RSA Security's Third Annual Investor Day February 2006

Welcome - Agenda for the Day Start time Topic Presenter 8:00 Welcome, Overview & Agenda Art Coviello 8:15 Enterprise Solutions Division Overview Bill McQuaide 8:45 Demonstration Gerry Wilson/John Worrall 9:00 Developer Solutions Division Overview Rick Welch 9:30 Jon Oltsik, Senior Information Security Analyst, Enterprise Strategy Group Jon Oltsik, Senior Information Security Analyst, Enterprise Strategy Group 10:00 - Break - - Break - 10:15 Consumer Solutions Division Overview Chris Young & Naftali Bennett 11:00 RSA Financial Overview Art Coviello 11:30 Closing, Wrap-up and Q&A Art Coviello & Management Team

Risk Statements This presentation may contain forward-looking information regarding future events, plans and prospects for the Company. These statements are based on current expectations and are subject to a number of risks and uncertainties. Actual results may differ materially based in part on various important factors, including those found in the management's discussion and analysis section of the Company's Form 10-K and our most recent 10-Q as filed with the Securities and Exchange Commission. We do not undertake any duty to update any forward-looking information.

Value RSA Security is the expert in protecting identities and digital assets. RSA Security invented core security technologies for the Internet and continues to build on its 20 years of innovation.

Secure Data Access & Data Protection Two sides of the same coin Growing number of authorized users need access to business and personal information Organizations need to establish trust/confidence in the digital identities Specific access privileges need to be given based on the identity of the person or resource trying to access the data Increasing sophistication of attacks and rate of fraud Organizations need to protect data at rest and in transit Encryption policy must be developed and implemented on a consistent basis Trusted digital identities are critical to keeping out unauthorized users Data Protection Secure Data Access

Trust Multi-Pronged Approach To Secure Information Access and Information Protection is Needed Front End Strong(er) authentication Internal access controls Social engineering Shredding Safety Screening... Back End Holistic fraud detection Stop money theft Multi-channel, cross-industry behavior detection Internet infrastructure Stop information theft Caller ID and black lists Source: Gartner Data Encryption Mitigating controls

Welcome and Overview Art Coviello President and CEO

Transition to Divisional Structure Integration of RSA Security's consumer team with the former Cyota organization Consumer Solutions Developer Solutions Enterprise Solutions

Risk-based Authentication Segment-based Authentication Access Control Anti-Fraud Services Enterprise Consumer Data Protection Encryption Adaptive authentication, end-to-end protection Protecting data at rest and in transit future Establishing and leveraging trusted identities RSA Security's Solution Matrix

Risk Appropriate Security Threat assessment Likelihood of attack Magnitude of loss Total Cost of Ownership Deployment Acquisition Operation End-User Fit Convenience + ease of use vs. acceptable risk Portability Multi-purpose Cost Convenience Security No "One Size Fits All" Customer Authentication Purchase Criteria

Broadening RSA Security's Authentication Strategy Offer broader choice of authentication solutions Different levels of security, price points and usability characteristics Offer broader range of authentication technologies, including OTP, digital certificate, biometric, life questions and transparent, risk-based solutions Further extend our leadership in authentication management and integration software Transaction anomaly Protection Passive Authentication Personal trusted Devices Username / Password One Time Passcodes Smart Chip, Transaction Signing

Enterprise Solutions Division Overview Bill McQuaide Senior Vice President Enterprise Solutions Division

17M users of RSA Security strong authentication Source: RSA Security estimates as of October 2005 93M remote access users +400M online business users RSA Security's Enterprise Market Opportunity

1st Qtr Passwords 0.9 Stronger Authentication 0.1 Passwords Stronger Authentication Enterprise Market Opportunity A Sea-Change in Authentication Authentication Market Share By Mechanism Used Today Normal Growth Changing the Game

Enterprise Market Opportunity P.O.V. on Enterprise Market Segments Authentication needs in the enterprise are at an inflection point "Good, better, best" options for stronger authentication are needed RSA Security's incumbency in remote access authentication position the company to capture the growth in enterprise authentication Password management is a problem crying out to be solved Passwords increasingly seen as expensive and insecure Enterprise Single Sign-On increasingly seen as the right technical approach to solve the password nightmare Strong product synergy exists between e-SSO and stronger authentication Web access management is a large and competitive market Most Global 2000 companies have made some WAM investment Market opportunity exists with upper end of SMB market and with large enterprises re-architecting systems Federation is a developing market Smart cards penetration is at an inflection point

Market-leading OTP Risk-based authentication Digital certificate solutions Smartchip-based solutions Enterprise Solution Strategy Establishing and Leveraging Trusted Identities Web SSO and Access Management Enterprise SSO Cross-Domain SSO (Federation) Smart Card Management New product Best-of-breed technology High growth market Unique offering User & Credential Management Trusted Identity

RSA Security Product Overview Enterprise Authentication: One-Time Passwords One-time password strong authentication Secure remote and enterprise access Solution New Go-to-market partnerships New product initiatives Drive further adoption of OTPS standards 2006 Plans Market share leadership; premium quality and reliability Competitive TCO Leading interoperability (300+ RSA SecurID Ready partners) Proven mission-critical enterprise software Competitive Position RSA Authentication Manager & RSA SecurID(r) RSA SecurID for Microsoft (r) Windows (r) solution RSA SecurID Appliance Offering Further penetration of remote access segment Additional adoption driven by wireless networks / SSL VPNs Two-factor authentication into Microsoft (r) desktop Market Opportunity

RSA Security Product Overview Enterprise Authentication: Smart Chip and Certificates Authentication, signing, and encryption based on certificates Life cycle management tools and credential stores (e.g. USB tokens, smart cards) Build traction with new card management offering Exploit synergies between certificate-based authentication and enterprise SSO Unique product breadth Mature and comprehensive certificate offering New card management product RSA Certificate Manager and RSA Validation Manager RSA Card Manager Smart chip-based authenticators (Smart cards, SID 800) U.S. Federal Gov't Agencies (HSPD-12 / FIPS-201) Combined physical / logical access in enterprise deployments Smart card-based IAM deployments Solution 2006 Plans Competitive Position Offering Market Opportunity

RSA Security Product Overview Web Access Management & Federation Centralized Web access / authentication policy management and enforcement; web single sign-on Management of standards-based identity assertions; cross-domain single sign-on RSA ClearTrust agent & server releases planned for mid-2006 Drive adoption as important component of multi-product sales New release advancing core capabilities / standards support Highly competitive enterprise-caliber WAM product Innovative, flexible, intuitive, standalone federation product RSA ClearTrust server, agents, and reporting module RSA Federated Identity Manager Medium and large enterprises with multiple Web applications Inter-enterprise identity sharing on intra-enterprise application integration through federation Solution 2006 Plans Competitive Position Offering Market Opportunity

RSA Security Product Overview Enterprise Single Sign-on Automated log-on to virtually all enterprise applications Reduce help desk calls, increase security, improve user experience Further capitalize on synergy with strong authentication Increasingly targeting indirect channel as go-to-market option Enterprise-caliber e-SSO Tightly integrated strong authentication options RSA Sign-On Manager Full authentication offering (highly synergistic) Enterprises with multiple application types (Web, client- server, mainframe) with differing password policies Solution 2006 Plans Competitive Position Offering Market Opportunity

Recent Awards & Analyst Commentary Authentication Gold Medal Winner: RSA SecurID "Users responding to the Products of the Year survey rate SecurID particularly high in the performance, vendor support/service, features and overall quality categories. One user SecurID calls it "the standard by which all others are judged." Another calls it a "first-rate and robust product." Identity & Access Management Gold Medal Winner: RSA ClearTrust "But what sold [Partners Healthcare] on ClearTrust over other Web-based access management products was confidence that RSA would provide more functionality out of the box and could get up and running quickly... Readers gave ClearTrust some of the highest grades across the board in our Products of the Year survey, with particular emphasis on security and performance." RSA Security Brings an Authentication Toaster to the Enterprise "By offering a turn-key appliance-based solution, RSA can capitalize on user demand and overcome existing notion that two-factor authentication is somewhere between rocket science and brain surgery. This could help to ignite this market and make two-factor authentication ubiquitous."

Customer Success: Hudson Advisors RSA SecurID solution with enterprise SSO 1,200 employees and 30 offices worldwide 14 systems - 2-3 min. per day/user managing logons Customer challenges: Easing password and help desk burdens Ensuring strength of user passwords SSO into customer applications and solutions such as Oracle ERP Six-week bake-off led to RSA(r) Sign-On Manager 4.5 and RSA SecurID two-factor authentication Vasco two-factor authentication token swap-out 4:1 ROI (benefit "in the millions") IntelliAccess self-service reduces help desk calls

Customer Success: American Water RSA SecurID solution with multiple SSO solutions $2 billion; large water services provider in North America (serving 29 states and 3 Canadian provinces) March 2002: RSA Authentication Manager and RSA SecurID solution deployed for data on field laptops Deployed RSA Smart Cards, RSA Sign-On Manager and RSA Digital Certificate Solutions Selected RSA ClearTrust(r) software for portal project; seeking robust access control capabilities Purchased RSA(r) Federated Identity Manager RSA Security named American Water's "Strategic Security Partner"

Enterprise Go-To-Market Strategy Segments, Channels, Products, Geographies Large enterprise Channel: Major account sales organization Products: All RSA Security solutions Geography: Global, primarily North America, Japan, and Europe Small-to-medium enterprise Channel: Two-tier distribution Products: Primarily RSA SecurID solutions Geography: Global Government Channel: Dedicated Federal team in the U.S.; major account sales organization elsewhere Products: All RSA Security solutions; emphasis on smart cards Geography: U.S. Federal focus; opportunistic elsewhere

Go-To-Market Strategy New Channel Program Revamped RSA SecurWorldTM program launched in Q2 '05 Key goals of the new program were: Invest in building channel effectiveness Increase ease of doing business with RSA Security Deliver higher financial rewards for committed partners Results to-date have been very promising 300+ new RSA SecurWorld partners (40% growth since Q2 2005) 10,000+ training courses delivered Positive feedback from partners

Summary Uniquely broad Identity & Access Management portfolio Aggressive strategy for growing leadership position in strong authentication New go-to-market partnerships for RSA SecurID(r) authenticators and server Growing range of authentication options Major release of flagship product planned for year-end Broad range of solutions to leverage trusted identities E-SSO, WAM, Card Management, Federation Unique strengths in data encryption New focus on enterprise-oriented products Industry-leading partner program (RSA Secured(r)) Standards leadership (e.g., SAML, Liberty, OTPS) Award-winning customer support

Demonstration Gerry Wilson, Senior Vice President and CIO John Worrall, Senior Vice President, Marketing

Security and Simplicity RSA Security Enterprise Solutions VPNs (IPSec/SSL) Windows Desktop & Domain Wireless LANs Network Access Web Microsoft Applications Intranets, OWA, Partner Portals Homegrown & Vendor C/S Apps Mainframe Apps Applications pa$$w0rd Federated Identity

Developer Solutions Division Overview Rick Welch Senior Vice President Developer Solutions Division

RSA BSAFE(r) software - De facto Security Standard Most pervasive security software in the world Securely enables millions of applications More than 1,400 RSA BSAFE licensees Used to protect ATM transactions, trade executions, bank-to-bank transfers, check reconciliation, and many other day-to-day, critical financial transactions RSA BSAFE solution is a market leader in data security: Every Netscape and Internet Explorer browser HP, Sun & IBM operating systems Symbian and Palm embedded operating environments Business automation equipment from Cisco, Samsung, Sharp, Panasonic, Sanyo, KonicaMinolta, and many others At leading banks like CitiGroup, JPMorganChase, KeyBank, Deutsche Bank, Wachovia and HSBC At leading investment firms like Fidelity Investments, Merrill-Lynch, and Morgan Stanley Major U.S. Government agencies including the U.S. Senate, U.S. Supreme and Federal Courts, Department of Commerce, Department of Homeland Security, and Department of Justice Retail point-of-sale (POS) systems, manufacturing equipment, medical equipment, and numerous other specialized applications

2006 Developer Solutions Division Strategy Develop new sustainable market-focused solutions New product development focused on Enterprise Data Protection (EDP) Accelerate product capability additions to improve revenue growth Maintain leadership in commercial security toolkits Continued investment in flexible, small footprint SDKs for OEM market Use solution-focused sales model, leveraging Enterprise direct sales force and PSO to accelerate EDP sales Promote unique ability to provide total EDP solution: Authentication, Access Control, Encryption

Protection for Data in Transit and Data at Rest Government Software solutions Software and Device OEMS Embedded Suite Crypto "Kernel" Code Signing FIPS 140 Support Suite B Support Porting Services Enterprise/B2B Applications Key Management App Security Database Security

Software & Device OEM Market Opportunity Market Need Quality security solutions to protect IP Available customization & support Adaptable security to meet constrained resource requirements RSA Security Plan Micro Edition Suite offering that offers combined product containing core security components and protocols Optimized versions of key encryption algorithms and security protocols Continued dedicated & specialized OEM Sales teams Recent Win: Sony

Government & Aerospace Market Opportunity Market Need Certified Off the Shelf Solutions Suite B, FIPS Elliptic Curve Cryptography (ECC) Customization Services RSA Security Plan FIPS 140 validations completed for Crypto-C ME and Crypto-J/JCE Suite B requirements and Elliptic Curve phased into Crypto C/J Products Integrated DSG & Enterprise Government Sales Team Recent Win: Northrop Grumman

The Enterprise Data Protection Market - a strong opportunity for accelerated growth Growing Data Privacy Legislations US: growing State & Federal-level data breach legislations gaining speed (i.e. CA & 30+ states) Europe: Data Privacy Directive APAC: Japan PIPA Act on Data Privacy Tougher Industry Vertical Regulations PCI on consumer credit card data GLB on sensitive financial data HIPAA on patients records Significant Bottom-line Impact Cost to Choicepoint $11MM Cost to Card Systems: out of business Cost to Customer Loyalty: 20% switch rate "EDP" = A new market opportunity emerging in the enterprise market to better protect consumer data privacy, driven by regulatory pressure - Source: Morgan Stanley, 2005 Anti-Virus VPN/SSL Communication Perimeter Network Data Firewall Server Security Access Control Commoditization Line Security Type Risk/Value Enterprise Data Protection "EDP" Market Evolution Identity Mgmt

Customer Priorities for Enterprise Data Protection Rank 1 Rank 2 Rank 3 No Rank Files 0 0 0.153846154 4 0.115384615 3 0.730769231 19 Networked Storage (SAN) 0.038461538 1 0.192307692 5 0.115384615 3 0.653846154 17 Mobile Devices 0.153846154 4 0.076923077 2 0.115384615 3 0.653846154 17 Backup (Tape and Disk) 0.115384615 3 0.153846154 4 0.269230769 7 0.461538462 12 Applications 0.076923077 2 0.269230769 7 0.230769231 6 0.423076923 11 Database 0.615384615 16 0.153846154 4 0.115384615 3 0.115384615 3 TheInfoPro Security Study Wave 5 (9/30/05): F1000 Sample. n=26 Interviewees were asked to rank in order of importance the top three critical IT areas for Data Protection.

Enterprise Market Opportunity Market Need Protection of credit and other personal data Solutions that can integrate easily into the existing information life cycle Sharing of risk with reputable, name-brand vendors RSA Security Plan RSA BSAFE Data Security Manager and Key Management Server Plans for additional DB encryption offering... stay tuned Products complement and integrate with Authentication & Access Control solutions RSA joint sales campaigns supported by cross-comp plan

Application File / OS Databases Storage / Tapes Laptops/PDA's RSA Enterprise Data Protection Management Near-Term Expansion Database Encryption Possible Expansion RSA Identity & Access Management Partner Solution Partner Solution RSA Data Protection Professional Services File System Encryption Application Encryption Security Policy & Control Central Key Mgmt & Storage Monitoring & Audits How We Approach EDP Opportunities Deliver a comprehensive solution that addresses data protection needs Across multiple data tiers Using a common centralized management framework

Customer Success: Accor North America PCI data protection with multiple products 1,200 upscale and economy hotels in U.S., Canada and Mexico Facing PCI Data Security Standard compliance; needed enterprise data protection Existing RSA(r) Certificate Manager and RSA(r) Validation Manager customer, turned to RSA Security for solution RSA(r) Key Manager Selected RSA(r) Federated Identity Manager for federation project, RSA ClearTrust(r) software for access management

Developer Solutions Division Summary Most Mature and Versatile Encryption Solutions Powered by the BSAFE and RSA brands Significant Market Opportunity in Enterprise Data Protection Building blocks in place for Data Protection products Broadest Combination of Data Protection Solutions Authentication, Access Control, Encryption all from one vendor Sales & Services leverage of a $300M Security Specialist Dedicated & Specialized Developer Field Team Leveraging Larger RSA Enterprise Sales Team

Jon Oltsik, Senior Information Security Analyst Enterprise Strategy Group http://www.enterprisestrategygroup.com

On-line Identity and Trust PKI Two-factor authentication Encryption X.509 certificates One-time passwords Historical View Smart cards

Oltsik's Law "The future value of the network will increase exponentially as a function of on-line identity and digital asset protection"

Agenda Consumer market Business market Summary and Conclusions

Consumer Attacks Phishing Approximately 3% of Internet Users provide personal information In response to phishing e-mails Malicious Code Approximately 75% of malicious code programs in the first half of 2005 exposed personal information. Up from 54% in 2H 2004 (Symantec) (Data source: antiphishing.org and Websense, Inc.)

Consumer Market Trends 130+ security breaches in 2005 Potential exposure of personal data of 55m Americans Bank of America, Citibank, Marriott, Time Warner . . . Card Systems = 40m alone 80% of consumers are at least "somewhat concerned" about personal identity theft (Consumer Reports) Most users say they have stopped giving out personal information 25% have stopped shopping on-line Security becoming a point of differentiation AOL, E*TRADE: Superbowl Ad

Commercial Market Trends Security Compliance Business Identity and Trust

Commercial Market Trends

Commercial Market Trends Regulatory compliance is driving security spending

Commercial Market Trends Encryption Implementation

Elements of Identity and Trust Who is on the network? What device are they using? Is the device secure? Where are they located? What are they allowed to do? What is the best way to perform this task?

Supply Side Trends Security instrumentation 802.1x, NAC/NAP, embedded encryption Trusted Computing Group (TCG) Approximately 60m PCs and laptops already in use Identity, Trust, Encryption Device proliferation Secure Infrastructure Security is becoming a requirement Standards SAML, Liberty, OTP, OATH, X.509. . . More and smarter risk-based authentication

Identity and Trust Circa 2008 Instrumented devices Ubiquitous multi-factor and risk-based authentication Embedded encryption Visible implementations

What It Means Authentication and encryption become mainstream New Issues Interoperability Identity management Policy management Key management Logging and reporting

Summary and Conclusions Consumer security Businesses are motivated to provide a better model Business security IAM is the next frontier Secure products A growing trend Managing identity, trust, and digital assets Major challenge

Thank You Jon Oltsik The Enterprise Strategy Group, Inc. Jono@enterprisestrategygroup.com 978.501.0862

**BREAK** 10:00 am - 10:15 am (PST)

Consumer Solutions Division Overview Chris Young Sr. Vice President, GM Consumer Solutions Division Naftali Bennett Sr. Vice President/Founder, Consumer Solutions Division

Joining Forces: RSA Security & Cyota 20 years of providing strong authentication solutions More than 19,000 customers 1,200+ employees, over $300 million in revenues, Over 3 million consumer tokens deployed by 90 financial institutions 86% of the Top 50 world banks use RSA Security Over six years in consumer authentication & online fraud 9 of top 12 banks in North America/UK use Cyota's services Over 430 million consumers protected by Cyota technology Operate the largest online fraud shared database - eFraudNetwork(tm)

RSA Security: A Clear Leader In Consumer Authentication "I would say it's been a home run for us..." - Greg Framke, CIO E*Trade "We chose RSA Security's consumer account protection solution because we wanted to offer our customers a proven but progressive security solution that was also convenient..." - Alessandro Colafranchesi, Head of Online Banking, Unicredit Banca

The addition of Cyota solidifies our global leadership position in Consumer protection Many Top European banks and Many Partners of the top 10 US banks 7 of the top 10 Uk banks 5 of the top four Canadian banks 3 top Japanese banks 6

Stop Phishing & Pharming via a 24x7 Service Login, Transaction & Reverse Authentication Risk & segment based authentication and digital watermarking Fraud & Risk Management via transaction monitoring, Verified by Visa and MC Securecode Provides authentication and anti-fraud solutions for online banking and eCommerce transactions RSA Consumer Solutions Anti-Fraud Services Banking Strong Authentication eCommerce Transaction Protection

Online Banking Users Online Trading Users e-Commerce Users ~200M ~400 M ~17 M Hundreds of Millions of Users Transacting Online Source: RSA Security estimates

Recent global legislation and guidance has created a near-term opportunity. FFIEC - Considers single-factor authentication, as the only control mechanism, to be inadequate for online banking. Banks must use authentication methods that are both effective and appropriate to the risks associated with online banking. Compliance is mandatory. SEC - Published an investor guide advising Americans to "install a personal firewall and security software package, use a security token..." Act on Protection of Personal Information (effective from April 2005) establishes strict regime for the collection and security of citizens' personal information Mandate from the Monetary Authority to banks to use two-factor authentication in online banking Identity Theft Law (effective September 2006) requires banks to cover fraud-related monetary losses of online banking users, even if bank is not at fault. Intent: inspire greater consumer confidence and lead banks to increase security of online banking Many existing regulations around the world ... Japan Hong Kong Korea United States

Why don't we body-search everyone in the airport? What we DO NOT need... Because doing that impacts usability without adding security

Comprehensive solutions, not point products Authentication that "adapts" to a changing environment Real time protection today and tomorrow Cost-effective solutions Scalable technology Secure but usable solutions To balance security with business need in an ever-changing environment What we DO need...

What is Consumer Adaptive Authentication? Flexible, layered authentication that matches security with transaction risk, customer need and preference Widest range of authentication methods and form factors Allows you to dynamically adjust security based upon customer, regulatory, and risk requirements Behind-the-scenes, invisible authentication for majority of users Coupled with more tangible security to higher-risk or security- sensitive segments of your customer base that desire or necessitate it

Risk-based authentication real-time, invisible Segment-based authentication - pre-defined Pre-defined User Segments Continuing Transaction HW/SW Token Device Recognition 1% High risk Real-time Risk Assessment 99% Low risk Extra Authentication Shared Secret Out-of-band Phone Auth. RSA Consumer Adaptive Authentication Solution

Rules Management Customer Service Reports Provisioning Unified Integration Layer Risk-based Authentication Module Secret Questions Automated Phone Call 3rd Party Auth. API Transaction Signing Software Tokens Hard Token RSA/Others Segment-based Authentication Module ? eFraudNetwork: Cross Bank Shared Fraud Repository Watermarks RSA Consumer Adaptive Authentication Solution

World's Largest Online Fraud Fighting Network eFraudNetwork & eRisk Engine

Now known as the "Go ID Network" "Segment-based" authentication can be delivered either on premise or via our networked-service model

Case Study: Risk-based Authentication deployed at 5 FIs Total assets over 5 trillion dollars; including HBOS HBOS and others - 80% fraud reduction, 1:1 Genuine: Fraud JUN 2004 SEP JUL AUG OCT NOV DEC MAR JUN APR MAY JUL AUG SEP OCT NOV eCommerce Fraud Basis Points JAN 2005 FEB SYSTEM LAUNCHED REDUCTION IN FRAUD Risk Based Authentication Results

Unique cross bank fraud network, a proven real-time risk engine Both "risk" and "segment" based authentication Multiple authentication form factors deployable today All this through one vendor Enables invisible authentication Lowest impact on genuine users; highest fraud detection rate Cost effective and scalable Make decisions based on business requirements, rather than technology limitations Allows matching authentication strength with transaction risk Provides choice in user experience to you and your customers Allows you to benefit from all these unique features with one project, integration, relationship, contract Why is it Unique and What is the Benefit?

Customer Success: Washington Mutual Online Banking w/Risk-based Authentication Operating more than 2,400 retail banking, mortgage lending, commercial banking and financial services offices across U.S. Purchased solution in Q4 2005 for risk-based multi-factor authentication solution to provide enhanced security for its online banking users Analyzes every online login and transaction and scores potential risk based on a broad range of criteria Invokes additional authentication methods in real-time when potential risk detected Engages in real-time world-wide fraud detection network

Customer Success: Japan Net Bank/SMBC Online Banking with OTP tokens Japan Net Bank $10 million for RSA SecurID(r) Consumer Authentication Largest deal in the history of RSA Security - new customer in Q4 2005 First bank in the world to deliver two-factor tokens to all active account holders Protecting over one million online banking customers with RSA SecurID authentication Deploying RSA SecurID authentication to all customers over next 12 months Part of the bank's strategy to reinforce online banking security Sumitomo Mitsui Banking Corporation SMBC is one of Japan's top bank SMBC One's Direct network is one of largest in Japan (6M+ users) One's Direct recognized as premier online banking service in Japan First financial institution in Japan to offer two-factor authentication for online banking customers Available to any One's Direct customer, regardless of account size or transaction volume Monthly service charge is 100 yen -- less that $1 per month! Japan Net Bank

RSA Security Financial Overview Art Coviello President and CEO

Q4 Operating Metrics Record Bookings of $107 M Record product / service backlog @ $31.7M Deferred revenue Increased to $54.9M Total short-term deferred revenue, contracts,and backlog entering 2006 @ $80.2M Revenues up sequentially to $81.7M Up 7% Q/Q Record 1.55 Million Authentication Credentials Shipped Includes ~500K Consumer Units GAAP Earnings per share $.16 Q4 2004 Revenue Q4 2005 Revenue Enterprise 73.3 76 OEM/Dev 9.9 5.7 $ in Millions 3 $83.2 $81.7 Q4 2005 Summary Financial Results Developer Enterprise

5 2005 Summary Financial Results Total revenue of $310 million Net income of $42.4 million GAAP diluted earnings per share of $0.58 Approximately 4.7 million authentication credentials shipped Added over 2,600 new customers Increased the total number of customers to almost 20,000 Ended the year with over $187 million in cash and equivalents

Financial Results - Balance Sheet

10 1000 10000 100000 1000000 Risk-based 5 4 3.5 1.5 2 OTP 35 20 10 5 3 3 Factor 60 50 40 30 20 Broad Spectrum of Pricing Options (Pricing per user per year) # of users SMB Enterprise Consumer Cost per user, per year OTP hardware & software tokens 3-factor (smart card, biometric, PIN Risk-based, transparent authentication

Supplemental Financial Metrics Defined Total estimated unrecognized revenue from managed service contracts - contracted monthly fixed & variable fees based on an estimated number of units for the remaining term of the contract. Primarily related to Cyota, contract terms are 1 - 3 years. Contracts are billed monthly & excluded from deferred revenue; also not included in total products & services backlog. Total product & services backlog - contracted orders for products, maintenance and professional services that have not been fulfilled. The short-term component of these metrics is expected to be recognized as revenue in the next 12 months

Supplemental Financial Metrics *NR - Reflects metric not reported

Backlog - If Product Not Yet Shipped Revenue Recognized - Current Quarter 15 Product Shipped Booking - Enterprise Booking - Consumer OTP Subscription Non- Subscription Deferred Revenue Revenue Recognized - Ratably in Future Qtrs Products: Booking To Revenue Cycle Backlog Revenue Deferred Revenue Booking

Short-term Unrecognized Revenue Estimate 17 Total Estimated Unrecognized Revenue from Managed Service Contract Subscription Billed & Paid Monthly Upon Deployment Estimated Contract Value Revenue Deferred Revenue Managed Service: Booking To Revenue Cycle Long-term Unrecognized Revenue Estimate Booking Booking to Revenue Cycle for a Typical Managed Service Contract

Non-GAAP Financial Information The Company is providing non-GAAP financial guidance to ensure that investors can compare current period results to future period results. Non-GAAP earnings per diluted share can be calculated by taking GAAP earnings per diluted share and subtracting the anticipated: compensation charge associated with FAS 123R, restructuring charge associated with the Company's engineering resources and the charge associated with the amortization of intangible assets. Non-GAAP total operating expenses and non-GAAP income from operations can be calculated by taking the respective GAAP metrics and subtracting the $2.1 million restructuring charge from the fourth quarter of 2005.

Business Model - P&L % of Revenue *Excludes $2.1M restructuring charge in Q4 2005 **Long term target model does not include compensation charges associated with the expensing of stock options in accordance with FAS 123R

Reiterating Q12006 Financial Guidance The financial guidance for the first quarter of 2006 is only current as of today, Monday February 13, 2006. The Company undertakes no obligation to update its estimates.

Reiterating Q12006 Financial Guidance Total Revenue: $84 million to $88 million (including the operations of Cyota) Non-GAAP earnings per diluted share: $0.12 to $0.16. GAAP earnings per diluted share: $0.04 to $0.10. Included in GAAP earnings per diluted share, the Company anticipates a FAS 123R charge of $3 million to $4 million, or $(0.03) to $(0.04) per diluted share Included in GAAP earnings per diluted share, the Company anticipates a restructuring charge of $2 million to $3 million, or $(0.02) to $(0.03) per diluted share Included in GAAP earnings per diluted share, the Company anticipates a charge relates to the amortization of intangibles of approximately $900,000 a quarter, or $(0.01) per share

Why RSA Security Will Succeed! Unique solution to critical customer challenges Secure data access and data protection Authentication, access control and encryption Continue to be out in front of evolving and growing authentication market Range of solutions to meet unique customer requirements Risk-based and segment-based Strong, experienced management team

Closing and Question & Answer Session Art Coviello and RSA Security Management Team