providing secure and managed portable
storage, authentication, and trusted virtual computing solutions for mobile
workers. IronKey multifunction portable security devices, management software
and associated services are designed to meet the security, performance, and
privacy standards of the most demanding enterprise and government customers.
IronKey solutions range from IronKey Basic, the world's most secure USB flash
drive, to the IronKey Enterprise Virtual Desktop solution for carrying a
secure operating system and virtual desktop environment on a pocket-sized
device. IronKey works with industry leaders in virtualization, storage and
security, including Lockheed Martin, McAfee, MokaFive, RSA, RingCube and
VeriSign to extend the applications of its secure mobile computing platform.
IronKey products are FIPS 140-2, Level 3 validated. Thousands of customers
use IronKey, including Fortune 500 companies, enterprise organizations in
financial services, healthcare and legal markets, as well as government
agencies, including FEMA, NATO and DHS. For more information, please visit
https://www.IronKey.com.

RSA and SecurID are either registered trademarks or trademarks of RSA
Security, Inc. in the U.S. and/or other countries. EMC is a registered
trademark of EMC Corporation. All other trade names and trademarks are the
property of their respective holders.

Heidi Rosenberg of Nadel Phelan, Inc., +1-831-440-2405, heidi at nadelphelan.com, for IronKey