New Hardened Thumb Drive Self-Destructs When Breached

IronKey's new S200 includes strong encryption, anti-malware controls, and security policy management

IronKey has developed an ultrasecure, hardened USB thumb drive that self-destructs when its tamper-resistant controls are disturbed.

The new S200 device, which also uses hardware-based AES 256-bit strong encryption and includes anti-malware scanning and security management features, meets one of the federal government's highest security specifications, FIPS 140-2 Level 3, for storing top-secret data.

"FIPS 140-2 Level 3 basically addresses tamper resistance and is more often associated with high-confidence hardware in the data center, such as hardware security modules, than with removable media," says Scott Crawford, managing research director at Enterprise Management Associates. "FIPS validation to this level speaks to IronKey's commitment in this domain."

The S200 is wrapped in a hardened metal casing that protects the cryptographic and memory chips from tampering or physical access. IronKey also provides some anti-malware protections to the USB drives -- it locked down the risky AutoRun feature on the USB drive to prevent worm infections (think Conficker) and provides a read-only mode for further protection. IronKey also offers optional anti-malware scanning, as well as a cloud-based management service that handles security policy enforcement and malware signature updates. There's also an enterprise management server option for organizations that want to host their own management operations for the drives.

"This storage device is more secure than a hard drive on a laptop. If it's tampered with, the data is destroyed, and it disintegrates," says John Jefferies, vice president of marketing at IronKey. "The big news is that it's FIPS 'tamper-evident' [design-compliant] and physically hardened with strong key management. And you have 256-bit encryption for storing top-secret [data] at the highest NSA levels."

Self-destruction features aren't new to storage devices, however. "Self-destruct, or phone-home and self-destruct capabilities, have been standard on disk encryption products from folks like Check Point (Pointsec), Sophos (Utimaco), Credant, and McAfee (SafeBoot) for years," says Nick Selby, CEO and co-founder of Cambridge Infosec, a security consultancy in New York. "The concept is nice, though if the data is properly encrypted, the 'poof!' effect is good and redundant."

IronKey says its target customers are obviously the federal government, but also enterprises, such as financial institutions.

"I think there is a ripening market for secure USB drives. It is not going to take the world by storm overnight, but there really aren't secure alternatives to 'glue-in-port,'" says Pete Lindstrom, research director for Spire Security.

The S200, which comes in sizes from 1 gigabyte up to 16 gigabytes of storage, is priced from $79 to $299. IronKey will begin shipping the device in early August.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights