Software whitelisting is becoming strategic for protecting compute devices. Who builds and maintains the list is one of the more significant issues
Portland, OR (PRWEB) April 21, 2009
SignaCert, the leading provider of IT Compliance solutions based on whi-telisting methods, today announced that it is working with Microsoft to exchange known-provenance whitelist methods, standards, and content. Additionally, SignaCert will act as a "trusted third party" to aggregate Microsoft and other Independent Software Vendors (ISV) software measurements as a part of its existing Global Trust Repository (GTR) offering.
The collaboration, sponsored by the Identity and Security Division at Microsoft, expands the group's business scope by adding deep software object reputation services to be delivered under the Microsoft Security Advisory Service (MSAS) branding.
"This is a very important step in enabling much better trust, security and management solutions for Microsoft customers. It underscores the ongoing commitment of Microsoft to provide expanded object reputation services within its products and services as new security standards and methods evolve," said Greg Kohanim, Product Unit Manager of Microsoft. "As an ISV, Microsoft is proud to extend this common repository with its own information to enable the industry to increase security across the board.
A repository of known-provenance and vendor-independent software measurements, or "whitelists", is crucial to enable new IT platform security methods including application-enforcement based on "allow lists". Whitelist methods are evolving quickly adding defense in depth by supplementing blacklist (i.e. anti-virus) methods commonly used on enterprise and consumer computer systems. Allow listing can enable only authentic and authorized software to be loaded and executed, significantly enhancing IT security, stability and compliance.
"Software whitelisting is becoming strategic for protecting compute devices. Who builds and maintains the list is one of the more significant issues," said Neil MacDonald, VP and Gartner Fellow. "Since ISVs are the source of much of the software (including the OS foundation), it makes sense to have the worldwide ISV community contribute, in a standard way, to a whitelist that has the broadest adoption and impact versus the complexity involved in building or contributing to proprietary databases."
Today's announcement substantially expands the scope of the previously announced collaboration between SignaCert and Microsoft dated February 7, 2007 (http://www.signacert.com), which focused on enabling enhanced device health for the Network Access Protocol, or NAP, methods.
The relationship now encompasses three areas of additional collaboration:
- SignaCert to deliver rich content services with direct-from-Microsoft software measurements
- Microsoft to deliver products with known-provenance, cross-platform third-party content aggregated by SignaCert
- Data Exchange Format to be made available for ISV/OEM Partner use
"Traditional approaches to managing and securing IT systems through blacklist are important, but are reaching scale and efficacy limits," said Wyatt Starnes, Founder and CEO of SignaCert. "Rich whitelist resources, based on a standardized repositories of known-provenance, vendor-independent software measurements, is an important new tool in the IT arsenal. Microsoft's broad endorsement of this concept is a giant step forward toward a more secure, compliant and cost-effective computing environment."
ISVs interested in including their software measurements to the Global Trust Repository and OEMs interested in whitelist content licensing should visit http://www.signacert.com/partners
The terms of the agreement were not disclosed.
SignaCert is the leading provider of end-to-end and partner-based IT compliance solutions based on known-provenance whitelist technology. These methods allow SignaCert's direct customers to rapidly achieve and prove continuous compliance for the systems that deliver critical business services. The SignaCert architecture is designed to seamlessly integrate with existing change processes and continuously monitor critical business services without disruption.
Additionally, SignaCert's OEM and ISV Partners can supply to, or license content from, the SignaCert Global Trust Repository (GTR), adding new and important capabilities to their product offerings. All use cases are supported by a rich repository of vendor-independent software measurements. These "white" or "allow" list methods enable SignaCert's patented technology to be quickly deployed and provide immediate visibility into the actual state of IT infrastructure.
Founded in 2004 by 34-year IT security and compliance industry veteran Wyatt Starnes, SignaCert has assembled a world class team of industry leaders with hands-on IT experience for its executive team, board of directors, and advisory board.
SignaCert's end-customers span a wide variety of industries, including financial services, government, and healthcare.
For more general information visit: http://www.signacert.com.