Press Release
SignaCert Releases Version 3.6 of Product Suite
October 27, 2009
SignaCert announces availability of full SCAP support including known-provenance whitelist image validation, FDCC, authenticated configuration, and vulnerability and patch scanner capabilities
Portland, OR – Continuing its leadership position in providing next-generation IT whitelist-based compliance and image management solutions, SignaCert, Inc. today announced version 3.6 of its Enterprise Trust Server platform.
With this major release of SignaCert's Enterprise Trust Server (ETS), customers can now operationally manage IT systems against SCAP (Security, Content and Automation Protocol) and FDCC (Federal Desktop Core Configuration) software vulnerability and configuration guidelines and checklists. When assessing system security, vulnerability, and configuration posture, the ETS now fully integrates information from XCCDF (Extensible Configuration Checklist Description Format), OVAL (Open Vulnerability Assessment Language), CVE (Common Vulnerability and Exposures), CCE (Common Configuration Enumeration), CPE (Common Platform Enumeration), and CVSS (Common Vulnerability Scoring System) using the full SCAP specifications.
"Over the past year, we have been partnering with the DoD and federal IT security community to strengthen our Nation's defenses against the adversary." said Wyatt Starnes, SignaCert founder and CEO. "Our innovative whitelisting approach uses government standards and protocols to help agency and private industry system administrators focus on prioritizing risk and vulnerabilities so they can better protect their networks against both internal and external threats."
Further, SignaCert is enhancing SCAP with the addition of its known-provenance whitelisting content and reference configuration methods. The combination of known-provenance image management with the rich vulnerability and configuration implicit with SCAP, greatly extends the security and efficacy of platforms managed under the SCAP method. Known-provenance whitelist content validation also serves to improve supply chain source validation of software used on all IT platforms.
"We see the SCAP method for Continuous Monitoring of IT systems used by DoD and the Federal IT community as a major step to enhance both security and operational compliance." said Wyatt Starnes, SignaCert founder and CEO. "Version 3.6 of our next-generation compliance, vulnerability assessment, and configuration control solution, combined with our unique application of known-provenance whitelisting data, solidifies SignaCert as the preeminent whitelist operational compliance solution provider for both government and industry."
SCAP and related assessment guidelines are quickly becoming the de-facto standard for both government and large enterprise IT environments. The 3.6 release of SignaCert's ETS seamlessly integrates validation against these checklists and guidelines into the existing reference configuration based system assessment. With this release customers can ensure that all systems maintain compliance against file system, registry, database, and system/security configuration policies, whether internally derived or government and industry mandated.
New features in version 3.6 include:
- Complete SCAP method support including known-provenance whitelist image support in addition to FDCC, authenticated configuration, and vulnerability and patch scanner capabilities
- Supports assessment via standard SCAP streams (XCCDF and OVAL) in addition to SignaCert's powerful assessment language.
- Automated checklist and vulnerability assessment via external feeds (NIST, MITRE, and more)
- Integration with "threat intelligence feeds" providing rich situational awareness, context, and technical information on vulnerabilities, exploits, and tradecraft as it relates to system configurations.
- Historical dashboards and reports for demonstrating continuous compliance
- Benchmark reports and scoring in SCAP compliant formats (FDCC, XCCDF, and OVAL)
- Seamlessly integrated into SignaCert's existing known-provenance whitelist image management/assessment and reporting solution
Version 3.6 will be available for shipment in mid-December 2009 and is available immediately for demonstration and evaluation. All current customers will be contacted by SignaCert support regarding the upgrade of existing installations.
About SignaCert
SignaCert is the leading provider of end-to-end and partner-based IT compliance solutions based on known-provenance whitelist technology. These methods allow SignaCert's direct customers to rapidly achieve and prove continuous compliance for the systems that deliver critical business services. The SignaCert architecture is designed to seamlessly integrate with existing change processes and continuously monitor critical business services without disruption.
Additionally, SignaCert's OEM and ISV Partners can supply to, or license content from, the SignaCert Global Trust Repository (GTR), adding new and important capabilities to their product offerings. All use cases are supported by a rich repository of vendor-independent software measurements. These "white" or "allow" list methods enable SignaCert's patented technology to be quickly deployed and provide immediate visibility into the actual state of IT infrastructure.
Founded in 2004 by 34-year IT security and compliance industry veteran Wyatt Starnes, SignaCert has assembled a world class team of industry leaders with hands-on IT experience for its executive team, board of directors, and advisory board.
SignaCert's end-customers span a wide variety of industries, including financial services, government, and healthcare.