Tumbleweed teams with iPRESIDIUM to deliver insider threat protection

Integration of iPRESIDIUM’s Mailntercept® with the Tumbleweed MailGate Suite Offers Advanced Content Security for Internal Messaging

Redwood City, CA – October 3, 2006 – Tumbleweed® Communications Corp. (NASDAQ:TMWD), a leading provider of email security, file transfer security, and identity validation software and appliances, today announced that the company has combined Tumbleweed MailGate suite's award winning email security solutions with the iPRESIDIUM Mailntercept product's comprehensive insider threat protection capabilities. The solution leverages Tumbleweed's rich feature set for securing inbound and outbound communications with Mailntercept's advanced content security for internal communications, offering broad-based protection against unauthorized disclosure of sensitive information via external or internal sources. 

“Trusted insiders with authorized access to network resources and sensitive information present the most dangerous security risk to government and private sector organizations,” said Adriana Babino, President and Founder of iPRESIDIUM.  “Malicious or inadvertent exposure of confidential data via internal email can have disastrous legal, financial, and other consequences to organizations and affected individuals.  Integrating Mailntercept with Tumbleweed’s secure messaging solutions provides security conscious organizations with the ability to intercept and take action on internal messages that may violate existing security policies.”

Government agencies and commercial organizations often create specialized email distribution groups to share information more efficiently among and across internal departments.  Without proper controls, confidential information sent to multiple distribution groups may reach individuals who lack proper authorization to access such information. 

To address this problem, organizations can configure Mailntercept and Tumbleweed MailGate to ensure that messages are delivered only to authorized individuals.  For example, an intelligence agency employee with Top Secret clearance may be assigned work on a task force comprised of individuals with lesser clearances.  If the employee attempts to send information to a task force distribution group, Mailntercept identifies the conflict, blocks delivery to individuals lacking clearance, and redirects the message to Tumbleweed MailGate for further analysis and action according to pre-configured security policies.  

Tumbleweed’s email client plug-in allows users to tag messages for special handling.  Based on local policies Mailntercept can redirect these internal messages through Tumbleweed MailGate to enforce restrictions on message routing or apply special handling based on the message content.  This integration is especially useful for organizations that maintain the confidentiality of certain communications or records in compliance with government and industry regulations.  For example, text appended to a message using this feature can automate the process for storing email communications in compliance with the National Archives and Records Administration’s (NARA’s) rules on electronic records management.    

“A key component of effective information security is ensuring that only authorized users can view and use information shared across internal networks, workgroups, and departments.  For security-focused organizations, monitoring internal communications is just as or more essential to mission delivery as defending the perimeter, since internal emails can present threats as varied and nefarious as anything coming from outside the corporate network,” said Willy Leichter, director of MailGate product marketing, Tumbleweed Communications.  “Incorporating iPRESIDIUM’s Mailntercept solution with the Tumbleweed MailGate product suite offers our government and commercial customers best-in-class capabilities for securing internal messaging with the latest threat protection technologies for inbound and outbound communications.”

About iPRESIDIUM Mailntercept
Mailntercept is an “Intercept Module” for Microsoft Exchange Server that uses rules-based interception to redirect targeted e-mail messages to Tumbleweed MailGate for analysis and application of appropriate security policies.  The module links into the Internet Information Services (IIS) SMTP service on the Microsoft Exchange 2000/2003 server and identifies all internal messages passing through the IIS.  Mailntercept directs the intercepted internal messages to Tumbleweed MailGate for granular inspection of message properties, content, and attachments, ensuring complete enforcement of Intranet email policies. Interception/bypass rules can be applied to individual users, static groups, and/or LDAP or MS Active Directory dynamic groups of users.  Enforcement actions include quarantining messages for further review, notifying security officers, restricting recipients or further message routing, and encrypting, decrypting, or archiving messages.

About Tumbleweed MailGate Suite
Tumbleweed’s MailGate Suite is a family of products for protecting, filtering and monitoring corporate email.  These best-of-breed products enable businesses to manage inbound and outbound traffic, block threats, encrypt messages and optimize network performance. 

• MailGate Appliance™: A high performance Linux appliance, providing integrated network edge defense, antispam, antivirus, content filtering, policy management, and outbound encryption
• MailGate Email Firewall™: Comprehensive email security software, with functionality ranging from inbound threat prevention to outbound content filtering, monitoring and encryption
• MailGate Secure Messenger™: A policy-based email encryption solution that dynamically inspects messages and securely delivers them via the industry’s broadest set of secure delivery channels, including TLS, S/MIME, PGP, and SSL

SAFE HARBOR STATEMENT
Tumbleweed cautions that forward-looking statements contained in this press release are based on current plans and expectations as of the date of this press release, and that a number of factors could cause the actual results to differ materially from the guidance given at this time. These factors are described in the Safe Harbor statement below.

Except for the historical information contained herein, the matters discussed in this press release may constitute forward-looking statements that involve risks and uncertainties that could cause actual results to differ materially from those projected, particularly with respect to the functionality and performance of the solutions provided by either Tumbleweed’s MailGate products or iPRESIDIUM’s MailIntercept products, whether or not they are integrated.  In some cases, forward-looking statements can be identified by terminology such as “may,” “will,” “should,” “potential,” “continue,” “expects,” “anticipates,” “intends,” “plans,” “believes,” “estimates,” and similar expressions. For further cautions about the risks of investing in Tumbleweed, we refer you to the documents Tumbleweed files from time to time with the Securities and Exchange Commission, particularly Tumbleweed's Form 10-K filed March 16, 2006 and Form 10-Q filed August 8, 2006.

Tumbleweed assumes no obligation to update information contained in this press release. Although this release may remain available on Tumbleweed’s website or elsewhere, its continued availability does not indicate that Tumbleweed is reaffirming or confirming any of the information contained herein.

About iPRESIDIUM
iPRESIDIUM is a secure messaging solutions and service provider headquartered in Newport Beach, California.  The company’s mission is to provide government and commercial customers with secure digital messaging communications solutions and services that defend communications infrastructure from internal and external threats. iPRESIDIUM’s professional services team works closely with customers to ensure the proper evaluation, selection, and successful deployment of secure messaging solutions, and offers comprehensive technical support services to resolve issues quickly and minimize downtime.  For additional information about iPRESIDIUM go to www.iPRESIDIUM.com or call 949-274-4110.

About Tumbleweed Communications Corp.
Tumbleweed provides security solutions for email protection, file transfers, and identity validation that allow organizations to safely conduct business over the Internet. Tumbleweed offers these solutions in three comprehensive product suites: MailGate®, SecureTransport™, and Validation Authority™. MailGate provides protection against spam, viruses, and attacks, and enables policy-based message filtering, encryption, and routing. SecureTransport enables business to safely exchange large files and transactions without proprietary software.  Validation Authority is the world-leading solution for determining the validity of digital certificates.  Tumbleweed’s enterprise and government customers include ABN Amro, Bank of America Securities, Catholic Healthcare West, JP Morgan Chase & Co., The Regence Group (Blue Cross/Blue Shield), St. Luke’s Episcopal Healthcare System, the U.S. Food and Drug Administration, the U.S. Department of Defense, and all four branches of the U.S. Armed Forces. Tumbleweed was founded in 1993 and is headquartered in Redwood City, Calif. For additional information about Tumbleweed go to www.tumbleweed.com or call 650-216-2000.

Tumbleweed, the Arrows logo, MailGate, SecureTransport, Tumbleweed Validation Authority and Validation Authority are either registered trademarks or trademarks of Tumbleweed Communications Corp. in the United States and/or other countries.  All other trademarks are the property of their respective owners.

###