Technology Industry Leaders Come Together to Advance New Security and Management Approach

January 31, 2007; 04:00 AM
SignaCert today announced that industry leaders have come together to deliver a new proactive approach to verify customers’ software and IT systems integrity. SignaCert will enable Intel, Sun Microsystems, Juniper Networks, Applied Identity, Cordys, XenSource, PGP Corporation, Wave Systems Corp, Access Data, Kryptiq and others to advance a new method for addressing customer demand for more secure, reliable and cost-effective computing solutions.

Enterprise information environments have experienced continuous evolution since their introduction as business tools in the second half of the twentieth century. But today’s inter-networked and pervasive computing environment has outpaced the design envelope originally contemplated by early IT designers. As a result, the measurement and instrumentation framework necessary to proactively address security, reliability and manageability were not built into the core design. Each successive stage of evolution has added complexity to a foundation, which is insecure and increasingly fragile.

To address these challenges, leading technology ecosystem players are embracing a new approach based on proactive measurement and verification. SignaCert is providing a standards-based, neutral, trusted third-party reference platform that will act as a verification proxy for the software industry. With the ability to verify states of files, systems and software based on a database of authentic data, organizations can proactively assure that software is deployed and configured as intended. System ‘drift’ or anomalous and unwanted files can be detected and corrective policy applied before symptoms develop -- reducing downtime, security failures and risk.

SignaCert’s database of authentic data contains a wide range of signatures for enterprise-focused software, such as: the operating system, applications, platforms and other software. SignaCert continuously and proactively works with IT-industry vendors to ensure the broadest software coverage.

“The traditional approaches to managing and securing systems aren’t working for customers,” said Wyatt Starnes, Founder and CEO of SignaCert. “Having a measurable baseline of verified norms gives organizations a different way to assure systems are in a healthy state. The industry aims to reset the way we manage dynamic, connected heterogeneous software environments to make them more available, more secure and more accountable.”

“All IT environments are mixed environments, and while vendors across platforms do a good job of verifying the integrity of initial installations of their own software, they often have little control beyond the initial state,” said Rob Crooke, Vice President, GM, Business Client Group, Intel Corp. “The shift in approach to a proactive validation and neutral stewardship of files will help make our IT investments more valuable, and will lower operating costs.”

“System failures are often the result of change, either through corruption, malicious code, or unintended configuration changes,” said John Pescatore, VP, Gartner Inc. “To secure servers and PCs, enterprises need vulnerability management approaches that assure that only trusted, valid software is running on their systems.”

“With Solaris 10 we have built in a number of technologies such as Solaris Containers, Least Privilege and Labeling to allow our customers to build secure applications and services,” said Tom Goguen, vice president of Solaris marketing, Sun Microsystems. “SignaCert’s approach is a fine complement to our Secure Execution technology, allowing customers to proactively validate heterogeneous environments.”

Participation is open to all OS, application and infrastructure vendors and is gaining support from other technology companies and organizations.

About SignaCert

SignaCert delivers software and services that provide true 100% enterprise integrity verification. Our Enterprise Trust Services enable business and government to measure, validate, and maintain the state of their enterprise infrastructure using a known, trusted reference. For more information, visit www.signacert.com.