RSA Security Announces Strategic Agreement with Microsoft on Security Initiatives

New Technology Programs to Enhance Security for Customers

Bedford, MA, Tuesday, October 08, 2002 — RSA Security Inc. (NASDAQ: RSAS), the most trusted name in e-security®, today announced a strategic agreement with Microsoft Corp. that will enable the companies to provide security solutions to customers that offer a new level of interoperability and flexibility for their mission-critical information, applications and resources. The first initiatives will center on Microsoft’s licensing of RSA Security’s RSA SecurID® two-factor authentication software and RSA Security’s development of an RSA SecurID Software Token for the Microsoft® Windows® Pocket PC.

“Working closely with other vendors in the security community is a critical component in making Trustworthy Computing a reality for our customers,” said Craig Mundie, Chief Technical Officer and senior vice president of advanced strategies and policy at Microsoft. “The projects we’re undertaking with RSA Security will provide tangible evidence of our progress toward creating a more trusted computing environment, and underscore our commitment to providing more powerful security solutions for our customers.”

“Thousands of businesses rely on the Microsoft platform as the fabric of their IT infrastructure, and positively identifying the people who are accessing those systems is a key requirement for all organizations,” said Scott Schnell, senior vice president of sales, marketing and corporate development at RSA Security. “As part of our agreement with Microsoft, RSA Security will be working to provide thousands of organizations worldwide with the tools necessary to implement e-business processes within a secure, trusted and convenient environment.”

Details of the agreement include:

RSA Security has given Microsoft a license for the RSA ACE/Agent® component of the RSA SecurID two-factor authentication software, allowing Microsoft the option of directly integrating the RSA SecurID agent into Microsoft applications. The first Microsoft product to use this capability will be Microsoft’s Internet Security and Acceleration (ISA) Server 2000. The functionality will ship in an upcoming set of ISA Server product enhancements.

RSA Security has developed the RSA SecurID Software Token for the Windows Pocket PC 2002 software platform. Windows Pocket PC powered devices can now function as RSA SecurID authenticators, thus eliminating the need for users to carry separate hardware tokens. Used in conjunction with RSA ACE/Server® authentication management software, RSA SecurID authenticators to positively identify users and prevent unauthorized access to networks and systems.

RSA Security was one of the original companies to support the submission of WS-Security to the OASIS standards organization in July 2002. WS-Security is a set of SOAP extensions that supports, integrates and unifies several popular security models, mechanisms and technologies, allowing a variety of systems to interoperate in a platform- and language-neutral manner in a secure Web services context. Ensuring the availability of open standards to enable rapid integration of technologies is a key component of successful customer implementations and increased productivity. As Web services develop, RSA Security believes that identity management, authentication and Web access management will become increasingly critical to organizations.

About RSA SecurID Two-Factor Authentication
RSA SecurID software is the world’s leading two-factor user authentication solution, relied upon by thousands of organizations and millions of users worldwide to protect valuable network resources. RSA SecurID software requires users to identify themselves with two unique factors — something they know, such as a password, and something they have, such as a token — before they are granted access. As the need for positive user identification and protection of valuable corporate information has increased, RSA SecurID software is a mission critical component of an organization’s network security infrastructure. A true enterprise-class solution, RSA SecurID software is engineered to meet the needs of small, medium and large enterprises and is designed to support millions of users.

About ISA Server
Microsoft Internet Security and Acceleration (ISA) Server 2000 is an enterprise firewall and Web cache server that enables IT administrators for businesses of all sizes to provide controlled, secure and fast Internet access for their organization. Building on the security and manageability of the Microsoft Windows 2000 platform, ISA Server provides a sophisticated multi-layer enterprise firewall and a high-performance Web cache to control, secure and accelerate business on the Internet. ISA Server is part of the Microsoft Windows .NET Platform, geared to empower companies of any size to Internet-enable their businesses and to allow developers to build products for the next generation of services that will be available on the Web. For more information on ISA Server, or to download an evaluation version of the product, go to .

About RSA Security Inc.
RSA Security Inc., the most trusted name in e-security, helps organizations build trusted e-business processes through its RSA SecurID two-factor authentication, RSA ClearTrust® Web access management, RSA BSAFE® encryption and RSA Keon® digital certificate management product families. With approximately one billion RSA BSAFE-enabled applications in use worldwide, more than 12 million RSA SecurID authentication users and almost 20 years of industry experience, RSA Security has the proven leadership and innovative technology to address the changing security needs of e-business and bring trust to the online economy. RSA Security can be reached at www.rsasecurity.com.