Portland, Ore., July 16, 2007 – SignaCert®, Inc., the leading provider of software measurement and integrity verification solutions, today announced that its Enterprise Trust Services solution is now “Ready for IBM Tivoli Software.”
SignaCert Enterprise Trust Services delivers a new fundamental capability to businesses and government - dash;allowing them to measure, verify, and maintain the state of their enterprise infrastructure using a known, trusted reference. With this solution companies can prove their systems are deployed and configured as intended over their lifetime.
As a result of the integrated solution between IBM Tivoli Change and Configuration Management Database (CCMDB) and SignaCert, customers are able to measure to populate the IBM Tivoli CCMDB with software assets and configuration items discovered and verified by SignaCert. The benefits are improved systems availability, manageability and compliance.
“IBM is helping their customers take a proactive approach to reduce incident and problem management costs by validating that our solutions interface with the IBM Tivoli CCMDB,” said Wyatt Starnes, Founder and CEO of SignaCert. “ Traditional approaches to managing IT systems aren’t working, and the industry recognizes the need for our new technology to keep IT systems running strong.”
SignaCert is an independent, platform neutral, out of band measurement tool that can be implemented within a matter of hours, with no impact to the enterprise’s business systems.
About SignaCert
Founded by industry veteran, Wyatt Starnes in 2004, SignaCert delivers software and services that provide true 100%enterprise integrity verification that prove applications are deployed as intended. The company’s Enterprise Trust Services enable business andgovernment to measure, validate, and maintain the state of their technology infrastructure using a new proactive approach that checks the operating system,applications, platforms and other software against a known trusted reference.SignaCert’s products are available directly from the company. For more information, visit www.signacert.com.
San Francisco, February 7, 2007 - SignaCert today announced the interoperability of its Enterprise Trust Service with Microsoft Network Access Protection,allowing enterprises to measure and verify the integrity of software on devices across IT systems, ensuring greater reliability, manageability, security, andregulatory compliance. The SignaCert Enterprise Trust Service is the only global subscription-based reference service and appliance that provesenterprise systems and endpoints are deployed and configured as intended over their lifetime.
SignaCert will be demonstrating at RSA, booth #2325, the ability to scan and verify a network endpoint against a trusted reference. More specifically, this verification process can be used to monitor and control the endpoint for things like compliance, and for network access control, which is being demonstrated with Microsoft Network Access Protection.
Network Access Protection is a policy enforcement technology built into the Windows Vista and Windows Server (code-named “Longhorn”) operating systems that allows customers to better protect network assets from unhealthy computers by enforcing compliance with network health policies. Microsoft Network Access Protection technology is publicly available with trial versions of Windows Vista, and available to select partners and customers with Beta 2 of the future version of Windows Server “Longhorn.”
“Traditional approaches to managing and securing IT systems aren’t working for customers, and the industry recognizes that,” said Wyatt Starnes, Founder and CEO of SignaCert. "Having a measurable baseline of verified norms gives organizations a new way to assuretheir systems are healthy. We’re excited to see industry partners like Microsoft helping to reset the way we manage dynamic, connected heterogeneous software environments to make them more available, more secure and more accountable.”
SignaCert’s database of authentic data contains a wide range of signatures for enterprise-focused software. SignaCert continuously and proactively works withIT industry vendors like Microsoft to ensure the broadest software coverage.Participation is open to all OS, application and infrastructure vendors and is gaining support from other technology companies and organizations.
“When it comes to security, reliability, manageability and compliance, the global services and technology companies we work with are paramount to the success of our mutual enterprise customers,” said Mike Schutz, group product manager of Security and Access Products at Microsoft Corp. “Software companies such as SignaCert offer broad expertise in Microsoft technologies to help customers ensure that the Microsoft software they are using is measured and verified, and exists in its desired state.”
SignaCert enables fine-grain endpoint measurement and validation to a trusted reference, serving all modes of trusted network connect including NAP, NAC, TNC, UAC and others. Our Enterprise Trust Services enable business and government to measure, validate, and maintain the state of their enterprise infrastructure using a known, trusted reference. For more information, visit www.signacert.com
If you are attending RSA, please visit SignaCert at the Microsoft Partner Pavilion, located at booth #2325, for additional information.
About SignaCert
SignaCert delivers software and services that provide true 100% enterpriseintegrity verification. Our Enterprise Trust Services enable business andgovernment to measure, validate, and maintain the state of their enterpriseinfrastructure using a known, trusted reference. For more information,visit www.signacert.com
Portland, Oregon, January 31, 2007 –SignaCert today introduced Enterprise Trust Services, the only integrity verification service and appliance that proves enterprise systems and endpoints are deployed and configured as intended over their lifetime. The SignaCert Enterprise Trust Service allows enterprises to measure and verify the integrity of software across information technology (IT) systems, ensuring greater reliability, manageability, security, and compliance.
SignaCert helps enterprises measure, validate, and maintain their technology infrastructure using a new proactive approach that checks the operating system,applications, platforms and other software against a known trusted reference versus the traditional approach that seeks simply to keep out unwanted software. Using this approach, SignaCert delivers true 100% enterprise wide integrity verification by creating a trusted reference that combines the SignaCert Global Trust Repository with an organization’s in-house deployed software and associated configurations.
“The industry is recognizing the need for a new approach to IT security and systems management,” said Wyatt Starnes,founder and CEO of SignaCert. “Using a trusted reference to verify the integrity of their enterprise is a powerful new method."
“System failures are often the result of change, either through corruption,malicious code, or unintended configuration changes," said John Pescatore,VP Gartner Inc. "To secure servers and PCs, enterprises need vulnerability management approaches that assure that only trusted, valid software is running on their systems."
The SignaCert Enterprise Trust Service can solve many IT business challenges such as:
• Gold image verification: Proactively define OS,applications and configurations for your multi-platform systems, and continually validate their state against a trusted reference.
• Endpoint Integrity: Gain greater control and reliability by knowing the current state of your systems.
• Regulatory Compliance: Deliver fine-grained verification of your enterprise and prove it is deployed as intended.
SignaCert’s Global Trust Repository contains a broad range of authentic signatures (short-hand definite software component identifiers) from the industry’s leading Independent Software Vendors (ISVs). SignaCert continuously and proactively works with IT technology vendors to ensure the broadest supply of important common software signatures.
About SignaCert
SignaCert delivers software and services that provide true 100% enterprise integrity verification. Our Enterprise Trust Services enable business and government to measure, validate, and maintain the state of their enterprise infrastructure using a known, trusted reference. For more information,visit www.signacert.com
Portland, Oregon, January 31, 2007- SignaCert today announced that industry leaders have come together to deliver a new proactive approach to verify customers’ software and IT systems integrity. SignaCert will enable Intel, Sun Microsystems, Juniper Networks, Applied Identity, Cordys, XenSource, PGP Corporation, Wave Systems Corp, Access Data, Kryptiq and others to advance a new method for addressing customer demand for more secure, reliable and cost-effective computing solutions.
Enterpriseinformation environments have experienced continuous evolution since their introduction as business tools in the second half of the twentieth century. But today’s inter-networked and pervasive computing environment has outpaced the design envelope originally contemplated by early IT designers. As a result, the measurement and instrumentation framework necessary to proactively address security, reliability and manageability were not built into the core design. Each successive stage of evolution has added complexity to a foundation which is insecure and increasingly fragile.
To address these challenges, leading technology ecosystem players are embracing a new approach based on proactive measurement and verification. SignaCertis providing a standards-based, neutral, trusted third-party reference platform that will act as a verification proxy for the software industry. With the ability to verify states of files, systems and software based on a database of authentic data, organizations can proactively assure that software is deployed and configured as intended. System ‘drift’ or anomalous and unwanted files can be detected and corrective policy applied before symptoms develop—reducing downtime, security failures and risk.
SignaCert’s database of authentic data contains a wide range of signatures for enterprise-focused software, such as: the operating system, applications,platforms and other software. SignaCert continuously and proactively works with IT industry vendors to ensure the broadest software coverage.
“The traditional approaches to managing and securing systems aren’t working for customers,” said Wyatt Starnes,Founder and CEO of SignaCert. "Having a measurable baseline of verifiednorms gives organizations a different way to assure systems are in a healthy state. The industry aims to reset the way we manage dynamic, connected heterogeneous software environments to make them more available, more secure and more accountable.”
"All IT environments are mixed environments, and while vendors across platforms do a good job of verifying the integrity of initial installations oftheir own software, they often have little control beyond the initial state,”said Rob Crooke, Vice President, GM, Business Client Group, Intel Corp. “The shift in approach to a proactive validation and neutral stewardship of files will help make our IT investments more valuable, and will lower operating costs."
“System failures are often the result of change, either through corruption,malicious code, or unintended configuration changes," said John Pescatore,VP, Gartner Inc. "To secure servers and PCs, enterprises need vulnerability management approaches that assure that only trusted, valid software is running on their systems."
“With Solaris 10 we have built in a number of technologies such as Solaris Containers, Least Privilege and Labeling to allow our customers to build secure applications and services,” said Tom Goguen, vice president of Solaris marketing, Sun Microsystems. “SignaCert’s approach is a fine complement to our Secure Execution technology, allowing customers to proactively validate heterogeneous environments.”
Participation is open to all OS, application and infrastructure vendors and is gaining support from other technology companies and organizations.
About SignaCert
SignaCert delivers software and services that provide true 100% enterprise integrity verification. Our Enterprise Trust Services enable business and government to measure, validate, and maintain the state of their enterprise infrastructure using a known, trusted reference. For more information,visit www.signacert.com
Portland, Oregon, January 08, 2007 -SignaCert today announced that enterprise information technology veteran Amal Chaudhuri has joined SignaCert as President and Chief Operating Officer. Mr. Chaudhuri, former CIO of Citigroup and managing director of global systems and architecture at JP Morgan, has served as an advisor to SignaCert for the past year, and is widely regarded as a corporate IT visionary.
"We are excited to have a leader of Amal's caliber joining the SignaCert team," said Wyatt Starnes,Founder and CEO of SignaCert. "Amal's direct customer perspective, along with his rich technology and market expertise, will solidify our strong management team."
While at Citigroup and JP Morgan, Mr. Chaudhuri was responsible for development and implementation of technology strategy,enterprise application development and infrastructure, and overseeing a large global organization. In addition to executive roles at Citigroup and JPMorgan, Mr. Chaudhuri was a managing director at Bankers Trust and a division manager at Teknekron Software Systems.
Mr. Chaudhuri holds advisory and board roles with a number of startups and their associated venture capital firms. He graduated from Vassar Collegein 1982 with a degree in biophysics and engineering.
About SignaCert
SignaCert is a software company that enables trust-based computing for enterprises. Founded by Wyatt Starnes in 2004, SignaCert is readying a suite of groundbreaking products for delivery to the market. For more information, visit www.signacert.com.
Portland, Oregon, November 29, 2006 - SignaCert today announced that it has joined the Microsoft Network Access Protection (NAP) program. By supporting Microsoft's Network Access Protection technology, SignaCert demonstrates its continuing commitment to enterprise security and integrity through interoperability with complementary technologies. Together with Microsoft, SignaCert will help organizations of all sizes to fully utilize network access protection within their networks.
Network Access Protection is a policy enforcement technology built into the Windows Vista and Windows Server "Longhorn" operating systems that allows customers to better protect network assets from unhealthy computers by enforcing compliance with network health policies. Microsoft's Network Access Protection technology will be publicly available with Beta 2 of Windows Vista, and available to select partners and customers with Beta 2 of the future version of Windows Server, codenameœ"Longhorn."
SignaCert's trust-based solution gives IT organizations visibility and fine-grained controls into the state of devices within a network and allows them to more precisely determine a client's health at any given moment. This combination allows clients to be evaluated as part of network access within the Network Access Protection framework. The SignaCert solution complements existing security approaches like anti virus and intrusion detection systems, creating a strong foundation to help IT organizations gain control of their end-points. Network Access Protection and SignaCert provide a strong technology value proposition for customers who increasingly seek better visibility and confidence in their IT environment.
"We are pleased to support the Microsoft Network Access Protection program and welcome the opportunity to work together to meet our common goal to give organizations effective technology solutions," said Wyatt Starnes, Chief Executive Officer,SignaCert. "By working with the Microsoft Network Access Protection program, our customers will enjoy the full advantage of knowing they can easily work with industry-standard Network Access Protection products to help them create a more manageable and secure enterprise."
To maintain a secure network, organizations must validate and enforce endpoint health and security policies on every device before allowing them to connect to, or communicate with, their IT infrastructure," said Mike Schutz, senior product manager, Windows Server Division at Microsoft Corp."Microsoft welcomes SignaCert 's support in providing enhanced security for customers."
About SignaCert
SignaCert is a software company that enables trust-based computing for enterprises. Founded by Wyatt Starnes in 2004, SignaCert is readying a suite of groundbreaking products for delivery to the market. For more information, visitwww.signacert.com.
PORTLAND, Ore. - November 14, 2006 - SignaCert today celebrated the announcement of key standards released by the Trusted Computing Group (TCG), an industry group of more than 140 members creating open industry specifications for computing security. These standards provide a foundation for platform integrity measurement and verification and will ensure the interoperability and adoption of solutions in today's complex, multi-vendor IT environment.
This latest set of specifications are yet another step forward in the continued development of a trusted computing environment whichseeks to deliver platform integrity, measurement and verification for users and IT administrators that ensures accurate and consistent reporting of the state of their platforms. By using these standards organizations will be able to significantly improve the security and information protection on platforms on which they are deployed.
"We recognize the need and importance for a standardized industry approach to data measurement and verification that will provideorganizations with a consistent and accurate means of reporting the state of their platforms," said Wyatt Starnes,Founder, President and CEO of SignaCert.
The new specifications on the organization's website www.trustedcomputinggroup.org,augment the Trusted Platform Module (TPM), a core set of security functions defined by TCG members and widely used in virtually all enterprise PCs and manyservers. These new specifications ensure that the state of the system in which a TPM is used is reported accurately and in a standard fashion. It'™santicipated that services and products incorporating these specifications will begin development for availability in 2007.
The new specifications in this latest release include:
The Integrity Management Architecture provides a common framework for defining, collecting and reporting information about the integrity of the hardware and software components of a trusted platform (one that has the TPM). Integrity information includes values in the TPM within a system, files on the system, in-memory images and others. What is measured is dependent on the use of the measurement. For example, in implementations of TCG's Trusted Network Connect (TNC) for network access control, the client trying to attach to the network might be measured to determine what patches and antivirus software it has loaded, or checked to see if it has changed since the last connection.
The Platform Trust Services (PTS) Interface specification defines a measurement agent to collect, measure, and report the integrity information on the platform, which can be a PC, mobile phone, server or other device. This ability complements the Trusted Network Connect architecture by enabling an integrity check of the platform before it is connected to the network. This can help detect root kits when used in concert with boot integrity checking, and can identify infected or unauthorized clients.
The Integrity Schema specification provides a common XML-based data format to facilitate information exchange within the Integrity Management Architecture and integrates with Platform Trust Services Interface specification. The schema specification covers the format for integrity data to be collected and reported; the format for representing reference measurement of known values; and the format for evaluating the results of platform integrity assessments including reporting of the TPM platform configuration registers (PCRs).
About TCG
TCG is an industry standards body formed to develop, define,and promote open standards for trusted computing and security technologies,including hardware building blocks and software interfaces, across multiple platforms,peripherals, and devices. TCG specifications are designed to enable more secure computing environments without compromising functional integrity with the primary goal of helping users to protect their information assets from compromise due to external software attack and physical theft. Moreinformation and the organization's specifications are available at the Trusted Computing Group'™s website, www.trustedcomputinggroup.org.
About SignaCert
SignaCert is a software company that enables trust-basedcomputing for enterprises. Founded by Wyatt Starnesin 2004, SignaCert is readying a suite of groundbreaking products for deliveryto the market. For more information, visit www.signacert.com
PORTLAND, Ore. - July 25, 2006 - SignaCert President and CEO Wyatt Starnes announced today that Frank Tycksen has joined SignaCert as the Vice President of Engineering.
Frank has over 21 years of experience in software development, management, and technical leadership with a focus on trust and security systems. Prior to SignaCert, he was the Research Engineering Manager in the Trusted Platforms Lab involved in leading Intel's research efforts in the areas of trust and security.
"We are pleased to have such a highly qualified individual as Frank to lead our Engineering efforts." Said Starnes"His background in trust-management technologies and experience bringing innovative products to market are strong assets for SignaCert."
Before joining Intel, Frank was CTO of Swan Island Networks and the security architect for the associated non-profit organization RAINS(Regional Alliances for Infrastructure and Network Security). At Swan Island Networks, he oversaw the development of information sharing tools targeted for all levels of government to facilitate the flow of sensitive but unclassified materials.
Prior to that Swan Island Networks, Frank was a founder and CTO of Portland Software, which later merged and became Preview Systems, a company in the digital rights management arena. He was involved from Portland Software's pre-financing stage to a public corporation listed on the NASDAQ exchange. Under his technical leadership, Preview's software was licensed by a number of global companies including Adobe, Real Networks, Matsushita, Sony and Symantec.
Frank was instrumental in the success of several other companies including Second Nature Software, a non-profit company dedicated to donating all profits to The Nature Conservancy with $2.5 million donated to date, and Central Point Software. At Central Point, he was one of the creators of the top selling PC Tools software utility package and later became the manager of the data recovery product line. Central Point was later acquired by Symantec.
About SignaCert
SignaCert is a service provider that enables trust-based computing for enterprises everywhere. Started by Wyatt Starnes in 2004, SignaCert plans to offer a suite of groundbreaking products to the enterprise market in 2006. For more information,visit www.signacert.com.
PORTLAND, Ore. - May 8, 2006 - SignaCert, a service provider that enables trust-based computing for enterprises everywhere, announced today that Dr. Taher Elgamal has joined their Board of Advisors.
"SignaCert's technologies and methods promise to bring new levels of trust to Information Technology (IT)." said Dr. Elgamal. "I am excited about joining such an esteemed group and helping guide SignaCert on its path to success."
Dr. Elgamal is aleading expert in computer, network and information security. Recognized as the"inventor of SSL," Dr. Elgamal led the SSL efforts at Netscape, Inc. and his inventions in cryptography have become standards in both industry and government. He currently serves as the Chairman and CEO of Ectasis, Inc and previously served as founder, CEO and Chairman of Securify, Inc. and the Chief Scientist at Netscape.
"We are honored that Dr. Elgamal has joined SignaCert's Board of Advisors" said Wyatt Starnes, SignaCert's CEO. "Dr. Elgamal's work in encryption and cryptography has become the standard for securing network communications and enabling trusted transactions between parties."
"On behalf of SignaCert's Advisory Board, I'm pleased to welcome Dr. Elgamal on board."said Dr. Eugene Spafford, SignaCert's Lead Advisor. "His experience of working with forward-thinking companies to bring value to the entire industry will be an important asset to SignaCert."
Dr. Elgamal joins an advisory board made up of a broad range of industry experts. More information about SignaCert's Board of Advisors can be found on the SignaCert website.
About SignaCert
SignaCert is a service provider that enables trust-basedcomputing for enterprises everywhere. Started by Wyatt Starnes in 2004, SignaCert plans to offer a suite ofgroundbreaking products to the enterprise market in 2006. For more information,visit www.signacert.com.
PORTLAND, Ore. - Dec. 16, 2005 - SignaCert, a service provider that enables trust-based computing for enterprises everywhere,announced today that it has secured $10 million in Series A funding fromDCM-Doll Capital Management, Intel Capital, SmartForest Ventures and GarageTechnology Ventures.
SignaCert CEO Wyatt Starness aid the new capital will be used to accelerate development and delivery of newservices and products.
Starnes, the former CEO and president of Tripwire, launched SignaCert in 2004 and has built a team with deep experience in IT management,compliance and security issues. Most recently, the company hired ThomasHardjono, Ph.D, former Principal Scientist and Security Architect at VeriSignto serve as chief technology officer.
About SignaCert
SignaCert is a service provider that enables trust-based computing for enterprises everywhere. Started by Wyatt Starnes in 2004, SignaCert plans to offer a suite of groundbreaking products to the enterprise market in 2006. For more information,visit www.signacert.com.
About the Investors
For more information on DCM-Doll Capital Management, visit www.dcmvc.com. For information on IntelCapital, please visit www.intel.com/capital.For more information on SmartForest Ventures, please visit www.smartforest.com. For more informationon Garage Technology Ventures, please visit www.garage.com.
PORTLAND, Ore. - April 29, 2005 - W. Wyatt Starnes, founder of the pioneering IT security and systems management company Tripwire, has been named to the Visiting Committee on Advanced Technology (VCAT), the primary private sector advisory group for the National Institute of Standards and Technology (NIST). NIST acting director Hratch Semerjian appointed Starnes to the VCAT for a three-year term.
Founded in 1901, NIST is one of the oldest federally funded research organizations in the United States, and today includes the NIST Laboratories, the Baldrige National Quality Program, the Hollings Manufacturing Extension Partnership, and the Advanced Technology Program for accelerating the development of innovative technologies. A broad range of products, from atomic clocks to mammograms and semiconductors, rely on NIST's standards and technology. NIST is an agency of the Department of Commerce's Technology Administration.
"As a new member of the VCAT, Wyatt Starnes' extensive knowledge and background in information technology and cyber security will be a great asset to NIST's strategic planning process and will help NIST in its efforts to strengthen the nation's innovation infrastructure," remarked Mr. Semerjian.
As an advisory board to NIST, the 15 members of the VCAT meet quarterly to help guide the Institute's activities and programs, serving industry, academia, and other federal agencies and supported by NIST's $858million annual budget.
"Standards are key to the formation of industries and businesses, and important to enabling economic growth in many sectors,"said Mr. Starnes. "I'm deeply honored by my appointment to NIST, and see it as an opportunity to promote Oregon opportunities on a national level, and lay the groundwork for future job growth within the US, and in particular Oregon."
With NIST research influencing key industrial sectors in Oregon from high-tech to healthcare, Starnes appointment will provide Oregonians with an improved ability for input at a national policy level.
"It basically gives us a seat at the table,"Starnes continued. "It's recognition for the forward thinking in Oregon that's impacting technologies such as IT and nanotechnology."
Working in cooperation with, and separate from, Tripwire,Starnes has recently founded his latest company, SignaCert, Inc. SignaCert is continuing the development of service offerings built around the Tripwire FSDB initiative, a system for assuring the integrity of IT systems and components.