Perimeter

7/14/2009
04:42 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

New Hardened Thumb Drive Self-Destructs When Breached

IronKey's new S200 includes strong encryption, anti-malware controls, and security policy management

IronKey has developed an ultrasecure, hardened USB thumb drive that self-destructs when its tamper-resistant controls are disturbed.

The new S200 device, which also uses hardware-based AES 256-bit strong encryption and includes anti-malware scanning and security management features, meets one of the federal government's highest security specifications, FIPS 140-2 Level 3, for storing top-secret data.

"FIPS 140-2 Level 3 basically addresses tamper resistance and is more often associated with high-confidence hardware in the data center, such as hardware security modules, than with removable media," says Scott Crawford, managing research director at Enterprise Management Associates. "FIPS validation to this level speaks to IronKey's commitment in this domain."

The S200 is wrapped in a hardened metal casing that protects the cryptographic and memory chips from tampering or physical access. IronKey also provides some anti-malware protections to the USB drives -- it locked down the risky AutoRun feature on the USB drive to prevent worm infections (think Conficker) and provides a read-only mode for further protection. IronKey also offers optional anti-malware scanning, as well as a cloud-based management service that handles security policy enforcement and malware signature updates. There's also an enterprise management server option for organizations that want to host their own management operations for the drives.

"This storage device is more secure than a hard drive on a laptop. If it's tampered with, the data is destroyed, and it disintegrates," says John Jefferies, vice president of marketing at IronKey. "The big news is that it's FIPS 'tamper-evident' [design-compliant] and physically hardened with strong key management. And you have 256-bit encryption for storing top-secret [data] at the highest NSA levels."

Self-destruction features aren't new to storage devices, however. "Self-destruct, or phone-home and self-destruct capabilities, have been standard on disk encryption products from folks like Check Point (Pointsec), Sophos (Utimaco), Credant, and McAfee (SafeBoot) for years," says Nick Selby, CEO and co-founder of Cambridge Infosec, a security consultancy in New York. "The concept is nice, though if the data is properly encrypted, the 'poof!' effect is good and redundant."

IronKey says its target customers are obviously the federal government, but also enterprises, such as financial institutions.

"I think there is a ripening market for secure USB drives. It is not going to take the world by storm overnight, but there really aren't secure alternatives to 'glue-in-port,'" says Pete Lindstrom, research director for Spire Security.

The S200, which comes in sizes from 1 gigabyte up to 16 gigabytes of storage, is priced from $79 to $299. IronKey will begin shipping the device in early August.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18643
PUBLISHED: 2019-04-25
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVE-2018-19359
PUBLISHED: 2019-04-25
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
CVE-2019-11488
PUBLISHED: 2019-04-25
Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history.
CVE-2019-11489
PUBLISHED: 2019-04-25
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI.
CVE-2019-3720
PUBLISHED: 2019-04-25
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient san...