SignaCert Releases Version 2.5 of Enterprise Trust Server
Oct 21, 2008

Portland, OR—Oct. 21, 2008. Continuing its leadership position in the rapidly emerging comprehensive whitelisting solutions space, SignaCert, Inc. today released version 2.5 of the Enterprise Trust Server (ETS). With powerful user customizable reporting, version 2.5 enables organizations to quickly create powerful reports and flexible dashboards.

These reporting features provide immediate feedback on current IT system health, allowing users to view IT system state holistically by utilizing precision whitelist-based image references. Historical deviation trends related to IT change control process efficacy and device compliance can be readily determined with these methods.

"IT professionals are realizing that IT systems cannot remain in a healthy state based on blacklisting solutions alone," said Wyatt Starnes, SignaCert founder and CEO. "I am proud that our products have led the industry as whitelisting methods have emerged. In addition to providing better IT visibility and control, the new reporting features make it easier to quickly understand the current state of your systems and track them over their lifetime."

The core reporting features released with version Enterprise Trust Server 2.5 include:

• A large library of pre-defined reports, including the current health of your IT infra-structure, historical and trending analysis for audit and change process compliance, and software device inventories.
• Easily customized reports allowing you to focus on the information that is most relevant to you (e.g. by the devices comprising a service by business unit and by server type).
• User controlled drill-down to allow quick navigation from summary level dashboards to reports containing detailed information about the state of the devices in your environment.
• User defined dashboards combine multiple reports into concise at-a-glance current and historical views of your enterprise.
• Reports and dashboards can be emailed on a periodic basis in a variety of formats (PDF, HTML, XML, etc.).
• Actionable reports allowing operations to be immediately performed on managed objects (devices, policies, deviations, etc.) related to the results.

In addition to the expanded reporting functionality, SignaCert continues to add customer-driven requirements for enhanced management and scaling including:

• Enhanced monitoring capabilities providing increased visibility into changes occurring on Windows, Solaris, and Linux systems
• Automatic identification and categorization of installed applications on monitored systems
• Increased scalability due to verification processing enhancements

About SignaCert

Founded in 2004 by 30-year security and IT industry veteran, Wyatt Starnes, SignaCert launched its first product, the Enterprise Trust Server, in January 2007. Prior to that, Starnes co-founded Tripwire, the leader in enterprise-level configuration control software.

With nearly a decade of industry experience behind it, SignaCert has emerged as the leader in comprehensive whitelist technologies, developing patented whitelist-based methods to monitor and validate the full state of your entire IT infrastructure.

SignaCert Releases 2.0 Version of Enterprise Trust Server
Jun 24, 2008

New version extends capabilities of first-of-its kind independent verification and measurement solution for Enterprise IT management

PORTLAND, OREGON – SignaCert® Inc., the leading provider of independent IT control and fine-grained measurement solutions, today announced the release of its Enterprise Trust Server version 2.0.  Enterprise Trust Server uniquely delivers improved control by providing deep inspection and fine-grained measurement, revealing how IT systems are deployed and whether or not they match their intended configuration. Release 2.0 includes major new capabilities that enable verification of an extensive library of system characteristics including database schema, registry settings, specific configuration attributes and many more. With the addition of these features, Enterprise Trust Server provides the most complete and comprehensive independent control tool for IT management.

“Looking at what we’ve built in the past 18 months, I think we have fulfilled our goal of providing the most comprehensive, software verification solution on the market,” said Wyatt Starnes, Founder and CEO of SignaCert. “What’s really exciting though, is how quickly customers are adopting these methods for their critical IT systems.”
Enterprise Trust Server has been designed to work in today’s complex and large scale IT environments and regardless of the IT process—provisioning, deployment, remediation, or manual updates—it reveals how systems compare with their desired state. Example problems Enterprise Trust Server helps addresses include:

• Reduce the cost of creating and managing systems to a compliance standard—Prove that your servers are under control and match your specified build.
• Manage to a common image integrity view—Establish and manage a one-to-many reference assembled from known provenance software measurements, creating effective low noise insight into the production environment.
• Server synchronization—Ensures that key systems and server farms stay aligned to a common reference.
• Disaster recovery—Prove that disaster recovery systems match current the production environment including user specific application details.
• Patch deployment—Prove that patches are deployed correctly to all targeted devices as well as solving for the age old problem of multiple allowable levels in your enterprise environment.
• Virtualization—Ensures that you are operating the correct virtualized environments and that they are configured exactly as you specified over their lifetime.

IT system verification is an emerging method that will revolutionize IT management.  By providing deep and unbiased information about how IT systems are configured, Enterprise Trust Server helps manage risk across the IT environment. “The 2.0 release is pivotal. We’ve been gathering input for nearly 15 months to make sure we deliver the most powerful set of verification capabilities needed by our customers.” said Chris Smith, Sr. Software Architect. The 2.0 architecture is designed to allow monitoring and verification of virtually any IT system information with the intrinsic capability to scale to large and complex heterogeneous IT environments.

While traditional system monitoring tools measure hardware, Enterprise Trust Server gives you the same independent controls to verify software across your IT environment helping achieve increased availability, greater control and security.

###

SignaCert Announces Full Support of SCAP and FDCC
Dec 5, 2007

SignaCert supports the current SCAP methods and lends its expertise in measurement and verification of FDCC binary images
Portland, OR (PRWEB) December 5, 2007 -- SignaCert Inc., the leading provider of independent IT controls solutions, today announced its active support of the Security Configuration Automation Protocol (SCAP) and Federal Desktop Core Configuration (FDCC) mandates, as directed by the Office of Management and Budget (OMB). Using software measurement methods, SignaCert products can prove that federal systems under the OMB mandate are FDCC compliant to the binary level. SignaCert will provide standard baseline images for both Windows XP and Vista desktops at no additional charge with its Enterprise Trust Server (ETS), both as an appliance-based solution or a hosted service.

As an adjunct requirement under the Federal Information Security Management Act (FISMA), both SCAP and FDCC have been added to the list of FISMA compliance and reporting requirements for all Federal Agencies effective February 1, 2008. OMB, in conjunction standards and technical guidance from the National Institute of Standards (NIST), the Department of Defense (DOD) and the Department of Homeland Security (DHS) created and announced the new requirements in memo form on March22 and June 1, 2007. Through the use of SCAP and FDCC, these and other agencies have worked to supplement FISMA with more standardized methods and prescriptive controls than before.

"With the foundation of a trusted platform, it is possible to definitively prove that the runtime data structure is as intended and authorized," said Wyatt Starnes, CEO of SignaCert." SignaCert has the only solution available that can automatically prove that FDCC images remain deployed as intended over their lifetime."

While SCAP is intended to standardize the configuration controls for desktop systems subject to the OMB mandates, SignaCert goes one step further by verifying that the actual deployed binary image meets the prescribed image requirements under FDCC.

Additionally, SignaCert announced its partnership to support SCAP in partnership with Secure Elements on September 20, 2007, and expects to work with other existing and emerging vendors supporting the SCAP standards and methods.

The FDCC standard image validation templates can be specified when ordering the SignaCert Enterprise Trust Server (ETS).

SignaCert Announces New Methods to Manage Enterprise IT Systems
Oct 9, 2007

SignaCert measures, validates, and maintains the stateof software technologies from supporting vendors: Fujitsu Limited, IBM, Intel, JuniperNetworks, Sun Microsystems, Symantec, Applied Identity, Authentium, SecureElements, Veracode, and XenSource.

Portland, Oregon – SignaCert® Inc., a leading provider of independent IT controls technology,today announced extended capabilities to provide independent verification ofsoftware from vendors such as, FujitsuLimited (TSE: 6702), IBM(NYSE: IBM), Intel (NASDAQ: INTC), Juniper Networks (NASDAQ: JNPR), Sun Microsystems (NASDAQ: JAVA), Symantec(NASDAQ: SYMC), Applied Identity, Authentium, Secure Elements, Veracode, and XenSource.SignaCert offers enterprise class solutions that address industry demandfor proactive IT controls to achieve more stable and compliant computing.

“We are very pleased by the continued momentum in the market adoption of thisnew approach to systems controls,” said Wyatt Starnes, Founder and CEO ofSignaCert, Inc. “We are witnessing a broad cross section of new applicationsfor these methods among customers and partners.”

Many IT departments assume that software originally deployed into production isthe same that is loaded and executing today. In practice, this is often not thecase and leaves an “IT blind spot.” Before SignaCert, there was no definitive way toprove that customers’ IT environments were deployed and configured as intended.SignaCert’s patented solution, supportedby these companies, provides partners and customers a completely new way to createa trusted reference — a baseline of independently verified, vendor authentic,signatures — for deploying such solutions.

As mentioned in SignaCert’s product upgrade announcement last week, proactive systemsmonitoring using independent IT controls result in improved operational efficiencyand financial benefit through increased availability of IT infrastructure, greatercontrol and security, and increased fulfillment of essential compliance andaudit requirements, including virtual machines.

“A core strategy for Intel vPro processor technology is to deliver a built-in manageability and proactive security environment on commercial business PCs,”said Robert Crooke, vice president and general manager of Intel’s BusinessClient Group. “SignaCert’s ability to embrace Intel Trusted Execution Technology(TxT) and Virtualization Technology (VT) is a commitment in providing trust.”

Participation in the SignaCert Harvest Program — the mechanism by whichsignatures of partner software are captured, verified, and incorporated intoSignaCert’s Enterprise Trust Server, is open to all OS, application, andinfrastructure vendors.

“Solaris 10 is the most digitally signed Operating System available today,”said Marc Hamilton, Vice President, Solaris marketing, Sun Microsystems. “Theintegration of SignaCert Enterprise Trust Server with our upcoming SecureExecution capability will further address customer needs for robust, safe, andprovably secure systems.”

SignaCert independent IT controls technology is integrated into orcomplementing numerous technology companies and organizations:

Applied Identity: SignaCert and Applied Identity are complementary security and audit enablement technologies that give customers a higher level of trust through system integrity verification and identity-driven access management.

Juniper Networks: SignaCert’s IT controls and system integrity capabilities complement Juniper’s Unified Access Control (UAC) solution by providing a unique white list approach (a trusted reference) to endpoint health measurement; this enables improved granularity and flexibility of Juniper’s UAC network access assessment based on system attestation.

Secure Elements: Secure Elements and SignaCert deliver the first complementary solution that provides positive attestation for SCAP configuration and binary/library validation for regulated and federal IT customers.

Symantec: SignaCert is using best-in-class antivirus technology from Symantec to help ensure that only ‘clean code’ submissions are made to the SignaCert Global Trust Repository. In partnership with Symantec, SignaCert performs a highly secure white list data extraction.

XenSource: SignaCert and XenSource are establishing standards and technologies for bringing measurement and controls to virtual environments. “Security in a virtualized environment is a growing concern for CIOs,” said Simon Crosby, CTO, XenSource. “XenSource believes that measurement and trust go hand in hand with a secure virtualized platform. SignaCert’s technology is an important component of the trusted computing base and can help ease customer concerns about the security of virtual infrastructure, accelerating the adoption of virtualization.”

SignaCert Releases Latest Version of Enterprise Trust Server; Receives Patent
Oct 1, 2007

New version extends capabilities of first-of-its kind independent verification and measurement solution for business and government enterprises

PORTLAND, OREGON – SignaCert® Inc., the leading provider of independent IT controls solutions, today announced a major upgrade to its Enterprise Trust Server, the only technology of its kind to definitively prove that IT systems remain exactly as intended in production. The numerous usability improvements include increased flexibility and enhanced reporting functionality, from console-based dashboards to customizable reports, which verify device integrity down to the binary level. The upgrade enables scenarios such as “exact match” that no other product can achieve.

The technology behind the Enterprise Trust Server was recently acknowledged with the issuance of United States patent #7,272,719. The patent applies to SignaCert’s unique method of generating signatures and assembling them into an integrity log for integrity verification and measurement against a known and trusted reference.

“When the company launched last January, SignaCert’s goal was to have the most comprehensive, detailed software verification system on the market – something no one else was – or is – doing. The patent acknowledges that SignaCert has created unique and proprietary technology,” said Frank Tycksen, VP of Engineering for SignaCert. “Working with new technology, it was important that we listen to what customers had to say; the latest enhancements are a result of their input.”

Key features of Enterprise Trust Server 1.5 include:

• One-to-many verification: Compares multiple devices with a single integrity reference to pinpoint deviations.
• Scalable and flexible: SignaCert’s database of authentic signatures validates many scenarios required for understanding IT systems – from identifying what software versions are present on devices, to ensuring that only approved software is installed, to proving that a group of devices match their specified standard build precisely.
• Enhanced reporting: Reports deliver meaningful actionable information. A comprehensive dashboard provides high level view of which systems and devices have deviations and allows drill down to the exact device and the specific deviations. Reports are extensible; ETS allows connectivity to external reporting packages and middleware solutions.
• Fine grain visibility: Find every deviation down to the binary level, but also correlate the deviations individually or in groups to the package level: the product, application, build, or version to which is belongs.

Secure Elements and SignaCert Partner to Deliver First Joint Solution To Provide Positive Attestation for SCAP Configuration and Binary/Library Validation for Regulated and Federal IT Customers
Sept 20, 2007

Combined offering validates SCAP configurations and related binaries to fulfill Federal Desktop Core Configuration (FDCC) Compliance

HERNDON, VA and PORTLAND, OR - Secure Elements, the industry leader in standards-based IT audit and compliance management, and SignaCert Inc., the forefront provider of independent IT controls solutions, today announced a joint marketing and product development agreement through which the two firms will deliver the first complementary NIST Security Content Automation Protocol (SCAP) solution that combines positive attestation of SCAP configuration audits and the associated binary/library implementations.

On June 1st, 2007 the Office of Management and Budget (OMB) mandated that providers of information technology shall certify applications are fully functional and operate correctly as intended on systems using the Federal Desktop Core Configuration (FDCC) by Feb 1, 2008. On July 31st, 2007 OMB required that NISTs Security Content Automation Protocol (S-CAP) be utilized by industry and government in support of this initiative. SCAP measures systems against configurations, but falls short of ensuring that the components are authentic, and un-tampered.

"SignaCert is actively involved with SCAP to help not only facilitate rapid adoption, but to help present a Positive Security Model as an extension to the project," said Wyatt Starnes, Founder and CEO, SignaCert. "Together with Secure Elements we will deliver significant and immediate value to customers by enabling file based,positive attestation of FDCC image and general platform elements,definitively proving, against verifiable platform standards, that systems are deployed and configured as intended."

Secure Elements offers the only enterprise solution that works directly with the SCAP content, enabling Federal agencies to meet the OMB Mandate for FDCC compliance. By partnering with SignaCert which can independently verify and validate applications at the binary level the two companies are now uniquely positioned to offer Federal agencies a comprehensive, end-to-end, SCAP solution that enables full compliance with the FDCC.

"Secure Elements is always seeking out complimentary technologies that not only enhance our SCAP offering, but also simplify and improve the IT security compliance process for our Federal customers," said Ned Miller, President and CEO, Secure Elements. "In working closely with Federal agencies and understanding their pain points when it comes to achieving FDCC compliance, it became clear that partnering with SignaCert would create tremendous synergies between our two companies,and, for the first time, will provide customers with a single solution for achieving SCAP compliance with certification at the binary level."

Media Advisory: SignaCert to present at 3rd Annual Security Automation Conference hosted by NIST
Sept 18, 2007

SignaCert, the leader in independent IT controls, will be speaking this Thursday, September 20, 2007 at the 3rd Annual Security Automation Conference, hosted by NIST, DISA, and NSA, taking place Sept. 19-20, 2007 in Gaithersburg, Maryland. Learn more at http://nvd.nist.gov/scap/docs/SCAP_Agenda_2007.pdf.

SignaCert’s talk will focus on FDCC and SCAP compliance using apositive security model and will give a brief overview of the “Positive Model” as it applies to SCAP and FDCC, and what’smissing. While SCAP covers the configuration, security posture, and application settings of a platform, there is still a set of the configurationthat is not controlled or governed by the configuration of the platform. Thatis the platform components themselves, such as binaries, images, libraries, andother data elements that do not reside in a second order control point.

This is where SignaCert comes in. SignaCert’s product is an independent IT control thatmeasures, proves and verifies that the system applications are exactly the same in ongoing production as they were when they were deployed. This ongoing independent monitoring increases system security, improves availability of critical IT infrastructure, and fulfills critical compliance and auditing requirements. Find out how during the talk.

SignaCert Joins Opsware Technology Alliance Partner Program
Sept 12, 2007

Enterprise IT customers to benefit from comprehensive datacenter automation solution

Portland, Ore. – SignaCert® Inc., the leading provider of independent IT controls solutions, today announced it has joined the Opsware Technology Alliance Partner (TAP) program. Through the partnership, SignaCert and Opsware will provide access to a broad range of Data Center Automation capabilities, enabling enterprise IT departments to more rapidly achieve operational efficiencies and reduce labor costs across their IT infrastructures.

“SignaCert’s independent IT controls technologies are an excellent complement to Opsware’s industry leading products,” said Wyatt Starnes, Chairman and CEO, “Together we will deliver significant and immediate value to customers by enabling advanced asset discovery and verification capabilities throughout the data center production cycle -- from deployment and after.”

“Opsware is delighted to welcome companies of the caliber of SignaCert to our Technology Alliance Partner program,” said John O’Farrell, executive vice president ofbusiness development at Opsware Inc. “By combining Opsware’s IT Automation software with SignaCert Enterprise Trust Services, customers will benefit from a broader spectrum of critical IT Automation capabilities.”

With the cost and complexity of today’s IT infrastructure spiraling out of control, enterprises are turning to IT automation to increase productivity, ensure policy compliance, remediate security threats, and reduce labor expenses. The Opsware TAP program supports the increasing demand for automation technology by providing an effective means of addressing customer needs for server, network and applications.

As the fastest growing datacenter automation vendor,Opsware will provide SignaCert the opportunity to integrate with its award-winning IT Automation software and leverage its global sales and marketing activities to generate customer leads and drive revenue.

SignaCert Enterprise Trust Server captures, organizes, and compares the reality of what's running on customer IT systems against a proven trusted reference. This independent IT control measures, proves and verifies that enterprise IT systems are deployed as intended. SignaCert technologies complement Opsware products by enabling enhanced discovery and verification capabilities for swifter identification and reporting of deployed or unauthorized software, and more granular system scanning. Customers adopting these capabilities will benefit from increasedsystems availability, manageability, compliance, and security.

About the Opsware Technology Alliance Partner Program

The Opsware Inc. (NASDAQ: OPSW) Technology Alliance Partner program provides customers with the most extensiveand comprehensive data center management solution available today. OpswareTechnology Partners are comprised of best of breed, market-leading software and platform vendors who offer technology that complements a single Opsware product or the entire Opsware solution suite.

SignaCert Names Randal Skipper Vice President of Sales
Sept 10, 2007

Industry veteran chartered with expansion, outstanding service and value to enterprise IT customers

Portland, Ore. – SignaCert®, Inc. the leading provider of independent IT controls technology,today announced the appointment of industry veteran Randal Skipper as vice president of sales. Skipper brings to SignaCert over 20 years of expertise, leadership and success in building worldwide direct and indirect sales initiatives, most recently as VP of Sales at Messagelabs,Inc., a leading managed service provider in email security.

As an industry veteran of market leaders and successful startups, Skipper will focus on expanding growth, service, value to customers,and fostering new market introductions in financial, healthcare,telecommunications and pharmaceutical industries.

“We are pleased to announce Randy’s addition to the SignaCert team,” said Wyatt Starnes,Founder and CEO of SignaCert. “Randy brings an impressive breadth of experience with high-growth companies,knowledge of vertical markets, enterprise software, and global accounts. His leadership skills will be a key addition to help drive our vision to the market.”

“Operational efficiency is a key concern and SignaCert has begun to shake up the market with its first-to-market solution, especially as software configurations drift over time,” said Randal Skipper, vice president of sales at SignaCert. “Together with SignaCert’s talented team, I look forward to increasing our presence within large IT organizations, introducing customers to a different dimension of systems management and positioning SignaCert as an undisputed leader in the market.”

Prior to MessageLabs, Skipper was VP of Sales for Marimba Inc., a company he joined as a startup and grew to a successful IPO in five years. In addition, Mr. Skipper has been VP of Sales-US for Intelligent Interactions, a company acquired by 24 by 7, and has held various sales management positions for Oracle Corporation and Dataworks Corporation.

SignaCert Solution Is Now “Ready for IBM Tivoli Software”
Jul 16, 2007

Integration improves system savailability, manageability and compliance

Portland, Ore. – SignaCert®, Inc., the leading provider of software measurement and integrity verification solutions, today announced that its Enterprise Trust Services solution is now “Ready for IBM Tivoli Software.”

SignaCert Enterprise Trust Services delivers a new fundamental capability to businesses and government - dash;allowing them to measure, verify, and maintain the state of their enterprise infrastructure using a known, trusted reference. With this solution companies can prove their systems are deployed and configured as intended over their lifetime.

As a result of the integrated solution between IBM Tivoli Change and Configuration Management Database (CCMDB) and SignaCert, customers are able to measure to populate the IBM Tivoli CCMDB with software assets and configuration items discovered and verified by SignaCert. The benefits are improved systems availability, manageability and compliance.

“IBM is helping their customers take a proactive approach to reduce incident and problem management costs by validating that our solutions interface with the IBM Tivoli CCMDB,” said Wyatt Starnes, Founder and CEO of SignaCert. “ Traditional approaches to managing IT systems aren’t working, and the industry recognizes the need for our new technology to keep IT systems running strong.”

SignaCert is an independent, platform neutral, out of band measurement tool that can be implemented within a matter of hours, with no impact to the enterprise’s business systems.

SignaCert Announces Enterprise Trust Service Interoperability With Microsoft Network Access Protection
Feb 7, 2007

SignaCert integrity verification software integrated with Microsoft Network Access Protection

San Francisco - SignaCert today announced the interoperability of its Enterprise Trust Service with Microsoft Network Access Protection,allowing enterprises to measure and verify the integrity of software on devices across IT systems, ensuring greater reliability, manageability, security, andregulatory compliance. The SignaCert Enterprise Trust Service is the only global subscription-based reference service and appliance that provesenterprise systems and endpoints are deployed and configured as intended over their lifetime.

SignaCert will be demonstrating at RSA, booth #2325, the ability to scan and verify a network endpoint against a trusted reference. More specifically, this verification process can be used to monitor and control the endpoint for things like compliance, and for network access control, which is being demonstrated with Microsoft Network Access Protection.

Network Access Protection is a policy enforcement technology built into the Windows Vista and Windows Server (code-named “Longhorn”) operating systems that allows customers to better protect network assets from unhealthy computers by enforcing compliance with network health policies. Microsoft Network Access Protection technology is publicly available with trial versions of Windows Vista, and available to select partners and customers with Beta 2 of the future version of Windows Server “Longhorn.”

“Traditional approaches to managing and securing IT systems aren’t working for customers, and the industry recognizes that,” said Wyatt Starnes, Founder and CEO of SignaCert. "Having a measurable baseline of verified norms gives organizations a new way to assuretheir systems are healthy. We’re excited to see industry partners like Microsoft helping to reset the way we manage dynamic, connected heterogeneous software environments to make them more available, more secure and more accountable.”

SignaCert’s database of authentic data contains a wide range of signatures for enterprise-focused software. SignaCert continuously and proactively works withIT industry vendors like Microsoft to ensure the broadest software coverage.Participation is open to all OS, application and infrastructure vendors and is gaining support from other technology companies and organizations.

“When it comes to security, reliability, manageability and compliance, the global services and technology companies we work with are paramount to the success of our mutual enterprise customers,” said Mike Schutz, group product manager of Security and Access Products at Microsoft Corp. “Software companies such as SignaCert offer broad expertise in Microsoft technologies to help customers ensure that the Microsoft software they are using is measured and verified, and exists in its desired state.”

SignaCert enables fine-grain endpoint measurement and validation to a trusted reference, serving all modes of trusted network connect including NAP, NAC, TNC, UAC and others. Our Enterprise Trust Services enable business and government to measure, validate, and maintain the state of their enterprise infrastructure using a known, trusted reference. For more information, visit www.signacert.com

SignaCert Introduces Enterprise Trust Services
Jan 31, 2007

Trusted Integrity VerificationProves IT Systems Stay Configured as Intended

Portland, Ore. –SignaCert today introduced Enterprise Trust Services, the only integrity verification service and appliance that proves enterprise systems and endpoints are deployed and configured as intended over their lifetime. The SignaCert Enterprise Trust Service allows enterprises to measure and verify the integrity of software across information technology (IT) systems, ensuring greater reliability, manageability, security, and compliance.

SignaCert helps enterprises measure, validate, and maintain their technology infrastructure using a new proactive approach that checks the operating system,applications, platforms and other software against a known trusted reference versus the traditional approach that seeks simply to keep out unwanted software. Using this approach, SignaCert delivers true 100% enterprise wide integrity verification by creating a trusted reference that combines the SignaCert Global Trust Repository with an organization’s in-house deployed software and associated configurations.

“The industry is recognizing the need for a new approach to IT security and systems management,” said Wyatt Starnes,founder and CEO of SignaCert. “Using a trusted reference to verify the integrity of their enterprise is a powerful new method."

“System failures are often the result of change, either through corruption,malicious code, or unintended configuration changes," said John Pescatore,VP Gartner Inc. "To secure servers and PCs, enterprises need vulnerability management approaches that assure that only trusted, valid software is running on their systems."

The SignaCert Enterprise Trust Service can solve many IT business challenges such as:

• Gold image verification: Proactively define OS,applications and configurations for your multi-platform systems, and continually validate their state against a trusted reference.
• Endpoint Integrity: Gain greater control and reliability by knowing the current state of your systems.
• Regulatory Compliance: Deliver fine-grained verification of your enterprise and prove it is deployed as intended.

SignaCert’s Global Trust Repository contains a broad range of authentic signatures (short-hand definite software component identifiers) from the industry’s leading Independent Software Vendors (ISVs). SignaCert continuously and proactively works with IT technology vendors to ensure the broadest supply of important common software signatures.

Technology Industry Leaders Come Together To Advance New Security And Management Approach
Jan 31, 2007

SignaCert and Intel, Sun Microsystems, Juniper Networks, Applied Identity, Cordys, XenSource, PGP Corporation, Wave Systems Corp, Access Data, Kryptiq, join forces on vendor and platform neutral reference database of authentic software

Portland, Ore.- SignaCert today announced that industry leaders have come together to deliver a new proactive approach to verify customers’ software and IT systems integrity. SignaCert will enable Intel, Sun Microsystems, Juniper Networks, Applied Identity, Cordys, XenSource, PGP Corporation, Wave Systems Corp, Access Data, Kryptiq and others to advance a new method for addressing customer demand for more secure, reliable and cost-effective computing solutions.

Enterpriseinformation environments have experienced continuous evolution since their introduction as business tools in the second half of the twentieth century. But today’s inter-networked and pervasive computing environment has outpaced the design envelope originally contemplated by early IT designers. As a result, the measurement and instrumentation framework necessary to proactively address security, reliability and manageability were not built into the core design. Each successive stage of evolution has added complexity to a foundation which is insecure and increasingly fragile.

To address these challenges, leading technology ecosystem players are embracing a new approach based on proactive measurement and verification. SignaCertis providing a standards-based, neutral, trusted third-party reference platform that will act as a verification proxy for the software industry. With the ability to verify states of files, systems and software based on a database of authentic data, organizations can proactively assure that software is deployed and configured as intended. System ‘drift’ or anomalous and unwanted files can be detected and corrective policy applied before symptoms develop—reducing downtime, security failures and risk.

SignaCert’s database of authentic data contains a wide range of signatures for enterprise-focused software, such as: the operating system, applications,platforms and other software. SignaCert continuously and proactively works with IT industry vendors to ensure the broadest software coverage.

“The traditional approaches to managing and securing systems aren’t working for customers,” said Wyatt Starnes,Founder and CEO of SignaCert. "Having a measurable baseline of verifiednorms gives organizations a different way to assure systems are in a healthy state. The industry aims to reset the way we manage dynamic, connected heterogeneous software environments to make them more available, more secure and more accountable.”

"All IT environments are mixed environments, and while vendors across platforms do a good job of verifying the integrity of initial installations oftheir own software, they often have little control beyond the initial state,”said Rob Crooke, Vice President, GM, Business Client Group, Intel Corp. “The shift in approach to a proactive validation and neutral stewardship of files will help make our IT investments more valuable, and will lower operating costs."

“System failures are often the result of change, either through corruption,malicious code, or unintended configuration changes," said John Pescatore,VP, Gartner Inc. "To secure servers and PCs, enterprises need vulnerability management approaches that assure that only trusted, valid software is running on their systems."

“With Solaris 10 we have built in a number of technologies such as Solaris Containers, Least Privilege and Labeling to allow our customers to build secure applications and services,” said Tom Goguen, vice president of Solaris marketing, Sun Microsystems. “SignaCert’s approach is a fine complement to our Secure Execution technology, allowing customers to proactively validate heterogeneous environments.”

Participation is open to all OS, application and infrastructure vendors and is gaining support from other technology companies and organizations.

SignaCert Joins Microsoft's Network Access Protection (NAP) Program
Nov 26, 2006

Portland, Ore. - SignaCert today announced that it has joined the Microsoft Network Access Protection (NAP) program. By supporting Microsoft's Network Access Protection technology, SignaCert demonstrates its continuing commitment to enterprise security and integrity through interoperability with complementary technologies. Together with Microsoft, SignaCert will help organizations of all sizes to fully utilize network access protection within their networks.

Network Access Protection is a policy enforcement technology built into the Windows Vista and Windows Server "Longhorn" operating systems that allows customers to better protect network assets from unhealthy computers by enforcing compliance with network health policies. Microsoft's Network Access Protection technology will be publicly available with Beta 2 of Windows Vista, and available to select partners and customers with Beta 2 of the future version of Windows Server, codenameœ"Longhorn."

SignaCert's trust-based solution gives IT organizations visibility and fine-grained controls into the state of devices within a network and allows them to more precisely determine a client's health at any given moment. This combination allows clients to be evaluated as part of network access within the Network Access Protection framework. The SignaCert solution complements existing security approaches like anti virus and intrusion detection systems, creating a strong foundation to help IT organizations gain control of their end-points. Network Access Protection and SignaCert provide a strong technology value proposition for customers who increasingly seek better visibility and confidence in their IT environment.

"We are pleased to support the Microsoft Network Access Protection program and welcome the opportunity to work together to meet our common goal to give organizations effective technology solutions," said Wyatt Starnes, Chief Executive Officer,SignaCert. "By working with the Microsoft Network Access Protection program, our customers will enjoy the full advantage of knowing they can easily work with industry-standard Network Access Protection products to help them create a more manageable and secure enterprise."

To maintain a secure network, organizations must validate and enforce endpoint health and security policies on every device before allowing them to connect to, or communicate with, their IT infrastructure," said Mike Schutz, senior product manager, Windows Server Division at Microsoft Corp."Microsoft welcomes SignaCert 's support in providing enhanced security for customers."

SignaCert Helps Create Industry Specification For Platform Measurement And Verification
Nov 14, 2006

PORTLAND, Ore. - SignaCert today celebrated the announcement of key standards released by the Trusted Computing Group (TCG), an industry group of more than 140 members creating open industry specifications for computing security. These standards provide a foundation for platform integrity measurement and verification and will ensure the interoperability and adoption of solutions in today's complex, multi-vendor IT environment.

This latest set of specifications are yet another step forward in the continued development of a trusted computing environment whichseeks to deliver platform integrity, measurement and verification for users and IT administrators that ensures accurate and consistent reporting of the state of their platforms. By using these standards organizations will be able to significantly improve the security and information protection on platforms on which they are deployed.

"We recognize the need and importance for a standardized industry approach to data measurement and verification that will provideorganizations with a consistent and accurate means of reporting the state of their platforms," said Wyatt Starnes,Founder, President and CEO of SignaCert.

The new specifications on the organization's website www.trustedcomputinggroup.org,augment the Trusted Platform Module (TPM), a core set of security functions defined by TCG members and widely used in virtually all enterprise PCs and manyservers. These new specifications ensure that the state of the system in which a TPM is used is reported accurately and in a standard fashion. It'€™santicipated that services and products incorporating these specifications will begin development for availability in 2007.

The new specifications in this latest release include:

• The Integrity Management Architecture provides a common framework for defining, collecting and reporting information about the integrity of the hardware and software components of a trusted platform (one that has the TPM). Integrity information includes values in the TPM within a system, files on the system, in-memory images and others. What is measured is dependent on the use of the measurement. For example, in implementations of TCG's Trusted Network Connect (TNC) for network access control, the client trying to attach to the network might be measured to determine what patches and antivirus software it has loaded, or checked to see if it has changed since the last connection.
• The Platform Trust Services (PTS) Interface specification defines a measurement agent to collect, measure, and report the integrity information on the platform, which can be a PC, mobile phone, server or other device. This ability complements the Trusted Network Connect architecture by enabling an integrity check of the platform before it is connected to the network. This can help detect root kits when used in concert with boot integrity checking, and can identify infected or unauthorized clients.
• The Integrity Schema specification provides a common XML-based data format to facilitate information exchange within the Integrity Management Architecture and integrates with Platform Trust Services Interface specification. The schema specification covers the format for integrity data to be collected and reported; the format for representing reference measurement of known values; and the format for evaluating the results of platform integrity assessments including reporting of the TPM platform configuration registers (PCRs).

About TCG

TCG is an industry standards body formed to develop, define,and promote open standards for trusted computing and security technologies,including hardware building blocks and software interfaces, across multiple platforms,peripherals, and devices. TCG specifications are designed to enable more secure computing environments without compromising functional integrity with the primary goal of helping users to protect their information assets from compromise due to external software attack and physical theft. Moreinformation and the organization's specifications are available at the Trusted Computing Group'™s website, www.trustedcomputinggroup.org.

SignaCert Names Frank Tycksen as Vice President of Engineering
Jul 25, 2006

PORTLAND, Ore. - SignaCert President and CEO Wyatt Starnes announced today that Frank Tycksen has joined SignaCert as the Vice President of Engineering.

Frank has over 21 years of experience in software development, management, and technical leadership with a focus on trust and security systems. Prior to SignaCert, he was the Research Engineering Manager in the Trusted Platforms Lab involved in leading Intel's research efforts in the areas of trust and security.

"We are pleased to have such a highly qualified individual as Frank to lead our Engineering efforts." Said Starnes"His background in trust-management technologies and experience bringing innovative products to market are strong assets for SignaCert."

Before joining Intel, Frank was CTO of Swan Island Networks and the security architect for the associated non-profit organization RAINS(Regional Alliances for Infrastructure and Network Security). At Swan Island Networks, he oversaw the development of information sharing tools targeted for all levels of government to facilitate the flow of sensitive but unclassified materials.

Prior to that Swan Island Networks, Frank was a founder and CTO of Portland Software, which later merged and became Preview Systems, a company in the digital rights management arena. He was involved from Portland Software's pre-financing stage to a public corporation listed on the NASDAQ exchange. Under his technical leadership, Preview's software was licensed by a number of global companies including Adobe, Real Networks, Matsushita, Sony and Symantec.

Frank was instrumental in the success of several other companies including Second Nature Software, a non-profit company dedicated to donating all profits to The Nature Conservancy with $2.5 million donated to date, and Central Point Software. At Central Point, he was one of the creators of the top selling PC Tools software utility package and later became the manager of the data recovery product line. Central Point was later acquired by Symantec.

Dr. Taher Elgamal Joins SignaCert Board of Advisors
May 8, 2006

PORTLAND, Ore. - SignaCert, a service provider that enables trust-based computing for enterprises everywhere, announced today that Dr. Taher Elgamal has joined their Board of Advisors.

"SignaCert's technologies and methods promise to bring new levels of trust to Information Technology (IT)." said Dr. Elgamal. "I am excited about joining such an esteemed group and helping guide SignaCert on its path to success."

Dr. Elgamal is aleading expert in computer, network and information security. Recognized as the"inventor of SSL," Dr. Elgamal led the SSL efforts at Netscape, Inc. and his inventions in cryptography have become standards in both industry and government. He currently serves as the Chairman and CEO of Ectasis, Inc and previously served as founder, CEO and Chairman of Securify, Inc. and the Chief Scientist at Netscape.

"We are honored that Dr. Elgamal has joined SignaCert's Board of Advisors" said Wyatt Starnes, SignaCert's CEO. "Dr. Elgamal's work in encryption and cryptography has become the standard for securing network communications and enabling trusted transactions between parties."

"On behalf of SignaCert's Advisory Board, I'm pleased to welcome Dr. Elgamal on board."said Dr. Eugene Spafford, SignaCert's Lead Advisor. "His experience of working with forward-thinking companies to bring value to the entire industry will be an important asset to SignaCert."

Dr. Elgamal joins an advisory board made up of a broad range of industry experts. More information about SignaCert's Board of Advisors can be found on the SignaCert website.

SignaCert Inc. Secures $10 Million in Series A Funding
Dec 16, 2005

PORTLAND, Ore. - SignaCert, a service provider that enables trust-based computing for enterprises everywhere,announced today that it has secured $10 million in Series A funding fromDCM-Doll Capital Management, Intel Capital, SmartForest Ventures and GarageTechnology Ventures.

SignaCert CEO Wyatt Starness aid the new capital will be used to accelerate development and delivery of newservices and products.

Starnes, the former CEO and president of Tripwire, launched SignaCert in 2004 and has built a team with deep experience in IT management,compliance and security issues. Most recently, the company hired ThomasHardjono, Ph.D, former Principal Scientist and Security Architect at VeriSignto serve as chief technology officer.

Tripwire Founder Wyatt Starnes First Oregonian Named To Advisory Committee Of National Institute Of Standards And Technology
Apr 29, 2005

PORTLAND, Ore. - W. Wyatt Starnes, founder of the pioneering IT security and systems management company Tripwire, has been named to the Visiting Committee on Advanced Technology (VCAT), the primary private sector advisory group for the National Institute of Standards and Technology (NIST). NIST acting director Hratch Semerjian appointed Starnes to the VCAT for a three-year term.

Founded in 1901, NIST is one of the oldest federally funded research organizations in the United States, and today includes the NIST Laboratories, the Baldrige National Quality Program, the Hollings Manufacturing Extension Partnership, and the Advanced Technology Program for accelerating the development of innovative technologies. A broad range of products, from atomic clocks to mammograms and semiconductors, rely on NIST's standards and technology. NIST is an agency of the Department of Commerce's Technology Administration.

"As a new member of the VCAT, Wyatt Starnes' extensive knowledge and background in information technology and cyber security will be a great asset to NIST's strategic planning process and will help NIST in its efforts to strengthen the nation's innovation infrastructure," remarked Mr. Semerjian.

As an advisory board to NIST, the 15 members of the VCAT meet quarterly to help guide the Institute's activities and programs, serving industry, academia, and other federal agencies and supported by NIST's $858million annual budget.

"Standards are key to the formation of industries and businesses, and important to enabling economic growth in many sectors,"said Mr. Starnes. "I'm deeply honored by my appointment to NIST, and see it as an opportunity to promote Oregon opportunities on a national level, and lay the groundwork for future job growth within the US, and in particular Oregon."

With NIST research influencing key industrial sectors in Oregon from high-tech to healthcare, Starnes appointment will provide Oregonians with an improved ability for input at a national policy level.

"It basically gives us a seat at the table,"Starnes continued. "It's recognition for the forward thinking in Oregon that's impacting technologies such as IT and nanotechnology."

Working in cooperation with, and separate from, Tripwire,Starnes has recently founded his latest company, SignaCert, Inc. SignaCert is continuing the development of service offerings built around the Tripwire FSDB initiative, a system for assuring the integrity of IT systems and components.