1. Is the ETS compatible with Remedy work flow?
  2. What is unique about this approach?
  3. So this is all about increasing the security of IT systems, right?
  4. Is this a subscription service?
  5. What is the problem SignaCert solves?
  6. What is verification and how does it work?
  7. What do I do with file deviations, such as added, modified or removed files?
  8. How do you verify an application?
  9. Can verification identify buggy code?
  10. Can this provide information about product quality?
  11. Isn't ETS just like a configuration management database (CMDB)?
  12. How does ETS differ from change management systems?
  13. What is the cost benefit?
  14. What are the intangible (hard to measure) benefits?
  15. Can I capture my own proprietary signatures?
  16. Do I need every signature for all software ever published?
  17. Are you only for large IT shops?
  18. Do you provide a hosted solution?
  19. Does it make my current solution obsolete?
  20. Why wouldn’t I just capture signatures from what I know is in my network today?

  1. Is the ETS compatible with Remedy work flow?
    ETS is completely compatible with Remedy. However, because each organization use Remedy and its workflows uniquely, this will require some customization and integration.

    Back to top

     
  2. What is unique about this approach?
    IT management and security solutions today largely assume that the software components that make up a system are authentic and originate from the publisher. Verifying the files that makeup your IT systems ensures the integrity of these systems by identifying which files on a system are authentic and which are not based on their source-authentic state. This foundational capability creates a baseline by which IT systems can be managed and secured.

    Verifying IT systems complements and improves existing security and management solutions. Changes from authentic state can be detected and proactively addressed prior to system failure, thereby improving system availability and reliability.

    Below is a quote from John Pescatore of Gartner Research that is included in the press announcement released with this FAQ.

    “System failures are often the result of change, either through corruption, malicious code, or unintended configuration changes" said John Pescatore, VP Gartner Inc. "To secure servers and PCs, enterprises need vulnerability management approaches that assure that only trusted, valid software is running on their systems"

    Back to top

     
  3. So this is all about increasing the security of IT systems, right?
    Security is top-of mind for most IT professionals, and certainly the SignaCert solution delivers significant value in this space, however verification methods have benefits beyond security. Industry data shows that only 3-5% of downtime in major enterprise IT operations is a direct result of malicious tampering. The far greater risk to overall IT systems uptime comes from weak processes, procedures, and compensating controls relating to IT systems management. IT is challenged by managing large numbers of software packages made up of millions of files, along with the inability to tell which files are authorized, not authorized or from unknown, potentially malicious sources. Verification methods provide a means to validate the state of systems, both pre- and post-deployment, enabling real configuration management and control processes.

    Back to top

     
  4. Is this a subscription service?
    Yes. The solution has a subscription component to deliver signatures for commercial and open source software to your Enterprise Trust Server (ETS). These signatures are used by ETS to verify authenticity of software you have deployed across your enterprise.

    Back to top

     
  5. What is the problem SignaCert solves?
    SignaCert enables customers to prove that their IT systems are deployed exactly as they specified improving availability and stability. If systems don't match exactly, SignaCert provides a detailed list of deviations, enabling rapid diagnosis and reducing MTTR.

    Back to top

     
  6. What is verification and how does it work?
    Verification is the process of measuring your IT systems and comparing the results with an IT specified reference or standard build. This allows customers to prove that their systems are configured with only specified files and provided the ability to identify deviations from IT specified reference. The authenticity of files can be assessed by comparing their file signatures with those published by the software publisher.

    When deviations are identified, the customer receives a list of files, the products they belong to and the machines they were found on to allow the fastest, most effective remediation process.

    Back to top

     
  7. What do I do with file deviations, such as added, modified or removed files?
    Typically deviated files require additional action from the IT Department. This ranges from examining the files more closely, to remediating the individual deviations, to wiping the entire machine and building from the ground up. Appropriate disposition of devices with deviations is defined by the IT department.

    Back to top

     
  8. How do you verify an application?
    An application can be verified by comparing the files actually found on an IT system with reference file signatures for that application. You can compare files, their path, and metadata to evaluate the match. If all attributes match the application can be considered verified. If deviations are found, the user can remediate them or reinstall the application, whichever is most appropriate.

    Back to top

     
  9. Can verification identify buggy code?
    No. There are no qualitative assertions made about measured files. This technology is used to verify that IT systems are deployed as intended and to verify the authenticity of software found across the enterprise.

    Back to top

     
  10. Can this provide information about product quality?
    No. There are no qualitative assessments. This technology is used to verify that IT systems are deployed as intended and to verify the authenticity of software found across the enterprise.

    Back to top

     
  11. Isn't ETS just like a configuration management database (CMDB)?
    CMDB solutions define the configuration of and relationship between significant components of the IT environment, but do not identify the source or authenticity of software, or how individual files are related to each other and to their parent components.

    Without the ability to determine the source authenticity of files and then track them on a system through comparison to a trusted reference, there is no way to truly know what a system contains and whether it is properly configured. For example, a database server, while appearing to be properly configured, may behave unexpectedly or even fail because it contains incorrect configuration files, or development code that was accidentally promoted into production.

    SignaCert's ETS features a flexible grouping system that allows you to easily define groups of software components that reflect the desired configuration of systems and then relate them to the devices in your enterprise.

    Back to top

     
  12. How does ETS differ from change management systems?
    Unlike change management solutions, which measure files and report changes to the files relative to a previous state, SignaCert measures change from a definitive measurement point based on signatures from the authentic commercial and custom software in your enterprise.

    This allows you to identify specific changes to system configurations, and drastically reduces the amount of data generated when compared to pure change notification.

    For instance, when a patch is pushed out to a server, a change management system indicates that multiple files have changed, but the source of the changes is not definitively identified. Although you know a patch was applied to the operating system, you have no way to tell if it has been applied successfully.
    With SignaCert, you are able to tell that the changes are associated with an operating system patch stored in the Enterprise Trust Server and are therefore desired changes. You can also see down to the file level that the patch was successfully applied, leaving no ambiguity that the system is deployed as intended.

    Back to top

     
  13. What is the cost benefit?
    We don’t know yet. We will continue to evaluate the benefits provided by deploying the technology, but do not have a quantifiable metric today. That being said, the benefits include:
    • Fine grain measurement provides more comprehensive view of network
    • Faster diagnoses for tech support
    • Faster identification of unknown elements
      • Eliminate ‘known good’ elements from analysis—quickly identify endpoint configuration, including what is expected to be on a given machine, what is unidentified, and what (if any) is unauthorized. Accurate and automated identification of these elements provides significant time for technical support staff.
      • Quickly find problem elements – A policy configured to detect known bad elements can help IT staff rapidly find and address common problems.

    Back to top

     
  14. What are the intangible (hard to measure) benefits?
    • Ease of use
    • Transparent to end users
    • Improved Compliance reporting
    • Improved security and stability– due to fewer UFOs (unidentified foreign objects  ), and configuration verification.
    • Detect missing files – One of the most challenging aspects of failure diagnosis is resolving a problem which is due not to the inclusion of a malicious file, but to the deletion of a required file. The SignaCert scan utility can be configured based on an enterprise gold standard to report on expected files and determine which are missing, thus quickly enabling IT staff to repair, replace, or reinstall the missing element and restoring the system to operation.
    • Automated endpoint auditing— The SignaCert solution automatically creates reports of precisely what versions of which software is installed on enterprise systems, replacing the painfully manual, expensive, and incomplete processes often mandated and implemented by IT departments attempting to understand their environment. These reports make IT staff much better able to detect and making IT staff much more efficient at detecting pervasive or systemic problems. This helps increase the mean time between failures and does not directly impact to MTTR.
    • Preventative maintenance—Identifying issues before they become “problems” can create significant savings. Providing information about the state of endpoints helps IT staff stay “ahead” of emerging problems. This manifest itself as improved uptime for operations, increased MTBF, and fewer desk-side visits for technical support staff.
    • Compliance reports—Reports showing device and system compliance, both aggregate and device specific, helps IT departments explicitly demonstrate and document compliance and to detect and efficiently remediate noncompliant systems. Automating the reporting process helps IT spend more time solving problems rather than finding them.
    • Automated asset identification—What software is installed where? Accurate accounting of these packages saves money in license management.
    • Automated endpoint auditing— The SignaCert solution automatically creates reports of precisely what versions of which software is installed on enterprise systems, replacing the painfully manual, expensive, and incomplete processes often mandated and implemented by IT departments attempting to understand their environment.
    • Proof of Compliance—Stops the guesswork when stating compliance. Companies can state with confidence that their network and devices are as they have stated in their defined processes.
    • Granular Visibility—Compliance auditing and scanning provides instant visibility into the state of customer networks and devices. Customers deploy a scan and immediately view information whether or not any unauthorized or unidentified elements appear in their network and which specific machines are impacted. This helps the IT department make better decisions faster.

    Back to top

     
  15. Can I capture my own proprietary signatures?
    Yes. Customer proprietary signatures are captured in the Enterprise Trust Server, our appliance product. This product allows customers to capture signatures for standard builds, custom proprietary software and more.

    Back to top

     
  16. Do I need every signature for all software ever published?
    No. You need signatures that are relevant to your environment. That means you need signatures for the commercial products you use (open source too) and you need signatures for the software you develop specifically for use in your environment. This combination provides complete coverage of files that should be in your network.

    If you are intending to use this method to identify things that shouldn’t be on your network, you need a larger set of signatures. Specifically if you are intending to identify unknown or unidentified files, you may need to compare against a repository of currently published software signatures. If you are looking to explicitly identify malware, signatures representing known bad items are necessary.

    Back to top

     
  17. Are you only for large IT shops?
    No. This solution is applicable for companies of all sizes.

    Back to top

     
  18. Do you provide a hosted solution?
    We will be announcing a hosted solution (DMZ) very soon for customers with specific needs. This solution will scale from a complete service for smaller organizations down to organizations that want to pilot the technology without a complete integration effort.

    Back to top

     
  19. Does it make my current solution obsolete?
    No. This is an adjunctive technology. It only makes what you already have work better.

    Back to top

     
  20. Why wouldn’t I just capture signatures from what I know is in my network today?
    That may work for your proprietary products, but it would be very difficult to know with confidence that you had good signatures for commercially available products.

    Back to top