Press Release

Technology Industry Leaders Come Together To Advance New Security And Management Approach

Jan 31, 2007

SignaCert and Intel, Sun Microsystems, Juniper Networks, Applied Identity, Cordys, XenSource, PGP Corporation, Wave Systems Corp, Access Data, Kryptiq, join forces on vendor and platform neutral reference database of authentic software

Portland, Ore. — SignaCert today announced that industry leaders have come together to deliver a new proactive approach to verify customers' software and IT systems integrity. SignaCert will enable Intel, Sun Microsystems, Juniper Networks, Applied Identity, Cordys, XenSource, PGP Corporation, Wave Systems Corp, Access Data, Kryptiq and others to advance a new method for addressing customer demand for more secure, reliable and cost-effective computing solutions.

Enterprise information environments have experienced continuous evolution since their introduction as business tools in the second half of the twentieth century. But today's inter-networked and pervasive computing environment has outpaced the design envelope originally contemplated by early IT designers. As a result, the measurement and instrumentation framework necessary to proactively address security, reliability and manageability were not built into the core design. Each successive stage of evolution has added complexity to a foundation which is insecure and increasingly fragile.

To address these challenges, leading technology ecosystem players are embracing a new approach based on proactive measurement and verification. SignaCert is providing a standards-based, neutral, trusted third-party reference platform that will act as a verification proxy for the software industry. With the ability to verify states of files, systems and software based on a database of authentic data, organizations can proactively assure that software is deployed and configured as intended. System 'drift' or anomalous and unwanted files can be detected and corrective policy applied before symptoms develop-reducing downtime, security failures and risk.

SignaCert's database of authentic data contains a wide range of signatures for enterprise-focused software, such as: the operating system, applications, platforms and other software. SignaCert continuously and proactively works with IT industry vendors to ensure the broadest software coverage.

"The traditional approaches to managing and securing systems aren't working for customers," said Wyatt Starnes,Founder and CEO of SignaCert. "Having a measurable baseline of verified norms gives organizations a different way to assure systems are in a healthy state. The industry aims to reset the way we manage dynamic, connected heterogeneous software environments to make them more available, more secure and more accountable."

"All IT environments are mixed environments, and while vendors across platforms do a good job of verifying the integrity of initial installations of their own software, they often have little control beyond the initial state," said Rob Crooke, Vice President, GM, Business Client Group, Intel Corp. "The shift in approach to a proactive validation and neutral stewardship of files will help make our IT investments more valuable, and will lower operating costs."

"System failures are often the result of change, either through corruption,malicious code, or unintended configuration changes," said John Pescatore, VP, Gartner Inc. "To secure servers and PCs, enterprises need vulnerability management approaches that assure that only trusted, valid software is running on their systems."

"With Solaris 10 we have built in a number of technologies such as Solaris Containers, Least Privilege and Labeling to allow our customers to build secure applications and services," said Tom Goguen, vice president of Solaris marketing, Sun Microsystems. "SignaCert's approach is a fine complement to our Secure Execution technology, allowing customers to proactively validate heterogeneous environments."

Participation is open to all OS, application and infrastructure vendors and is gaining support from other technology companies and organizations.

About SignaCert

SignaCert is the leading provider of end-to-end and partner-based IT compliance solutions based on known-provenance whitelist technology. These methods allow SignaCert's direct customers to rapidly achieve and prove continuous compliance for the systems that deliver critical business services. The SignaCert architecture is designed to seamlessly integrate with existing change processes and continuously monitor critical business services without disruption.

Additionally, SignaCert's OEM and ISV Partners can supply to, or license content from, the SignaCert Global Trust Repository (GTR), adding new and important capabilities to their product offerings. All use cases are supported by a rich repository of vendor-independent software measurements. These "white" or "allow" list methods enable SignaCert's patented technology to be quickly deployed and provide immediate visibility into the actual state of IT infrastructure.

Founded in 2004 by 34-year IT security and compliance industry veteran Wyatt Starnes, SignaCert has assembled a world class team of industry leaders with hands-on IT experience for its executive team, board of directors, and advisory board.

SignaCert's end-customers span a wide variety of industries, including financial services, government, and healthcare.