Enterprise Customer Solutions

A large hedge fund manages thousands of Linux and Solaris machines and has been adding servers at the rate of 500 per quarter. At that rate, getting servers provisioned and out the door took priority over ensuring standard builds and applications were being used to build the platform and software stack. Many servers became misaligned, running different patch levels and operating system updates and supporting those servers on a broad scale became extremely expensive. What was needed was a way to bring those systems into alignment and standardize the platforms so that day to day management was streamlined and efficient, and when things did go wrong they could easily fix or re-provision as needed. They had a small number of desired standard configurations defined for their systems but no way of knowing if their systems matched the desired configuration after deploying them to production.

SignaCert provided the solution. We started by gathering references containing the desired state of the standard configurations they approved for production. Our solution then surveyed the server landscape and took precise measurements of the current state of their servers and provided results showing any drift from the desired configurations. Using our software identification capabilities we were able to deduce how close each server was to a specific Red Hat version and update as well as identify configuration settings out of alignment and incorrect permission settings. This gave them fine-grained insight into how misaligned their servers were from the standard they had set for their systems. Once they had this knowledge, the task of standardizing on a few operating system builds was within reach. By leveraging the open nature of the SignaCert solution they were able to quickly plug in automation that brought their servers into alignment.

SignaCert now monitors all of their systems to ensure they don't drift from the intended configuration. By managing their systems from this known good state, they have enjoyed not only a decrease in server management overhead and costs, but have regained precious time for projects instead of fighting fires.

Having true insight into the effectiveness of your change control processes has always been difficult to attain. In complex environments, more often than not you have a very real sense that systems are out of control -- you see the trouble tickets, the fire fighting, the late night emails, etc, but you lack the hard data that points to specifics. Added to that your change control processes may differ across groups and regions, so finding a way to see across the entire environment can seem impossible.

Now you can use SignaCert within your existing environment to close the open loop in your change control process. Our solution provides you with knowledge that the work was performed and that the systems are in alignment to their intended state. Deviations from the intended state become a direct indicator that things aren't working properly with the change control process. Since we monitor systems (and deviations) over time, you can quickly get trended reports that show you which processes are working, and which one's aren't. This information will provide you with the ability to identify the rate at which you are following your change control process and if your systems and processes are getting better at staying compliant over time. You will finally be able to prove if your change control process is working.

Managing a known and approved set of applications in an enterprise is not trivial. There are approval processes, licensing issues, authorization, and ensuring the endpoint has not drifted from software on the approved software list. Traditional whitelisting efforts involve creating a list of applications not considered a virus, Trojan, or part of the typical black list. This approach quickly becomes a management headache for enterprises.

The key to a true enterprise whitelist implementation is a middle-tier management layer that allows flexible user-to-application mapping, whitelist management, grouping, and hierarchy management of the applications you approve for your enterprise whether it's a commercial software package that's been customized or in-house developed software.

SignaCert helped a tier-1 financial company achieve their goals of true enterprise whitelisting by not only providing highly-trusted application signature data, but a middle-tier management console that enabled proactive whitelist management. SignaCert's extensible architecture allowed the technology to seamlessly plug-in to the existing environment and work with their current processes. By providing tools to automate the capture of known good software in the enterprise from a trusted source as well as providing known provenance whitelist information direct from the software vendors our customers now have confidence that their whitelist signatures match what they have approved to run in their enterprise.

The result has been an industry-leading example of true enterprise whitelisting.

Many products in the marketplace can detect when files change on a system. The detection of change on a system can be very useful and informative, but without the correlation of change to the software affected, change detection is cumbersome and time consuming. SignaCert provides a new way to look at and manage change on your systems. SignaCert's solution summarizes the changes that occur and relates them to exactly what software, configuration, or operating system components have been affected by a change. It's this highly correlated capability that gives you information you can use to diagnose problems quickly, rather than having to manually examine each and every file to see if and how they are related to one another while still providing the detailed file level information to drill down into when needed.

This package level information about the elements that make up your systems can also provide an auditor a record of the configuration of your systems. Rather than merely ask the registry if an application is installed, SignaCert actually interrogates the entire file system looking for products. We can quickly identify applications and patches that are installed, and do this heterogeneously across all platforms you manage. This single pane of glass view into your systems can then be rolled up into reports used for audit, compliance, license-management, and inventory.