Turning Customer Insight into Action

We spent the last week in Boston and New York talking to reporters and analysts about some exciting news that went live today. You can read the press release here, but I also wanted to describe in my own words the significance of this announcement and how it fits into our overall vision for the market.

At Shavlik, we have been helping companies solve their complex security challenges with best-in-class patch management solutions since the ‘90s. We could have easily continued to focus solely on patch management and grown a thriving business in the process. But, in talking with our customers and listening to their needs, we quickly realized that Shavlik was in a unique position to play a larger role in helping manage their increasingly complex IT environments. And we have been doing so over the past few years by adding new functionality, such as compliance and configuration management, power management and asset management, as well as offering our products via the cloud.

Most recently we heard from our SMB customers that they needed help managing a technology that had grown ubiquitous in the enterprise but was now moving into their domain – virtualization. While the world’s largest companies have robust IT departments staffed with specialists trained in implementing and monitoring virtualized environments, most SMBs are relying on generalists to handle all their IT needs. And we found they didn’t have the tools to be successful, which led to them dealing with the challenges of virtualization in the form of VM sprawl and rogue VMs. When used properly, virtualization can transform the way an organization of any size extends their IT infrastructure. As with all technology, proper ongoing management is required to keep it stable and secure.

With today’s announcement, we are providing robust tools and expertise to help SMBs manage both their virtualized and physical environments. Our NetChk Protect 7.8 product simplifies virtualization management by allowing IT staff to control all physical and virtual machines connected to a network, regardless of their operating state. We are also offering a streamlined version of this offering in NetChk vProtect, which is the industry’s first solution to drive the transition from VMware Update Manager to traditional patch management vendors.

These announcements support our strategy to simplify the complexity of IT management for SMBs. The democratization of IT and emergence of virtualization are creating a range of challenges that require a new approach to IT management. We are leveraging our nearly two decades of experience in the market to offer compelling solutions to these increased complexities. And we will continue to innovate until all SMBs have the power of enterprise IT management solutions at their disposal. We will keep you apprised of our progress and welcome any feedback or input you have along the way.

– Mark

Cloud, Cloudy, To the Cloud!: How Quickly Words Fail

This week, in my hotel in New York, I flipped on the television to see an advertisement from Microsoft around “To the Cloud” and shortly after that commercial, up popped another commercial with someone clicking away on their iPad to access their documents in the cloud.  If that wasn’t enough, I fired up my laptop to read one of my favorite industry blogs, and who is on the side ad? – Salesforce.com.  Two minutes later, I clicked out to another blog, and Symantec.Cloud popped up.  It was enough to make me go crazy.

How many of us remember the early days of .NET?  When it first came to market, it wasn’t the development and platform play it is today.  It seemed as though everything that Microsoft published inherited the .NET suffix.  If the trend had continued, can you imagine our Xune.NET’s, our XBOX 360.NET?  For a brief term, a technical term that had a great foundation turned into a marketing initiative, forever bastardizing the term and turning what was a brilliant platform play into a consumer-disorienting marketing strategy which left us all trying to figure out what .NET meant.

Fast-forward to 2011… here we go again.  “TO THE CLOUD!”  “I’m in the cloud”  “We run our business in the cloud.”  “Secure with the cloud” “We run a hybrid cloud”  — Here we go again killing another great technical term with so many different definitions that will drive the word into obscurity.

For those of you that follow me, I’m going to do my part to not see the word fall into oblivion.  Starting now, I’m taking an oath… and oath to save the word.  How am I going to accomplish this task? – It’s really simple actually, I want to remove the obscurity and come back to the roots of the cloud and the core decisions an organization makes to enable their cloud.  Simply put, let’s break the cloud back into it’s micro components.  Let’s talk about people using virtual servers in the cloud about working with Infrastructure-as-a-Service and not bastardize the word.  It’s a really simple equation:

  • Software-as-a-Service (SaaS):  An application or line of business function that is performed using a cloud application like Salesforce.com, NetSuite, SuccessFactors, Google Apps or Microsoft Online Service.
  • Platform-as-a-Service (PaaS):  This category gets a lot more vague, but is comprised of platforms in the cloud that enable applications to exist in a copacetic manner.  Great examples of this would include things such as the Force.com platform from Salesforce, or Google App Engine from Google to name a few.
  • Infrastructure-as-a-Service (IaaS): This category comprises infrastructure existing in the cloud.  This category blends somewhat with PaaS depending on your environment, but if you can access a raw server in the cloud and remote in like an Amazon EC2 instance or GoGrid server, you are clearly in this category.  It’s still up to you to manage the infrastructure beyond the base management that the provider gives you.  Recently, certain other services like DNS on Demand are starting to infiltrate this category as it truly is infrastructure, but I’m a purist on this.

Let’s all fight back… let’s be specific.  Today, I talked to a reporter and he mentioned the word cloud isn’t something most business wants to hear… He’s right, it’s all about how the cloud is used… not about just using the cloud.  Join the cause… keep the cloud from falling into a marketing oblivion!

It’s ironic, as I write this blog, I’m on a flight back from New York to Minneapolis.  I guess I have to hit it one more time myself before I start safeguarding the word… I guess you could say, I’m in the cloud right now.

– Rob

IT.Shavlik offers relief for patching Apple products

If you have not already heard, Shavlik has released a new version of IT.Shavlik that includes our latest engine
enhancements.   (For all you NetChk Protect users you are getting the new engine in NetChk Protect 7.8.)
This includes archive file support.  Along with support for more products we are finally going to wave
goodbye to painful support issues introduced by Apple installers back in Apple iTunes 9 and Apple QuickTime
7.6.4.  For more details on the issue you can read up on a previous post regarding the changes Apple made to
their installers.  I am going to walk you through the IT.Shavlik experience so you can see how easy it is to
patch your systems using a SaaS Patching Solution.  This example is going to specifically look at a broken install
of the latest iTunes 10.1.2.

If you have not already you can register to a IT.Shavlik account and receive FREE Unlimited Patch and Asset

I have a system with iTunes 10.1.2 which was install using the /passive /quiet switches.  Not AddRemove
Programs shows iTunes present, but you will see a later screenshot with more iTunes related services.

If I try to open iTunes or Quicktime in their current state I will get the dreaded AAS Error.  (If you have never seen it do a Google search and you will find many others who have.)

Let’s go and fix it right now using IT.Shavlik.

1 Login to IT.Shavlik and click on the FindIT button to discover machines.

2 Select your method for scanning machines. In my case I created a Machine Group which had the machine I had installed Apple on.

3 Once the scan completes you can select machines then on the right click FixIT (or click FixIT and select a machine group to deploy to in the FixIT Deployment window).

4 Note the iTunes and Quicktime patches.  Now these applications are both installed at the current versions on this machine, but since the AAS service is not present the Shavlik Engine knows it is a broken install and allows us to deploy the install once again.  Click on FixIT to deploy.

Patches will install.  May take a bit depending on how many you push.

5 Observe the Happy iTunes install on the target machine and sigh in relief that we will never have to worry about this issue again.  Apple Application Support and Apple Mobile Device Support are now both present and accounted for.  (Either service not being present would result in an inoperable iTunes)

Happy Patching Everyone!


Chris Goettl
Product Owner
Shavlik Technologies

SimplexITy Bundle Savings of 80 Percent

Shavlik Technologies has announced a bundle promotion of up to 80 percent off its IT management products.  So, why call it “SimplexITy”?  Because helping IT organizations manage complexity is what we do.  In fact, Wikipedia has an interesting definition of simplexity:

  • Complexity tends to rise as system elements specialize and diversify to solve specific challenges.
  • Simple interfaces tend to improve the usability of complex systems.

We couldn’t agree more with this definition.  The complexity of IT administration has rapidly increased as more and more third-party applications, devices and platforms join today’s corporate networks.  The SimplexITy bundle is designed to meet this increased complexity and simplify it to save customers both time and money.

The SimplexITy bundle delivers the following solutions at a fraction of the cost (up to 80 percent):

  • Patch – for agentless patch management
  • Configuration – for configuration and compliance management
  • Antivirus – enterprise Antivirus + Antispyware + Antimalware engine
  • Power Management – centralized control to power machines off in the evenings and on weekends AND wake machines up to deploy critical security patches.  This helps companies save both energy and money.

Click here for more information.

-Mike Bleakmore
Product Marketing Director
Shavlik Technologies

IT.Shavlik Now Provides Apple Application Support Patching

Last week Shavlik released a new version of our IT.Shavlik.com product.  With the release IT.Shavlik.com provides patching for archive files.  Most vendor patches are released in exe, msi or msp format.  With these patches we are able to silently deploy to a system.


For Apple iTunes and Apple QuickTime the vendor patch contains multiple installers.  When deploying silently, Apple Application Support is not installed.  This breaks the functionality for iTunes and QuickTime.  If you want to learn more, check out my blog posting here.

With our new patch detection and deployment, IT.Shavlik.com will look for iTunes installed and whether Apple Application Support is installed or missing.  Simply deploy to your machine, and iTunes will reinstall with all of the components!

As you can see in this screen shot, IT.Shavlik.com is reporting that iTunes is not fully installed on my system.  In fact, iTunes is installed but Apple Application Support is missing.

While you are at it, you might want to look at patching anything else that is missing on your machine.  Microsoft’s Windows Update covers all Microsoft patching, but you could be missing critical 3rd-party patches.  IT. Shavlik provides unlimited free patch scans for your systems and free deployments to one system.

Happy Patching!

– Jason Miller

Patching is Fundamental

If you grew up in the 1970s, or had a child during that era, you’ve probably heard of the non-profit organization Reading is Fundamental. The group is focused on children’s literacy, and how learning to read is the foundation for kids to build a more secure future through the motivation and inspiration they can develop through books.

Fast forward a few decades, and perhaps we might need a new, but similar, campaign directed toward the business community. This one, perhaps, should be called Patching is Fundamental. It would serve as a foundation for ensuring that corporate networks have a more secure future, minimizing or even eliminating the opportunities for viruses, malware or hackers to attack.

Read any computer security report today and it will offer the same conclusion: patching – of both operating systems and applications – is the fundamental effort that any organization should undertake to improve its security profile.  In fact, even the SANS™ Institute, a trusted source for computer security research, has acknowledged that unpatched client applications are the top security threat facing organizations today.

Recently my colleague Rob Juncker discussed the importance of implementing a proactive security process that includes patch management best practices. Businesses need to take a hard look at their security policies and the activities they’re taking to protect their systems. And they need to consider more than just the Microsoft applications, because the threats are coming from every angle. While Microsoft software often is believed to be least secure and vulnerable to cyber attacks, it’s actually applications from other organizations that are more problematic. According to reports from the National Vulnerability Database, the top 10 threats in 2010 were not Microsoft applications. Instead they were third party applications from Adobe, Apple, Java or Mozilla, to name just a few.

If your organization doesn’t have in place a patch management process, that looks at all applications and operating systems used by your employees, now is the time to do it. You need that foundation in place, or any other security efforts will be for naught. Remember, patching is fundamental.

-Nicole Amsler
VP, Marketing
Shavlik Technologies

Reaping the Benefits of Power Management: Savings, Security and Social Awareness

In every organization, each division has its own goals.  The CFO wants to save money.  The CIO wants to ensure network security. And the CEO and marketing department want to take steps to strengthen the company’s reputation and competitive position in the eyes of customers, partners and the community.

These goals don’t have to be mutually exclusive. There are solutions an organization can implement that can help each group achieve success in reaching their objectives.  One such solution is power management.

Power consumed by computers, servers and peripheral devices have a significant impact on almost every facet of an organization’s operations – from the money it spends on equipment and electricity, to its ability to protect against Internet attacks, to being perceived as socially responsible and environmentally aware.

Implementing a power management solution can help an organization achieve:

  • Savings – Lowers electrical costs, reduces cooling expenses and results in a less frequent need to replace equipment.
  • Security – Minimizes risks of cyberattacks and gives IT better management control over computer systems for software updates.
  • Social Awareness – By reducing use of electricity, it helps an organization shrink its carbon footprint and lessen its impact on the environment.

If these types of results are important to your organization, click here to learn how to implement an effective power management strategy.  The process is no longer costly and complicated.  We’ll show you how power management solutions can be easily deployed and can help your organization reduce costs, improve security and become a greater steward of the environment.

-Mike Bleakmore
Product Marketing Director
Shavlik Technologies

What is Patch Management Double Vision?

Last year Mark Shavlik commented on the changes that cloud computing and virtualization would bring to the business of IT. One of the main challenges he highlighted was the decision to adopt virtualization technologies and cloud-based services, and tying them squarely to a business need and the desired user experience.

As expected, IT organizations have gained huge efficiencies by making the decision to employ virtualization technologies throughout their IT infrastructure as well as moving some of their internal IT operations to the cloud. According to Gartner, by 2015 virtualized systems likely will be more secure than their physical counterparts, but until then, it will be tough for organizations caught in the middle of this transition.  In an article from SC Magazine, Gartner blamed the delay on organizations’ failure to involve the IT security team in its deployment projects, in addition to immature tools to protect these new environments.

With the rapid proliferation of virtual machines, IT organizations have found it increasingly difficult to maintain control over their combined physical and virtual environments. In many cases, the challenges being faced revolve around a lack of visibility, lack of end-to-end control, and the inability to manage risk across the two types of systems.

IT organizations must examine their virtual environments, and understand the scope of the virtual environment. Armed with visibility into their virtual environment, it is critical to implement a formal patch management plan that incorporates a single set of processes and tools to help keep both the physical and virtual environments up and running with the latest patches. In short, it shouldn’t matter that the machines are virtual; all IT systems should be managed together in the same fashion, with the same objectives.

Here are some examples of common gaps in virtual machine patch management:

– Rogue virtual machines – unplanned and unmanaged, and often times unpatched virtual systems are popping up all over the organization, exposing the infrastructure to unnecessary risk

– Offline virtual machines – virtual systems may be seen as unavailable when patches and other updates are being applied, bringing risk to the network when they are brought back online

– Virtual machine templates – it is common to stand up new virtual machines using templates, but these templates are often dated and missing patches and other updates when they are eventually converted to virtual machine images

– Physical and virtual separation – because of the challenges above, it has been easier to treat the physical and virtual environments separately rather than having a common set of management policies. But, continuing to do so will only increase the inefficiencies and leave the organization’s network vulnerable to attack

An ideal patch management strategy is to consolidate both physical and virtual management policies into a cohesive patch management program where IT can gain efficiencies and ensure security across the entire network. When IT has the ability to manage patches across both environments, they can benefit from reduced staff workload and reduce the risk of attack against unpatched, and therefore vulnerable, systems regardless of their physical or virtual state.

We encourage IT to eliminate patch management double vision by taking back control of their patch management environment as a whole.

Mike Bleakmore
Product Marketing Director
Shavlik Technologies

Best Practices for a Proactive Approach to Patch Management

There is a difference in regards to how people implement security.  This couldn’t be any more evident than the manner in which the United States implements airline security.  A reactive approach is what we currently employ where countless TSA agents carefully screen bags as we pass through metal detectors to attempt to control security at an instant in time.  Is this where security begins?  Absolutely not.  Security should begin the instant I buy my ticket on the airline as psychology teaches us we can more readily identify the sources of terrorism by knowing who purchased that ticket, not knowing what they are carrying through an airport.  The same logic applies to patch management.

The average computer that we track at Shavlik contains no less than 120 discrete software titles that range from device drivers which operate the individual machine to enterprise databases which every computer in a corporation connects to in order to operate the business.  Each software title that exists on these machines can be exploited.  Regardless of the use of these titles, they all open up new attack vectors for someone to gain access to your information or use your machine in a bad way.  To our TSA example moments ago, if we try and use the equivalent point-in-time devices on the order of metal detectors and scanning equipment alike by filtering exploits by firewalls on the computer, or via anti-virus, the computer will eventually succumb to the attacks as the software utilizing security exploits grows faster than the reactive measures could possibly handle.  However, if we implement proactive security like understanding and recognizing exploits, and shutting down the source of an exploit before a hacker could actually exploit it, we’re creating a safer world.

In a perfect world, anti-virus wouldn’t be necessary, and firewalls wouldn’t be necessary.  Truthfully, if there was a magic switch on the wall that we here at Shavlik could flip to turn off the darkness, we would flip it.  Don’t worry about us though, we have enough other things going on for our company.  In the absence of our magical switch though, we turn our focus to making the world as less-dark as possible by taking proactive approaches to patch management to ensure all of our customers’ networks are safe and secure.

To that end, Jason Miller, myself and others from our organization have collaborated on a Whitepaper to discuss the importance of patch management in a world which is fraught with threats.  In our world today, threats come from every direction… Malware, Viruses, Information disclosure and Denial of Service.  We aim to see the end of these risks for our customers.  In our whitepaper, we discuss

  • The importance of a critical assessment.
  • The importance of patching beyond just Microsoft.
  • How to set a schedule for patching.
  • How to partner with an expert for patching.
  • How to automate and simplify as much as possible.

It’s time we stop controlling threats when they present themselves.  It’s time we start preventing threats before they become controlling.

For more information or to download our White Paper, please click here.

– Rob

Federal Government Budget Woes: The Trickle-Down Effect on Network Security

The budget battle is now being waged on Capitol Hill, as key committees and lawmakers seek ways to fund the federal government through the rest of fiscal 2011.  And, if they can’t come to a resolution by March 4, there’s a risk of a government shutdown. Given that the deficit is now estimated to be about $1.5 trillion, it’s certain that any proposed budget will include a significant amount of spending cuts. For instance, one Republican proposal from the House of Representatives recently sought $32 billion in cuts from current spending levels.

While it is still to be seen what aspect of government operations will be impacted by the spending cuts, if agency IT departments are impacted, there may be a trickle-down effect on the overall health of our nation’s network security.

According to our sources, the continued tightening of agency budgets and mandated security audit procedures are requiring IT departments to do fundamentally more with fewer people and less resources.  And commonly used programs, such as Adobe PDF Reader and Flash, Apple QuickTime, Google Chrome, Mozilla Firefox and Microsoft Office applications are the primary initial infection points that hackers and others with malicious intent use to compromise computers that have Internet access.

Every day, new threats that exploit these applications are identified and require patching to maintain the baseline security set by government mandates. But for agency IT staff, making sure that the millions of computers in use by the federal government are protected can be a time-consuming, inefficient, and – perhaps cause for more concern – not an entirely comprehensive way to protect all the endpoints that could be infected.

As network security threats increase in number and in the ways they can infiltrate a system, I’d argue that one line item in the budget that shouldn’t be cut – and perhaps should receive additional funding – is for support of network protection.  It’s not just a matter of cleaning up a pesky worm – it could be a matter of national security if hackers find their way into unprotected systems.

-Nicole Amsler
VP, Marketing
Shavlik Technologies