- SignaCert Joins Opsware Technology Alliance Partner Program
- SignaCert Names Randal Skipper Vice President of Sales
- SignaCert Solution Is Now “Ready for IBM Tivoli Software”
- SignaCert Announces Enterprise Trust Service Interoperability With Microsoft Network Access Protection
- SignaCert Introduces Enterprise Trust Services
- Technology Industry Leaders Come Together To Advance New Security And Management Approach
- SignaCert Names Industry Veteran Amal Chaudhuri as President and Chief Operating Officer
- SignaCert Joins Microsoft's Network Access Protection (NAP) Program
- SignaCert Helps Create Industry Specification For Platform Measurement And Verification
- SignaCert Names Frank Tycksen as Vice President of Engineering
- Dr. Taher Elgamal Joins SignaCert Board of Advisors
- SignaCert Inc. Secures $10 Million in Series A Funding
- Tripwire Founder Wyatt Starnes First Oregonian Named To Advisory Committee Of National Institute Of Standards And Technology
- Media Advisory: SignaCert to present at 3rd Annual Security Automation Conference hosted by NIST
- Secure Elements and SignaCert Partner to Deliver First Joint Solution To Provide Positive Attestation for SCAP Configuration and Binary/Library Validation for Regulated and Federal IT Customers
- SignaCert Releases Latest Version of Enterprise Trust Server; Receives Patent
- SignaCert Announces New Methods to Manage Enterprise IT Systems
- SignaCert Announces Full Support of SCAP and FDCC
-
SignaCert Joins Opsware Technology Alliance Partner Program
- September 12, 2007
Enterprise IT customers to benefit from comprehensive datacenter automation solution
Portland, Ore. – September 12, 2007 – SignaCert® Inc., the leading provider of independent IT controls solutions, today announced it has joined the Opsware Technology Alliance Partner (TAP) program. Through the partnership, SignaCert and Opsware will provide access to a broad range of Data Center Automation capabilities, enabling enterprise IT departments to more rapidly achieve operational efficiencies and reduce labor costs across their IT infrastructures.
“SignaCert’s independent IT controls technologies are an excellent complement to Opsware’s industry leading products,” said Wyatt Starnes, Chairman and CEO, “Together we will deliver significant and immediate value to customers by enabling advanced asset discovery and verification capabilities throughout the data center production cycle -- from deployment and after.”
“Opsware is delighted to welcome companies of the caliber of SignaCert to our Technology Alliance Partner program,” said John O’Farrell, executive vice president ofbusiness development at Opsware Inc. “By combining Opsware’s IT Automation software with SignaCert Enterprise Trust Services, customers will benefit from a broader spectrum of critical IT Automation capabilities.”
With the cost and complexity of today’s IT infrastructure spiraling out of control, enterprises are turning to IT automation to increase productivity, ensure policy compliance, remediate security threats, and reduce labor expenses. The Opsware TAP program supports the increasing demand for automation technology by providing an effective means of addressing customer needs for server, network and applications.
As the fastest growing datacenter automation vendor,Opsware will provide SignaCert the opportunity to integrate with its award-winning IT Automation software and leverage its global sales and marketing activities to generate customer leads and drive revenue.
SignaCert Enterprise Trust Server captures, organizes, and compares the reality of what's running on customer IT systems against a proven trusted reference. This independent IT control measures, proves and verifies that enterprise IT systems are deployed as intended. SignaCert technologies complement Opsware products by enabling enhanced discovery and verification capabilities for swifter identification and reporting of deployed or unauthorized software, and more granular system scanning. Customers adopting these capabilities will benefit from increasedsystems availability, manageability, compliance, and security.
About the Opsware Technology Alliance Partner Program
The Opsware Inc. (NASDAQ: OPSW) Technology Alliance Partner program provides customers with the most extensiveand comprehensive data center management solution available today. OpswareTechnology Partners are comprised of best of breed, market-leading software and platform vendors who offer technology that complements a single Opsware product or the entire Opsware solution suite.
About SignaCert
Founded by industry veteran, Wyatt Starnes in 2004, SignaCert delivers independent IT controls that provide a deeper understanding to enterprise systems and prove applications are deployed as intended, providing greater control, security, availability, and compliance.The company’s Enterprise Trust Server product enables business and government to measure, validate, and maintain the state of their technology infrastructure using a device-independent proactive approach that checks the operating system,applications, platforms and other software against a known trusted reference. SignaCert’s products are available directly from the company. For more information, visit www.signacert.com.
###
Opsware is a service mark and trademark of Opsware Inc. All other product and company names, service marks, and trademarksmentioned herein may be the trademarks of their respective owners.
-
SignaCert Names Randal Skipper Vice President of Sales
- September 10, 2007
Industry veteran chartered with expansion, outstanding service and value to enterprise IT customers
Portland, Ore., September 10, 2007– SignaCert®, Inc. the leading provider of independent IT controls technology,today announced the appointment of industry veteran Randal Skipper as vice president of sales. Skipper brings to SignaCert over 20 years of expertise, leadership and success in building worldwide direct and indirect sales initiatives, most recently as VP of Sales at Messagelabs,Inc., a leading managed service provider in email security.
As an industry veteran of market leaders and successful startups, Skipper will focus on expanding growth, service, value to customers,and fostering new market introductions in financial, healthcare,telecommunications and pharmaceutical industries.
“We are pleased to announce Randy’s addition to the SignaCert team,” said Wyatt Starnes,Founder and CEO of SignaCert. “Randy brings an impressive breadth of experience with high-growth companies,knowledge of vertical markets, enterprise software, and global accounts. His leadership skills will be a key addition to help drive our vision to the market.”
“Operational efficiency is a key concern and SignaCert has begun to shake up the market with its first-to-market solution, especially as software configurations drift over time,” said Randal Skipper, vice president of sales at SignaCert. “Together with SignaCert’s talented team, I look forward to increasing our presence within large IT organizations, introducing customers to a different dimension of systems management and positioning SignaCert as an undisputed leader in the market.”
Prior to MessageLabs, Skipper was VP of Sales for Marimba Inc., a company he joined as a startup and grew to a successful IPO in five years. In addition, Mr. Skipper has been VP of Sales-US for Intelligent Interactions, a company acquired by 24 by 7, and has held various sales management positions for Oracle Corporation and Dataworks Corporation.
About SignaCert
Founded by industry veteran, Wyatt Starnes in 2004, SignaCert delivers independent IT controls that provide a deeper understanding to enterprise systems and prove applications are deployed as intended. The company’s Enterprise Trust Server product enables business and government to measure, validate, and maintain the state of their technology infrastructure using a device-independent proactive approach that checks the operating system, applications, platforms and other software against a known trusted reference. This continuous independent monitoring increases enterprise availability of critical IT infrastructure and fulfills critical compliance and auditing requirements. SignaCert’s products are available directly from the company. For more information, visit www.signacert.com.###
-
SignaCert Solution Is Now “Ready for IBM Tivoli Software”
- July 16, 2007
Portland, Ore., July 16, 2007 – SignaCert®, Inc., the leading provider of software measurement and integrity verification solutions, today announced that its Enterprise Trust Services solution is now “Ready for IBM Tivoli Software.”
SignaCert Enterprise Trust Services delivers a new fundamental capability to businesses and government - dash;allowing them to measure, verify, and maintain the state of their enterprise infrastructure using a known, trusted reference. With this solution companies can prove their systems are deployed and configured as intended over their lifetime.
As a result of the integrated solution between IBM Tivoli Change and Configuration Management Database (CCMDB) and SignaCert, customers are able to measure to populate the IBM Tivoli CCMDB with software assets and configuration items discovered and verified by SignaCert. The benefits are improved systems availability, manageability and compliance.
“IBM is helping their customers take a proactive approach to reduce incident and problem management costs by validating that our solutions interface with the IBM Tivoli CCMDB,” said Wyatt Starnes, Founder and CEO of SignaCert. “ Traditional approaches to managing IT systems aren’t working, and the industry recognizes the need for our new technology to keep IT systems running strong.”
SignaCert is an independent, platform neutral, out of band measurement tool that can be implemented within a matter of hours, with no impact to the enterprise’s business systems.
About SignaCert
Founded by industry veteran, Wyatt Starnes in 2004, SignaCert delivers software and services that provide true 100%enterprise integrity verification that prove applications are deployed as intended. The company’s Enterprise Trust Services enable business andgovernment to measure, validate, and maintain the state of their technology infrastructure using a new proactive approach that checks the operating system,applications, platforms and other software against a known trusted reference.SignaCert’s products are available directly from the company. For more information, visit www.signacert.com. -
SignaCert Announces Enterprise Trust Service Interoperability With Microsoft Network Access Protection
- February 07, 2007
San Francisco, February 7, 2007 - SignaCert today announced the interoperability of its Enterprise Trust Service with Microsoft Network Access Protection,allowing enterprises to measure and verify the integrity of software on devices across IT systems, ensuring greater reliability, manageability, security, andregulatory compliance. The SignaCert Enterprise Trust Service is the only global subscription-based reference service and appliance that provesenterprise systems and endpoints are deployed and configured as intended over their lifetime.
SignaCert will be demonstrating at RSA, booth #2325, the ability to scan and verify a network endpoint against a trusted reference. More specifically, this verification process can be used to monitor and control the endpoint for things like compliance, and for network access control, which is being demonstrated with Microsoft Network Access Protection.
Network Access Protection is a policy enforcement technology built into the Windows Vista and Windows Server (code-named “Longhorn”) operating systems that allows customers to better protect network assets from unhealthy computers by enforcing compliance with network health policies. Microsoft Network Access Protection technology is publicly available with trial versions of Windows Vista, and available to select partners and customers with Beta 2 of the future version of Windows Server “Longhorn.”
“Traditional approaches to managing and securing IT systems aren’t working for customers, and the industry recognizes that,” said Wyatt Starnes, Founder and CEO of SignaCert. "Having a measurable baseline of verified norms gives organizations a new way to assuretheir systems are healthy. We’re excited to see industry partners like Microsoft helping to reset the way we manage dynamic, connected heterogeneous software environments to make them more available, more secure and more accountable.”
SignaCert’s database of authentic data contains a wide range of signatures for enterprise-focused software. SignaCert continuously and proactively works withIT industry vendors like Microsoft to ensure the broadest software coverage.Participation is open to all OS, application and infrastructure vendors and is gaining support from other technology companies and organizations.
“When it comes to security, reliability, manageability and compliance, the global services and technology companies we work with are paramount to the success of our mutual enterprise customers,” said Mike Schutz, group product manager of Security and Access Products at Microsoft Corp. “Software companies such as SignaCert offer broad expertise in Microsoft technologies to help customers ensure that the Microsoft software they are using is measured and verified, and exists in its desired state.”
SignaCert enables fine-grain endpoint measurement and validation to a trusted reference, serving all modes of trusted network connect including NAP, NAC, TNC, UAC and others. Our Enterprise Trust Services enable business and government to measure, validate, and maintain the state of their enterprise infrastructure using a known, trusted reference. For more information, visit www.signacert.com
If you are attending RSA, please visit SignaCert at the Microsoft Partner Pavilion, located at booth #2325, for additional information.
About SignaCert
SignaCert delivers software and services that provide true 100% enterpriseintegrity verification. Our Enterprise Trust Services enable business andgovernment to measure, validate, and maintain the state of their enterpriseinfrastructure using a known, trusted reference. For more information,visit www.signacert.com -
SignaCert Introduces Enterprise Trust Services
- January 31, 2007
Portland, Oregon, January 31, 2007 –SignaCert today introduced Enterprise Trust Services, the only integrity verification service and appliance that proves enterprise systems and endpoints are deployed and configured as intended over their lifetime. The SignaCert Enterprise Trust Service allows enterprises to measure and verify the integrity of software across information technology (IT) systems, ensuring greater reliability, manageability, security, and compliance.
SignaCert helps enterprises measure, validate, and maintain their technology infrastructure using a new proactive approach that checks the operating system,applications, platforms and other software against a known trusted reference versus the traditional approach that seeks simply to keep out unwanted software. Using this approach, SignaCert delivers true 100% enterprise wide integrity verification by creating a trusted reference that combines the SignaCert Global Trust Repository with an organization’s in-house deployed software and associated configurations.
“The industry is recognizing the need for a new approach to IT security and systems management,” said Wyatt Starnes,founder and CEO of SignaCert. “Using a trusted reference to verify the integrity of their enterprise is a powerful new method."
“System failures are often the result of change, either through corruption,malicious code, or unintended configuration changes," said John Pescatore,VP Gartner Inc. "To secure servers and PCs, enterprises need vulnerability management approaches that assure that only trusted, valid software is running on their systems."
The SignaCert Enterprise Trust Service can solve many IT business challenges such as:
• Gold image verification: Proactively define OS,applications and configurations for your multi-platform systems, and continually validate their state against a trusted reference.
• Endpoint Integrity: Gain greater control and reliability by knowing the current state of your systems.
• Regulatory Compliance: Deliver fine-grained verification of your enterprise and prove it is deployed as intended.
SignaCert’s Global Trust Repository contains a broad range of authentic signatures (short-hand definite software component identifiers) from the industry’s leading Independent Software Vendors (ISVs). SignaCert continuously and proactively works with IT technology vendors to ensure the broadest supply of important common software signatures.
About SignaCert
SignaCert delivers software and services that provide true 100% enterprise integrity verification. Our Enterprise Trust Services enable business and government to measure, validate, and maintain the state of their enterprise infrastructure using a known, trusted reference. For more information,visit www.signacert.com -
Technology Industry Leaders Come Together To Advance New Security And Management Approach
- January 31, 2007
Portland, Oregon, January 31, 2007- SignaCert today announced that industry leaders have come together to deliver a new proactive approach to verify customers’ software and IT systems integrity. SignaCert will enable Intel, Sun Microsystems, Juniper Networks, Applied Identity, Cordys, XenSource, PGP Corporation, Wave Systems Corp, Access Data, Kryptiq and others to advance a new method for addressing customer demand for more secure, reliable and cost-effective computing solutions.
Enterpriseinformation environments have experienced continuous evolution since their introduction as business tools in the second half of the twentieth century. But today’s inter-networked and pervasive computing environment has outpaced the design envelope originally contemplated by early IT designers. As a result, the measurement and instrumentation framework necessary to proactively address security, reliability and manageability were not built into the core design. Each successive stage of evolution has added complexity to a foundation which is insecure and increasingly fragile.
To address these challenges, leading technology ecosystem players are embracing a new approach based on proactive measurement and verification. SignaCertis providing a standards-based, neutral, trusted third-party reference platform that will act as a verification proxy for the software industry. With the ability to verify states of files, systems and software based on a database of authentic data, organizations can proactively assure that software is deployed and configured as intended. System ‘drift’ or anomalous and unwanted files can be detected and corrective policy applied before symptoms develop—reducing downtime, security failures and risk.
SignaCert’s database of authentic data contains a wide range of signatures for enterprise-focused software, such as: the operating system, applications,platforms and other software. SignaCert continuously and proactively works with IT industry vendors to ensure the broadest software coverage.
“The traditional approaches to managing and securing systems aren’t working for customers,” said Wyatt Starnes,Founder and CEO of SignaCert. "Having a measurable baseline of verifiednorms gives organizations a different way to assure systems are in a healthy state. The industry aims to reset the way we manage dynamic, connected heterogeneous software environments to make them more available, more secure and more accountable.”
"All IT environments are mixed environments, and while vendors across platforms do a good job of verifying the integrity of initial installations oftheir own software, they often have little control beyond the initial state,”said Rob Crooke, Vice President, GM, Business Client Group, Intel Corp. “The shift in approach to a proactive validation and neutral stewardship of files will help make our IT investments more valuable, and will lower operating costs."
“System failures are often the result of change, either through corruption,malicious code, or unintended configuration changes," said John Pescatore,VP, Gartner Inc. "To secure servers and PCs, enterprises need vulnerability management approaches that assure that only trusted, valid software is running on their systems."
“With Solaris 10 we have built in a number of technologies such as Solaris Containers, Least Privilege and Labeling to allow our customers to build secure applications and services,” said Tom Goguen, vice president of Solaris marketing, Sun Microsystems. “SignaCert’s approach is a fine complement to our Secure Execution technology, allowing customers to proactively validate heterogeneous environments.”
Participation is open to all OS, application and infrastructure vendors and is gaining support from other technology companies and organizations.
About SignaCert
SignaCert delivers software and services that provide true 100% enterprise integrity verification. Our Enterprise Trust Services enable business and government to measure, validate, and maintain the state of their enterprise infrastructure using a known, trusted reference. For more information,visit www.signacert.com -
SignaCert Names Industry Veteran Amal Chaudhuri as President and Chief Operating Officer
- January 08, 2007
Portland, Oregon, January 08, 2007 -SignaCert today announced that enterprise information technology veteran Amal Chaudhuri has joined SignaCert as President and Chief Operating Officer. Mr. Chaudhuri, former CIO of Citigroup and managing director of global systems and architecture at JP Morgan, has served as an advisor to SignaCert for the past year, and is widely regarded as a corporate IT visionary.
"We are excited to have a leader of Amal's caliber joining the SignaCert team," said Wyatt Starnes,Founder and CEO of SignaCert. "Amal's direct customer perspective, along with his rich technology and market expertise, will solidify our strong management team."
While at Citigroup and JP Morgan, Mr. Chaudhuri was responsible for development and implementation of technology strategy,enterprise application development and infrastructure, and overseeing a large global organization. In addition to executive roles at Citigroup and JPMorgan, Mr. Chaudhuri was a managing director at Bankers Trust and a division manager at Teknekron Software Systems.
Mr. Chaudhuri holds advisory and board roles with a number of startups and their associated venture capital firms. He graduated from Vassar Collegein 1982 with a degree in biophysics and engineering.
About SignaCert
SignaCert is a software company that enables trust-based computing for enterprises. Founded by Wyatt Starnes in 2004, SignaCert is readying a suite of groundbreaking products for delivery to the market. For more information, visit www.signacert.com.
-
SignaCert Joins Microsoft's Network Access Protection (NAP) Program
- November 29, 2006
Portland, Oregon, November 29, 2006 - SignaCert today announced that it has joined the Microsoft Network Access Protection (NAP) program. By supporting Microsoft's Network Access Protection technology, SignaCert demonstrates its continuing commitment to enterprise security and integrity through interoperability with complementary technologies. Together with Microsoft, SignaCert will help organizations of all sizes to fully utilize network access protection within their networks.
Network Access Protection is a policy enforcement technology built into the Windows Vista and Windows Server "Longhorn" operating systems that allows customers to better protect network assets from unhealthy computers by enforcing compliance with network health policies. Microsoft's Network Access Protection technology will be publicly available with Beta 2 of Windows Vista, and available to select partners and customers with Beta 2 of the future version of Windows Server, codenameœ"Longhorn."
SignaCert's trust-based solution gives IT organizations visibility and fine-grained controls into the state of devices within a network and allows them to more precisely determine a client's health at any given moment. This combination allows clients to be evaluated as part of network access within the Network Access Protection framework. The SignaCert solution complements existing security approaches like anti virus and intrusion detection systems, creating a strong foundation to help IT organizations gain control of their end-points. Network Access Protection and SignaCert provide a strong technology value proposition for customers who increasingly seek better visibility and confidence in their IT environment.
"We are pleased to support the Microsoft Network Access Protection program and welcome the opportunity to work together to meet our common goal to give organizations effective technology solutions," said Wyatt Starnes, Chief Executive Officer,SignaCert. "By working with the Microsoft Network Access Protection program, our customers will enjoy the full advantage of knowing they can easily work with industry-standard Network Access Protection products to help them create a more manageable and secure enterprise."
To maintain a secure network, organizations must validate and enforce endpoint health and security policies on every device before allowing them to connect to, or communicate with, their IT infrastructure," said Mike Schutz, senior product manager, Windows Server Division at Microsoft Corp."Microsoft welcomes SignaCert 's support in providing enhanced security for customers."
About SignaCert
SignaCert is a software company that enables trust-based computing for enterprises. Founded by Wyatt Starnes in 2004, SignaCert is readying a suite of groundbreaking products for delivery to the market. For more information, visitwww.signacert.com.
-
SignaCert Helps Create Industry Specification For Platform Measurement And Verification
- November 14, 2006
PORTLAND, Ore. - November 14, 2006 - SignaCert today celebrated the announcement of key standards released by the Trusted Computing Group (TCG), an industry group of more than 140 members creating open industry specifications for computing security. These standards provide a foundation for platform integrity measurement and verification and will ensure the interoperability and adoption of solutions in today's complex, multi-vendor IT environment.
This latest set of specifications are yet another step forward in the continued development of a trusted computing environment whichseeks to deliver platform integrity, measurement and verification for users and IT administrators that ensures accurate and consistent reporting of the state of their platforms. By using these standards organizations will be able to significantly improve the security and information protection on platforms on which they are deployed.
"We recognize the need and importance for a standardized industry approach to data measurement and verification that will provideorganizations with a consistent and accurate means of reporting the state of their platforms," said Wyatt Starnes,Founder, President and CEO of SignaCert.
The new specifications on the organization's website www.trustedcomputinggroup.org,augment the Trusted Platform Module (TPM), a core set of security functions defined by TCG members and widely used in virtually all enterprise PCs and manyservers. These new specifications ensure that the state of the system in which a TPM is used is reported accurately and in a standard fashion. It'™santicipated that services and products incorporating these specifications will begin development for availability in 2007.
The new specifications in this latest release include:
The Integrity Management Architecture provides a common framework for defining, collecting and reporting information about the integrity of the hardware and software components of a trusted platform (one that has the TPM). Integrity information includes values in the TPM within a system, files on the system, in-memory images and others. What is measured is dependent on the use of the measurement. For example, in implementations of TCG's Trusted Network Connect (TNC) for network access control, the client trying to attach to the network might be measured to determine what patches and antivirus software it has loaded, or checked to see if it has changed since the last connection.
The Platform Trust Services (PTS) Interface specification defines a measurement agent to collect, measure, and report the integrity information on the platform, which can be a PC, mobile phone, server or other device. This ability complements the Trusted Network Connect architecture by enabling an integrity check of the platform before it is connected to the network. This can help detect root kits when used in concert with boot integrity checking, and can identify infected or unauthorized clients.
The Integrity Schema specification provides a common XML-based data format to facilitate information exchange within the Integrity Management Architecture and integrates with Platform Trust Services Interface specification. The schema specification covers the format for integrity data to be collected and reported; the format for representing reference measurement of known values; and the format for evaluating the results of platform integrity assessments including reporting of the TPM platform configuration registers (PCRs).
About TCG
TCG is an industry standards body formed to develop, define,and promote open standards for trusted computing and security technologies,including hardware building blocks and software interfaces, across multiple platforms,peripherals, and devices. TCG specifications are designed to enable more secure computing environments without compromising functional integrity with the primary goal of helping users to protect their information assets from compromise due to external software attack and physical theft. Moreinformation and the organization's specifications are available at the Trusted Computing Group'™s website, www.trustedcomputinggroup.org.
About SignaCert
SignaCert is a software company that enables trust-basedcomputing for enterprises. Founded by Wyatt Starnesin 2004, SignaCert is readying a suite of groundbreaking products for deliveryto the market. For more information, visit www.signacert.com
-
SignaCert Names Frank Tycksen as Vice President of Engineering
- July 25, 2006
PORTLAND, Ore. - July 25, 2006 - SignaCert President and CEO Wyatt Starnes announced today that Frank Tycksen has joined SignaCert as the Vice President of Engineering.
Frank has over 21 years of experience in software development, management, and technical leadership with a focus on trust and security systems. Prior to SignaCert, he was the Research Engineering Manager in the Trusted Platforms Lab involved in leading Intel's research efforts in the areas of trust and security.
"We are pleased to have such a highly qualified individual as Frank to lead our Engineering efforts." Said Starnes"His background in trust-management technologies and experience bringing innovative products to market are strong assets for SignaCert."
Before joining Intel, Frank was CTO of Swan Island Networks and the security architect for the associated non-profit organization RAINS(Regional Alliances for Infrastructure and Network Security). At Swan Island Networks, he oversaw the development of information sharing tools targeted for all levels of government to facilitate the flow of sensitive but unclassified materials.
Prior to that Swan Island Networks, Frank was a founder and CTO of Portland Software, which later merged and became Preview Systems, a company in the digital rights management arena. He was involved from Portland Software's pre-financing stage to a public corporation listed on the NASDAQ exchange. Under his technical leadership, Preview's software was licensed by a number of global companies including Adobe, Real Networks, Matsushita, Sony and Symantec.
Frank was instrumental in the success of several other companies including Second Nature Software, a non-profit company dedicated to donating all profits to The Nature Conservancy with $2.5 million donated to date, and Central Point Software. At Central Point, he was one of the creators of the top selling PC Tools software utility package and later became the manager of the data recovery product line. Central Point was later acquired by Symantec.
About SignaCert
SignaCert is a service provider that enables trust-based computing for enterprises everywhere. Started by Wyatt Starnes in 2004, SignaCert plans to offer a suite of groundbreaking products to the enterprise market in 2006. For more information,visit www.signacert.com.
-
Dr. Taher Elgamal Joins SignaCert Board of Advisors
- May 08, 2006
PORTLAND, Ore. - May 8, 2006 - SignaCert, a service provider that enables trust-based computing for enterprises everywhere, announced today that Dr. Taher Elgamal has joined their Board of Advisors.
"SignaCert's technologies and methods promise to bring new levels of trust to Information Technology (IT)." said Dr. Elgamal. "I am excited about joining such an esteemed group and helping guide SignaCert on its path to success."
Dr. Elgamal is aleading expert in computer, network and information security. Recognized as the"inventor of SSL," Dr. Elgamal led the SSL efforts at Netscape, Inc. and his inventions in cryptography have become standards in both industry and government. He currently serves as the Chairman and CEO of Ectasis, Inc and previously served as founder, CEO and Chairman of Securify, Inc. and the Chief Scientist at Netscape.
"We are honored that Dr. Elgamal has joined SignaCert's Board of Advisors" said Wyatt Starnes, SignaCert's CEO. "Dr. Elgamal's work in encryption and cryptography has become the standard for securing network communications and enabling trusted transactions between parties."
"On behalf of SignaCert's Advisory Board, I'm pleased to welcome Dr. Elgamal on board."said Dr. Eugene Spafford, SignaCert's Lead Advisor. "His experience of working with forward-thinking companies to bring value to the entire industry will be an important asset to SignaCert."
Dr. Elgamal joins an advisory board made up of a broad range of industry experts. More information about SignaCert's Board of Advisors can be found on the SignaCert website.
About SignaCert
SignaCert is a service provider that enables trust-basedcomputing for enterprises everywhere. Started by Wyatt Starnes in 2004, SignaCert plans to offer a suite ofgroundbreaking products to the enterprise market in 2006. For more information,visit www.signacert.com.
-
SignaCert Inc. Secures $10 Million in Series A Funding
- December 16, 2005
PORTLAND, Ore. - Dec. 16, 2005 - SignaCert, a service provider that enables trust-based computing for enterprises everywhere,announced today that it has secured $10 million in Series A funding fromDCM-Doll Capital Management, Intel Capital, SmartForest Ventures and GarageTechnology Ventures.
SignaCert CEO Wyatt Starness aid the new capital will be used to accelerate development and delivery of newservices and products.
Starnes, the former CEO and president of Tripwire, launched SignaCert in 2004 and has built a team with deep experience in IT management,compliance and security issues. Most recently, the company hired ThomasHardjono, Ph.D, former Principal Scientist and Security Architect at VeriSignto serve as chief technology officer.
About SignaCert
SignaCert is a service provider that enables trust-based computing for enterprises everywhere. Started by Wyatt Starnes in 2004, SignaCert plans to offer a suite of groundbreaking products to the enterprise market in 2006. For more information,visit www.signacert.com.
About the Investors
For more information on DCM-Doll Capital Management, visit www.dcmvc.com. For information on IntelCapital, please visit www.intel.com/capital.For more information on SmartForest Ventures, please visit www.smartforest.com. For more informationon Garage Technology Ventures, please visit www.garage.com.
-
Tripwire Founder Wyatt Starnes First Oregonian Named To Advisory Committee Of National Institute Of Standards And Technology
- April 29, 2005
PORTLAND, Ore. - April 29, 2005 - W. Wyatt Starnes, founder of the pioneering IT security and systems management company Tripwire, has been named to the Visiting Committee on Advanced Technology (VCAT), the primary private sector advisory group for the National Institute of Standards and Technology (NIST). NIST acting director Hratch Semerjian appointed Starnes to the VCAT for a three-year term.
Founded in 1901, NIST is one of the oldest federally funded research organizations in the United States, and today includes the NIST Laboratories, the Baldrige National Quality Program, the Hollings Manufacturing Extension Partnership, and the Advanced Technology Program for accelerating the development of innovative technologies. A broad range of products, from atomic clocks to mammograms and semiconductors, rely on NIST's standards and technology. NIST is an agency of the Department of Commerce's Technology Administration.
"As a new member of the VCAT, Wyatt Starnes' extensive knowledge and background in information technology and cyber security will be a great asset to NIST's strategic planning process and will help NIST in its efforts to strengthen the nation's innovation infrastructure," remarked Mr. Semerjian.
As an advisory board to NIST, the 15 members of the VCAT meet quarterly to help guide the Institute's activities and programs, serving industry, academia, and other federal agencies and supported by NIST's $858million annual budget.
"Standards are key to the formation of industries and businesses, and important to enabling economic growth in many sectors,"said Mr. Starnes. "I'm deeply honored by my appointment to NIST, and see it as an opportunity to promote Oregon opportunities on a national level, and lay the groundwork for future job growth within the US, and in particular Oregon."
With NIST research influencing key industrial sectors in Oregon from high-tech to healthcare, Starnes appointment will provide Oregonians with an improved ability for input at a national policy level.
"It basically gives us a seat at the table,"Starnes continued. "It's recognition for the forward thinking in Oregon that's impacting technologies such as IT and nanotechnology."
Working in cooperation with, and separate from, Tripwire,Starnes has recently founded his latest company, SignaCert, Inc. SignaCert is continuing the development of service offerings built around the Tripwire FSDB initiative, a system for assuring the integrity of IT systems and components.
-
Media Advisory: SignaCert to present at 3rd Annual Security Automation Conference hosted by NIST
- September 18, 2007
SignaCert, the leader in independent IT controls, will be speaking this Thursday, September 20, 2007 at the 3rd Annual Security Automation Conference, hosted by NIST, DISA, and NSA, taking place Sept. 19-20, 2007 in Gaithersburg, Maryland. Learn more at http://nvd.nist.gov/scap/docs/SCAP_Agenda_2007.pdf.
SignaCert’s talk will focus on FDCC and SCAP compliance using apositive security model and will give a brief overview of the “Positive Model” as it applies to SCAP and FDCC, and what’smissing. While SCAP covers the configuration, security posture, and application settings of a platform, there is still a set of the configurationthat is not controlled or governed by the configuration of the platform. Thatis the platform components themselves, such as binaries, images, libraries, andother data elements that do not reside in a second order control point.
This is where SignaCert comes in. SignaCert’s product is an independent IT control thatmeasures, proves and verifies that the system applications are exactly the same in ongoing production as they were when they were deployed. This ongoing independent monitoring increases system security, improves availability of critical IT infrastructure, and fulfills critical compliance and auditing requirements. Find out how during the talk.
To learn more about SignaCert, to schedule a briefing with our Founder and CEO or to receive a summary of the talk if you can’t make it, please contact Marta George, Communications Manager at 503-853-3672 or mgeorge@signacert.com.
About SignaCert
Founded in 2004 by 30-year security and IT controls industry veteran, Wyatt Starnes, SignaCert launched its first product, the Enterprise Trust Server, in January, 2007. Learn more at http://www.signacert.com/about/. -
Secure Elements and SignaCert Partner to Deliver First Joint Solution To Provide Positive Attestation for SCAP Configuration and Binary/Library Validation for Regulated and Federal IT Customers
- September 20, 2007
Combined offering validates SCAP configurations and related binaries to fulfill Federal Desktop Core Configuration (FDCC) Compliance
HERNDON, VA and PORTLAND, OR - Sep 20, 2007- Secure Elements, the industry leader in standards-based IT audit and compliance management, and SignaCert Inc., the forefront provider of independent IT controls solutions, today announced a joint marketing and product development agreement through which the two firms will deliver the first complementary NIST Security Content Automation Protocol (SCAP) solution that combines positive attestation of SCAP configuration audits and the associated binary/library implementations.
On June 1st, 2007 the Office of Management and Budget (OMB) mandated that providers of information technology shall certify applications are fully functional and operate correctly as intended on systems using the Federal Desktop Core Configuration (FDCC) by Feb 1, 2008. On July 31st, 2007 OMB required that NISTs Security Content Automation Protocol (S-CAP) be utilized by industry and government in support of this initiative. SCAP measures systems against configurations, but falls short of ensuring that the components are authentic, and un-tampered.
"SignaCert is actively involved with SCAP to help not only facilitate rapid adoption, but to help present a Positive Security Model as an extension to the project," said Wyatt Starnes, Founder and CEO, SignaCert. "Together with Secure Elements we will deliver significant and immediate value to customers by enabling file based,positive attestation of FDCC image and general platform elements,definitively proving, against verifiable platform standards, that systems are deployed and configured as intended."
Secure Elements offers the only enterprise solution that works directly with the SCAP content, enabling Federal agencies to meet the OMB Mandate for FDCC compliance. By partnering with SignaCert which can independently verify and validate applications at the binary level the two companies are now uniquely positioned to offer Federal agencies a comprehensive, end-to-end, SCAP solution that enables full compliance with the FDCC.
"Secure Elements is always seeking out complimentary technologies that not only enhance our SCAP offering, but also simplify and improve the IT security compliance process for our Federal customers," said Ned Miller, President and CEO, Secure Elements. "In working closely with Federal agencies and understanding their pain points when it comes to achieving FDCC compliance, it became clear that partnering with SignaCert would create tremendous synergies between our two companies,and, for the first time, will provide customers with a single solution for achieving SCAP compliance with certification at the binary level."
About SignaCert
SignaCert delivers independent IT controls that provide a deeper understanding to enterprise systems and prove applications are deployed as intended. The company's Enterprise Trust Server product enables business and government to measure, validate, and maintain the state of their technology infrastructure using a device-independent proactive approach that checks the operating system, applications, platforms and other software against a known trusted reference. This independent monitoring increases security, availability of critical IT infrastructure and fulfills critical compliance and auditing requirements.
About Secure Elements
Secure Elements develops innovative products that help organizations achieve IT security compliance. We enable organizations to audit, evaluate,and comply with internal, industry, and regulatory policies. Our solutions reduce business risk and IT management costs while improving systems performance and maintaining business continuity. Based in Northern Virginia, Secure Elements serves organizations in the federal government and critical infrastructure markets, as well as the Global 1000. http://www.secure-elements.com###
-
SignaCert Releases Latest Version of Enterprise Trust Server; Receives Patent
- October 01, 2007
New version extends capabilities of first-of-its kind independent verification and measurement solution for business and government enterprises
PORTLAND, OREGON – OCTOBER 1, 2007 – SignaCert® Inc., the leading provider of independent IT controls solutions, today announced a major upgrade to its Enterprise Trust Server, the only technology of its kind to definitively prove that IT systems remain exactly as intended in production. The numerous usability improvements include increased flexibility and enhanced reporting functionality, from console-based dashboards to customizable reports, which verify device integrity down to the binary level. The upgrade enables scenarios such as “exact match” that no other product can achieve.The technology behind the Enterprise Trust Server was recently acknowledged with the issuance of United States patent #7,272,719. The patent applies to SignaCert’s unique method of generating signatures and assembling them into an integrity log for integrity verification and measurement against a known and trusted reference.
“When the company launched last January, SignaCert’s goal was to have the most comprehensive, detailed software verification system on the market – something no one else was – or is – doing. The patent acknowledges that SignaCert has created unique and proprietary technology,” said Frank Tycksen, VP of Engineering for SignaCert. “Working with new technology, it was important that we listen to what customers had to say; the latest enhancements are a result of their input.”
Key features of Enterprise Trust Server 1.5 include:
• One-to-many verification: Compares multiple devices with a single integrity reference to pinpoint deviations.
• Scalable and flexible: SignaCert’s database of authentic signatures validates many scenarios required for understanding IT systems – from identifying what software versions are present on devices, to ensuring that only approved software is installed, to proving that a group of devices match their specified standard build precisely.
• Enhanced reporting: Reports deliver meaningful actionable information. A comprehensive dashboard provides high level view of which systems and devices have deviations and allows drill down to the exact device and the specific deviations. Reports are extensible; ETS allows connectivity to external reporting packages and middleware solutions.
• Fine grain visibility: Find every deviation down to the binary level, but also correlate the deviations individually or in groups to the package level: the product, application, build, or version to which is belongs.
About Enterprise Trust Server
SignaCert Enterprise Trust Server (ETS) <http://www.signacert.com/products/enterprise-trust-server/> is an appliance-based independent IT control solution used to evaluate an enterprise right down to the discrete files that make up each system. While traditional system monitoring tools measure hardware, ETS gives you the same independent controls to measure software by capturing, organizing, and comparing the reality of what's running on IT systems against a proven trusted reference. This helps achieve increased availability, greater control and security, and helps meet regulatory compliance for Sarbanes-Oxley, HIPAA, FISMA, and others by maintaining a historical audit trail of all changes over time. ETS definitively proves that the systems are exactly the same in ongoing production as they were when they were deployed or provides a detailed list of any deviations – with the benefit of no interruption to the current deployment process.About SignaCert
Founded in 2004 by industry veteran, Wyatt Starnes, SignaCert delivers independent IT controls that provide a deeper understanding into enterprise systems and prove applications are deployed as intended. SignaCert’s products are available directly from the company. For more information, visit http://www.signacert.com.###
-
SignaCert Announces New Methods to Manage Enterprise IT Systems
- October 09, 2007
SignaCert measures, validates, and maintains the stateof software technologies from supporting vendors: Fujitsu Limited, IBM, Intel, JuniperNetworks, Sun Microsystems, Symantec, Applied Identity, Authentium, SecureElements, Veracode, and XenSource.
Portland, Oregon, October 9, 2007 – SignaCert®, a leading provider of independent IT controls technology,today announced extended capabilities to provide independent verification ofsoftware from vendors such as, FujitsuLimited (TSE: 6702), IBM(NYSE: IBM), Intel (NASDAQ: INTC), Juniper Networks (NASDAQ: JNPR), Sun Microsystems (NASDAQ: JAVA), Symantec(NASDAQ: SYMC), Applied Identity, Authentium, Secure Elements, Veracode, and XenSource.SignaCert offers enterprise class solutions that address industry demandfor proactive IT controls to achieve more stable and compliant computing.
“We are very pleased by the continued momentum in the market adoption of thisnew approach to systems controls,” said Wyatt Starnes, Founder and CEO ofSignaCert, Inc. “We are witnessing a broad cross section of new applicationsfor these methods among customers and partners.”
Many IT departments assume that software originally deployed into production isthe same that is loaded and executing today. In practice, this is often not thecase and leaves an “IT blind spot.” Before SignaCert, there was no definitive way toprove that customers’ IT environments were deployed and configured as intended.SignaCert’s patented solution, supportedby these companies, provides partners and customers a completely new way to createa trusted reference — a baseline of independently verified, vendor authentic,signatures — for deploying such solutions.
As mentioned in SignaCert’s product upgrade announcement last week, proactive systemsmonitoring using independent IT controls result in improved operational efficiencyand financial benefit through increased availability of IT infrastructure, greatercontrol and security, and increased fulfillment of essential compliance andaudit requirements, including virtual machines.
“A core strategy for Intel vPro processor technology is to deliver a built-inmanageability and proactive security environment on commercial business PCs,”said Robert Crooke, vice president and general manager of Intel’s BusinessClient Group. “SignaCert’s ability to embrace Intel Trusted Execution Technology(TxT) and Virtualization Technology (VT) is a commitment in providing trust.”
Participation in the SignaCert Harvest Program — the mechanism by whichsignatures of partner software are captured, verified, and incorporated intoSignaCert’s Enterprise Trust Server, is open to all OS, application, andinfrastructure vendors.
“Solaris 10 is the most digitally signed Operating System available today,”said Marc Hamilton, Vice President, Solaris marketing, Sun Microsystems. “Theintegration of SignaCert Enterprise Trust Server with our upcoming SecureExecution capability will further address customer needs for robust, safe, andprovably secure systems.”
SignaCert independent IT controls technology is integrated into orcomplementing numerous technology companies and organizations:Applied Identity: SignaCert and Applied Identity are complementary security and audit enablement technologies that give customers a higher level of trust through system integrity verification and identity-driven access management.
Juniper Networks: SignaCert’s IT controls and system integrity capabilities complement Juniper’s Unified Access Control (UAC) solution by providing a unique white list approach (a trusted reference) to endpoint health measurement; this enables improved granularity and flexibility of Juniper’s UAC network access assessment based on system attestation.
Secure Elements: Secure Elements and SignaCert deliver the first complementary solution that provides positive attestation for SCAP configuration and binary/library validation for regulated and federal IT customers.
Symantec: SignaCert is using best-in-class antivirus technology from Symantec to help ensure that only ‘clean code’ submissions are made to the SignaCert Global Trust Repository. In partnership with Symantec, SignaCert performs a highly secure white list data extraction.
XenSource: SignaCert and XenSource are establishing standards and technologies for bringing measurement and controls to virtual environments. “Security in a virtualized environment is a growing concern for CIOs,” said Simon Crosby, CTO, XenSource. “XenSource believes that measurement and trust go hand in hand with a secure virtualized platform. SignaCert’s technology is an important component of the trusted computing base and can help ease customer concerns about the security of virtual infrastructure, accelerating the adoption of virtualization.”
About SignaCert
Founded in 2004 by industryveteran, Wyatt Starnes, SignaCert delivers independent IT controls that providea deeper understanding into enterprise systems and prove applications aredeployed as intended. The company’s Enterprise Trust Server product enablesbusiness and government to measure, verify, and maintain the state of theirtechnology infrastructure using a device-independent proactive approach thatchecks the operating system, applications, platforms, and other softwareagainst a known trusted reference. This independent monitoring increasesavailability of critical IT infrastructure, provides greater control, andfulfills critical compliance and auditing requirements to help organizationsachieve operational excellence. SignaCert’s products are available directlyfrom the company. For more information, visit http://www.signacert.com.###
-
SignaCert Announces Full Support of SCAP and FDCC
- December 05, 2007
SignaCert supports the current SCAP methods and lends its expertise in measurement and verification of FDCC binary images
Portland, OR (PRWEB) December 5, 2007 -- SignaCert Inc., the leading provider of independent IT controls solutions, today announced its active support of the Security Configuration Automation Protocol (SCAP) and Federal Desktop Core Configuration (FDCC) mandates, as directed by the Office of Management and Budget (OMB). Using software measurement methods, SignaCert products can prove that federal systems under the OMB mandate are FDCC compliant to the binary level. SignaCert will provide standard baseline images for both Windows XP and Vista desktops at no additional charge with its Enterprise Trust Server (ETS), both as an appliance-based solution or a hosted service.
As an adjunct requirement under the Federal Information Security Management Act (FISMA), both SCAP and FDCC have been added to the list of FISMA compliance and reporting requirements for all Federal Agencies effective February 1, 2008. OMB, in conjunction standards and technical guidance from the National Institute of Standards (NIST), the Department of Defense (DOD) and the Department of Homeland Security (DHS) created and announced the new requirements in memo form on March22 and June 1, 2007. Through the use of SCAP and FDCC, these and other agencies have worked to supplement FISMA with more standardized methods and prescriptive controls than before.
"With the foundation of a trusted platform, it is possible to definitively prove that the runtime data structure is as intended and authorized," said Amal Chaudhuri, president and COO of SignaCert." SignaCert has the only solution available that can automatically prove that FDCC images remain deployed as intended over their lifetime."
While SCAP is intended to standardize the configuration controls for desktop systems subject to the OMB mandates, SignaCert goes one step further by verifying that the actual deployed binary image meets the prescribed image requirements under FDCC.
Additionally, SignaCert announced its partnership to support SCAP in partnership with Secure Elements on September 20, 2007, and expects to work with other existing and emerging vendors supporting the SCAP standards and methods.
The FDCC standard image validation templates can be specified when ordering the SignaCert Enterprise Trust Server (ETS).
About SignaCert Enterprise Trust Server
SignaCert's Enterprise Trust Server is an appliance-based solution that independently monitors the operating system, applications, platforms and other software companies against a known trusted reference. The benefit is improved visibility to ensure systems are deployed as intended down to a binary level, using a controlled specification, to help government agencies maintain systems and processes that are easier to audit and prove compliance by electronically verifying what the systems contain.
Background of FDCC and SCAP Mandates
On July 31st, 2007, the National Institute of Standards and Technology (NIST) announced the open availability of VHDs (virtual hard disks) of the operating system images, the associated Group Policy Objects (GPOs), and Security Content Automation Protocol (SCAP) XML content for auditing software configurations against the Federal Desktop Core Configuration (FDCC) baseline for XP and Vista. On the same day, OMB announced that agencies must use tools that are verified as SCAP compliant when monitoring use of these configurations. Compliance by agencies is mandated by February 1, 2008.
About SignaCert
Founded in 2004 by industry veteran, Wyatt Starnes, SignaCert delivers independent IT controls that provide a deeper understanding into enterprise systems and prove applications are deployed as intended. The company's Enterprise Trust Server product enables business and government to measure, verify, and maintain the state of their technology infrastructure using a device-independent proactive approach that checks the operating system, applications, platforms, and other software against a known trusted reference. This independent monitoring increases availability of critical IT infrastructure, provides greater control, and fulfills critical compliance and auditing requirements to help organizations achieve operational excellence. SignaCert's products are available directly from the company. For more information, visit http://www.signacert.com/solutions/solutions-by-industry/government/.