Virtualization and the Unidentified Risks

Today the number of virtual machines (VMs) being introduced into the enterprise IT environment is proliferating and SMBs are beginning to evaluate how they too can benefit from bringing VMs into their environments.  For SMBs the benefits can include: more agile and high available environments, lower total cost of ownership, and reduced downtime of critical servers.

However, as the level of virtualization adoption continues to increase at a very rapid pace there is a rising concern about the ever increasing number of “unidentified risks” that accompany this growth. Companies large and small are moving to implement some form of virtualization, but because of the ease of which these virtual systems can be created, there are also some inherent challenges.

Because a VM can be spun up – in many cases “undetected” – this presents some very real concerns for IT Managers.  Without the proper tools to identify the addition of any new VM on the network, most IT organizations are operating in a handicapped state. IT must consider the following when bringing VMs onto the network:

1. With the absence of any form of “virtual machine discovery” tool, how would IT even begin to know how many VMs are currently running in their environment?

2.  One of the greatest concerns with VMs that get spun up is that they are created with an “old image” which may not be updated with the latest patches, thus introducing unnecessary risk.

To counter these concerns, there are tools available today to help address the “unidentified risks.”  If the concerns I’ve outlined above sound familiar…there is hope! Check out http://www.shavlik.com/sol-virtualization.aspx for more information on the challenges I listed above.

Dave Eike
Shavlik Technologies

How Much Time is Your Antivirus Solution Costing You?

If you are like most customers in the SMB space, it’s too much.  Antivirus has been around for years. Each year it seems to bring a new list of features designed to better protect your organization. That being said, this also requires your IT staff to invest more time to learn about and implement all of these new features. In addition, each new feature requires more system resources to run and tends to slow down the system’s overall performance. When was the last time you ran out to buy a new computer just so you could install the latest/greatest antivirus application?

Antivirus has become a necessity rather than an option, and antivirus products have grown over time with newer features to combat the latest threats—we started with Signature-based antivirus, and then moved into Heuristic-based antivirus, and now we have personal Intrusion Prevention Systems that monitor everything that runs or is trying to run on the system. Oftentimes these new features are implemented in newer agents or management packs that are loaded on the endpoint and consume more CPU resources- RAM, Storage, and/or CPU.  Due to the excess workload from these new features/applications/agents, it’s likely that systems have less processing power to actually power the business applications—all of which cost IT time and money.

How often do you turn on every single feature that an antivirus solution makes available? If the answer is “not often,” then why not? The answer we at Shavlik often hear from customers is it “makes the system too slow” or “it’s too difficult to configure.” However, if you do actually take the time to configure all of these new features can you actually get any work done on the system?

So what is the answer?  Don’t accept that your only option is to sacrifice actual computing time and resources just so you can have a secure system. There are antivirus solutions on the market today that consume fewer resources and provide state-of-the-art security. In addition, antivirus is not a standalone security solution, it is part of your IT toolkit that should be layered with solid patch and configuration management policies and procedures.  The benefit of this three-tiered approach to network security, especially if using a one-to-zero agent rollout, is that you will spend less time managing your solutions and more time actually getting work done and focusing on making IT a resource center vs. a cost center.

In today’s evolving threat landscape, cutting-edge techniques and a multi-layered approach to IT management are the best defenses to win the cat and mouse game that is malware creation and immunization.  For more information about how to gain control over your IT environment, download this white paper today.

– Nik Patronas
Shavlik Technologies

The IT Continuum: Specialization, Integration and Consolidation

In any company, market or industry the general path of evolution goes in three stages which consist of

  • Specialization
  • Integration
  • Consolidation

In IT, the path is no different.  If you chart the path of IT organizations, they start by putting systems into place for a specific purpose of delivering a piece of functionality that can be easily controlled and manipulated by them.  As the systems continues to mature, the need to have a specialized server for that purpose begins to diminish and the organization begins to integrate their systems.  Ultimately, multiple applications (which probably have some overlap) get consolidated into an optimized environment.

In the recent years, we’re seen virtualization and clouding technologies come to light that further enable fast integration and consolidation.  Due to these technologies many organizations are going straight from specialization of systems to consolidation of systems without a plan to be able to manage them.  The key central step which many organizations overlook is the integration phase of this continuum where they need to be able to codify and enforce policies for consolidation that gives their IT teams visibility into the assets that exist on and off their network.

Problematic as it is, there are some clear places to start, especially as it pertains to consolidating a Microsoft infrastructure.  First, in general, IT has to change their paradigms for management and enable policies and technologies on their network that is proactive in finding and managing assets that would appear on their network.  These technologies exist in a number of different products, but it is essential that they find a way to use agentless technologies to scan their IP Address space to determine what virtual machines (or physical in the case of mobile devices) might be roaming onto their network.  By using technologies like these, organizations can proactively manage new devices on their network as opposed to being surprised by rogue Virtual Machines (VMs) and more problematic VM sprawl.

Second, IT policies alone are not enough either.  Gone are the days where IT administrators could draw their network diagram in a Microsoft Visio file.  If an organization is truly doing virtualization correctly, they are probably doing some combination of private cloud and public cloud.  As a result of this, the IT policies need to be architected in a way where they extend to the broader cloud and virtual context and the results of those IT policies are being returned so organizations have a single-pane of a glass by which to view their IT environment.

Overall, security is something that has to be managed and dealt with up-front.  By combining the right policies, technologies and consideration for cloud, security should be no less daunting than implementing core policies.

– Rob Juncker

Shavlik Introduces Complete Coverage for Virtual Machines

According to IDC, one out of every five new server operating systems is a virtual machine (VM). Organizations of all sizes are optimizing the use of their server hardware with virtual technologies. Managing these virtual machines presents a new set of challenges because, in many cases, these VMs are offline or templates and are often overlooked in the normal patch routine.

NetChk vProtect is Shavlik’s latest offering to help IT professionals manage the proliferation of virtual machines on their networks. vProtect leverages Shavlik’s industry-leading patching and IT management technology and focuses entirely on virtual machine environments.  vProtect is the only solution with complete coverage for virtual machines, whether online, offline or templates.

Shavlik NetChk vProtect provides the core functionality of VMware Update Manager (VUM) for patching the VM guest OS and 3rd party applications. Here are some examples of other features and capabilities included with vProtect:

  • Discover rogue VMs you didn’t even know existed with its unique agentless scanning technology
  • Dynamically detect the power status (online or offline) of your VMs at patch deployment time
  • Scan and patch VMs regardless of power state
  • Scan and patch VM templates
  • Take a snapshot of VMs before and after patching to enable rollbacks and for disaster recovery
  • Isolate VMs from the network during the patching process
  • Perform queuing of VMs during patching to limit the impact to your ESX server

Download a one CPU evaluation copy of vProtect for FREE today.

– Mike Bleakmore
Product Marketing Director
Shavlik Technologies

Spiceworks as an IT Solution

When Shavlik began conversations with Spiceworks regarding partnering and integrating our technology into their community I was asked by Marketing to familiarize myself with their community and what it has to offer.  The functionality they offer free of charge is great.  Their Dashboard has many interesting widgets.  Even one for Shavlik showing patch releases and Product Blog postings.  They have some interesting Inventory features and HelpDesk options built into the site as well.

What I have found most valuable on Spiceworks is the rest of the Community.  It really started with my spice level.  Participation in Spiceworks is rated on the Scoville scale beginning with Pimento and going all the way to pure Capsaicin.  A little healthy competition?!  Of course I need to get my spice level higher!  I can’t be branded a Pimento and leave it at that!  I did the first and easiest thing to get up to the next pepper level.  I finished my profile.  100 points!  By the way, 100 points is exactly what you need to get to the Sonora pepper level.

Ok, so now I am hooked.  I can’t just stay at Sonora level forever.  Time to browse the Answer Questions section.   Here IT Pros can ask questions and get answers.   Read a post, spice it up (their version of Like) for a spice point.  Reply to a discussion for 10 points.  Someone votes your response as helpful and you get 25 more points or if you are selected as the best answer you get 50 additional points!  Cool.  So I can browse a few forum posts each day and generate some points.

I moved on to other parts of the community, did a survey, reviewed some software, and found that you can also write how-tos, post scripts in any scripting language and get points for downloads, etc.  Attend local Spice Group meetings with IT Pros in your area for even more points.  I achieved Pablano status and am well on my way to Jalapeño and I stopped to think about what I had done so far.   I found some interesting scripts that actually helped me figure out a few things for customers I had been working with and in figuring those issues out I wrote a few scripts and posted them to the Spiceworks community to get feedback from them.  Found some great product reviews on tools I had not used before.  Downloaded and tried a few.  This is social networking at its best.  You get to turn what you have to do into a healthy competition and get a lot of value for “Free” (my time not calculated in the “Free” membership).

I highly recommend checking out Spiceworks if you have not already done so.  Small IT shops will especially find value here.  You can tap into the knowledge of over a million Spiceworks users for recommendations and assistance.  The community is quick to respond and offers great advice.  If you do join the Spiceworks community, find and follow the Shavlik Group to get answers to your patch questions.

Also check out the recent post from DaveEike to see more about the benefits that the Shavlik and Spiceworks partnership offers end users.

Regards,

Chris Goettl
Product Owner
Shavlik Technologies

Microsoft Security Advisory (2524375) Released

Microsoft released a new Security Advisory (2524375) on March 23, 2011.  It affects all Windows operating systems.  A vulnerability exists in digital certificates issued by Comodo.  These insufficiently signed certificates allow attackers spoofing capabilities and perform phishing attacks, or man-in-the-middle type of attacks against Internet Explorer web browsers.  The attack vector for this vulnerability is also executable against third party web browsers installed on all supported versions of Microsoft Windows, as well.

Comodo has revoked the following Web properties certificates:

login.live.com

mail.google.com

www.google.com

logine.yahoo.com (three certificates)

login.skype.com

addons.mozilla.org

“Global Trustee”

These certificates have also been added to the Certificate Revocation List (CRL) maintained by Comodo.  Browsers enabled with Online Certificate Status Protocol (OCSP) will block these certificates from being used.

– Jason Miller

Consumerization of IT: a Report from MMS 2011

The Shavlik team has had a great time this week at the Microsoft Management Summit. Microsoft did a great job of creating an environment where customers and partners can come together and share ideas and best practices.

In his keynote, Brad Anderson, Microsoft’s VP of Security and Management, laid out the challenge for IT today, namely the consumerization of IT:

  • With rigid policies, business users have been going around IT and deploying applications in the cloud (Azure, Amazon)
  • How does IT manage increasingly heterogeneous devices and ensure “anywhere productivity”?
  • How can you do all this and while protecting corporate data and assets and maintain compliance?

Microsoft’s solution is System Center Configuration Manager 2012 (now in Beta 2). System Center is Microsoft’s centralized point that helps manage the consumerization of IT. Microsoft’s bold promise is that SCCM will help empower people to be productive from anywhere on any device while improving IT effectiveness and efficiency.

So, if Microsoft is embracing the consumerization of IT and delivering the tools to support it, how does IT keep all of these 3rd party applications updated and patched? Well, the Shavlik booth has been busy all week answering that question. Shavlik SCUPdates plugs in directly to SCCM and leverages what is often a substantial investment. There’s no need for a separate console, a separate application running in parallel, or yet another agent to install on the client. SCUPdates delivers comprehensive 3rd party patching while keeping SCCM as the “single pane of glass” to manage your network.

Enabled with the right tools, IT professionals can empower their users, unify the IT infrastructure, and ultimately simplify IT. We couldn’t agree more.

Thanks to Microsoft for hosting us and to all our existing and future customers that visited us at MMS 2011.

– Mike Bleakmore
Product Marketing Director
Shavlik Technologies

The Strength of A Partnership: Shavlik & Spiceworks

Since 2007, Spiceworks – a cloud based, social IT management technology company, has quietly evolved into one of the world’s largest IT technology service providers. With more than 1.3 million users and even more machines under management, Spiceworks has made an incredible impact on the world of IT.

In 2010, Shavlik and Spiceworks entered into a partnership that benefits existing Spiceworks users. Currently, the majority of Spiceworks users leverage Microsoft Window Server Update Services (WSUS) to aid in managing the challenges associated with patch management. Over the past three years, one of the most requested features by Spiceworks users has been enhanced patch management, more specifically, a built-in patch management solution that addresses both Microsoft and non-Microsoft applications alike.

This is where the strength of the partnership comes in. Spiceworks is now offering Shavlik’s IT.Shavlik.com cloud-based patch management technology to its entire community, and will soon fully integrate Shavlik’s technology into its platform. To date, the feedback from the Spiceworks users has been nothing short of elation:

“Being in the financial industry, I was a bit leery when it came to cloud-based services especially patch management.  I happened across an ad for IT.Shavlik.com on Spiceworks.com; I followed the ad to find out a bit more and was interested (but still skeptical). After talking with Shavlik Customer Service and asking a few questions on the Spiceworks forums, I decided to test out the free version and scanned my machine.  I found nothing to patch.

I then scanned another five machines, and found 22 vulnerabilities in a matter of five minutes.  The fix it portion of the application took only 20 minutes to download and deploy patches to those machines!  As I am writing this, I am scanning my domain and deploying patches across more than 40 machines, and saving myself hours of headaches! If you are an IT “everything” to your organization, you owe it to yourself and your company to take a look at IT.Shavlik.com—unless of course you have an abundance of time to waste and like deploying patches manually.”

Matthew Hildebrandt
Assistant Vice-President – Information Technology
Integrity First Bank

What’s exciting about the partnership between Shavlik and Spiceworks is the potential to help over a million users save countless hours, and save thousands of dollars, all while addressing a problem that is yet unsolved by many—the ability to effectively patch.

Dave Eike
Shavlik Technologies

Adobe Releases Critical Patches

As expected, Adobe has released critical security bulletins for Adobe Flash, Air, Reader and Acrobat.

APSB11-05 was released yesterday addressing a vulnerability (CVE-2011-0609) that is currently being exploited in the wild.  It is important to address this vulnerability on your network as soon as possible.  This security bulletin affects Adobe Flash Player 10 and Adobe Air 2.5.

APSB11-06 was also released and addresses the same vulnerability in Adobe Reader and Acrobat.  According to Adobe, there are no reports of active attacks on this vulnerability.  However, this should be patched as soon as possible.  This security bulletin affects Adobe Reader/Acrobat 9.4.2 and Adobe Acrobat/Reader 10.0.1.

Now this is where it gets confusing for some people (including me).  Last week, Adobe announced the security bulletin for Adobe Reader 10 would be released in the next scheduled security release in June 2011.  If you read the bulletin page for APSB11-06, the article states:

“Adobe recommends users of Adobe Acrobat X (10.0.1) for Windows and Macintosh update to Adobe Acrobat X (10.0.2).”

Adobe is contradicting with this statement.  Keep an eye on Adobe Reader/Acrobat 10 to see if they actually update this vulnerability sooner than later.

– Jason Miller

Get in the Driver's Seat with Shavlik at MMS 2011

Shavlik is looking forward to participating in the Microsoft Management Summit (MMS) in Las Vegas next week. We’ll be in booth #523 where we’ll be demonstrating Shavlik SCUPdates, our 3rd party patching solution that plugs into Microsoft’s System Center Configuration Manager (SCCM).

In every conversation we have with our customers, partners, industry experts and IT managers, everyone agrees that patching 3rd party applications is a critical need. In fact, Gartner, CERT and SANS all say that 90+% all exploits take advantage of known vulnerabilities where patches have been made available but not applied. Furthermore, four of the five most exploited applications were not Microsoft products. So, if you’re using SCCM to patch your Microsoft infrastructure, what are you doing for the 3rd party applications on your network?

Shavlik SCUPdates plugs into System Center Updates Publisher (SCUP) and delivers the detection and deployment logic to patch non-Microsoft applications (we actually cover the Microsoft apps too). With Shavlik SCUPdates your Adobe Reader, Flash, Firefox, iTunes, to name a few, will all be patched and up to date.

SCUPdates will maximize your investment in SCCM and save your system administrators time and aggravation.

So, if you’re in Las Vegas next week, please stop by and say hello (you could win an Xbox 360 with Kinect).

Click here to learn more about Shavlik SCUPdates.

-Mike Bleakmore
Product Marketing Director
Shavlik Technologies