Company

Press Release

SignaCert Works with Microsoft to Establish Collaboration and Exchange of Software Measurements

April 21, 2009

Relationship to facilitate standards-based Global Worldwide Whitelist Repository

Portland, OR – SignaCert, the leading provider of IT Compliance solutions based on whitelisting methods, today announced that it is working with Microsoft to exchange known-provenance whitelist methods, standards, and content. Additionally, SignaCert will act as a "trusted third party" to aggregate Microsoft and other Independent Software Vendors (ISV) software measurements as a part of its existing Global Trust Repository (GTR) offering.

The collaboration, sponsored by the Identity and Security Division at Microsoft, expands the group's business scope by adding deep software object reputation services to be delivered under the Microsoft Reputation Services (MRS) branding.

"This is a very important step in enabling much better trust, security and management solutions for Microsoft customers. It underscores the ongoing commitment of Microsoft to provide expanded object reputation services within its products and services as new security standards and methods evolve," said Greg Kohanim, Product Unit Manager of Microsoft. "As an ISV, Microsoft is proud to extend this common repository with its own information to enable the industry to increase security across the board."

A repository of known-provenance and vendor-independent software measurements, or "whitelists", is crucial to enable new IT platform security methods including application-enforcement based on "allow lists". Whitelist methods are evolving quickly adding defense in depth by supplementing blacklist (i.e. anti-virus) methods commonly used on enterprise and consumer computer systems. Allow listing can enable only authentic and authorized software to be loaded and executed, significantly enhancing IT security, stability and compliance.

"Software whitelisting is becoming strategic for protecting compute devices. Who builds and maintains the list is one of the more significant issues," said Neil MacDonald, VP and Gartner Fellow. "Since ISVs are the source of much of the software (including the OS foundation), it makes sense to have the worldwide ISV community contribute, in a standard way, to a whitelist that has the broadest adoption and impact versus the complexity involved in building or contributing to proprietary databases."

Today's announcement substantially expands the scope of the previously announced collaboration between SignaCert and Microsoft dated February 7, 2007 (www.signacert.com), which focused on enabling enhanced device health for the Network Access Protocol, or NAP, methods.

The relationship now encompasses three areas of additional collaboration:

  • SignaCert to deliver rich content services with direct-from-Microsoft software measurements
  • Microsoft to deliver products with known-provenance, cross-platform third-party content aggregated by SignaCert
  • Data Exchange Format to be made available for ISV/OEM Partner use

"Traditional approaches to managing and securing IT systems through blacklist are important, but are reaching scale and efficacy limits," said Wyatt Starnes, Founder and CEO of SignaCert. "Rich whitelist resources, based on a standardized repositories of known-provenance, vendor-independent software measurements, is an important new tool in the IT arsenal. Microsoft's broad endorsement of this concept is a giant step forward toward a more secure, compliant and cost-effective computing environment."

ISVs interested in including their software measurements to the Global Trust Repository and OEMs interested in whitelist content licensing should visit www.signacert.com/partners

The terms of the agreement were not disclosed.

About SignaCert

SignaCert is the leading provider of end-to-end and partner-based IT compliance solutions based on known-provenance technology. These methods allow SignaCert's direct customers to rapidly achieve and prove continuous compliance for the systems that deliver critical business services. The SignaCert architecture is designed to seamlessly integrate with existing change processes and continuously monitor critical business services without disruption.

Founded in 2004 by 38-year IT security and compliance industry veteran Wyatt Starnes, SignaCert has assembled a world class team of industry leaders with hands-on IT experience.

SignaCert's end-customers span a wide variety of industries, including financial services, government, and healthcare.