I moved my company from the McAfee Encrypted USB drives to Ironkey a couple years back. We've been really happy with Ironkey and with McAfee Host DLP in Device Control mode. In the past year the new Ironkey drives we've been getting don't have device serial numbers so I have to rethink how to allow the devices. I've seen quite a few posts about others using Ironkey with HDLP so I was wondering how ya'll were allowing the devices in HDLP.
For instance, here's what I used to do:
I have a device definition that has Interface: USB selected. In that definition I added a group of devices to the exclusions.
I want to only allow specific Ironkey devices so I would create a Removable Media device definition with interface: USB and Serial Number: X. Add that device to the exceptions group, apply the policy, go to lunch while the policy applied and presto! Working Ironkey.