Security Resolutions for 2014

The holidays are nearly over and many of us are starting to think of resolutions as we start a new year.  You may be contemplating diets, kicking a habit, getting a gym membership or excise equipment at home, but at the office, think about ways to improve your security in 2014.  Here are some suggestions to contemplate.  These are probably already problems or projects you have been thinking about and maybe you already have them solved or planned out to solve this next year.  If you haven’t, keep in mind all of these are possible with Shavlik Protect.

Increase patching frequency for your end user machines:

  • Microsoft may only release patches once a month, but the 3rd party apps on your systems are updated throughout the rest of the month.  Products from vendors like Adobe, Java, Google, Apple, Mozilla, and others are a prime target for hackers as many companies neglect to update them.  Our Content Team releases new data multiple times each week which includes security updates for these products.
  • Talk to vendors who are holding you on a vulnerable version of software due to a dependency on their application.  A good example of this is Java Runtime.  If you have software dependent on an older version of Java this is a risk to your environment.  I can’t tell you how many companies I talk to that have a dependency on a version of Java 6 due to a software vendor who has a dependency on a specific version of Java.  There are known exploits and off the shelf software to take advantage of them making this an easy target for hackers.
  • Check for End of Life software on your systems.  Shavlik shows software titles that have reached EOL with their vendor.  Any titles that are no longer supported become a risk to your environment and should be updated or removed if possible.

Secure your virtual infrastructure: 

  • Securing the Guest OS is all fine and good, but if you do not patch the infrastructure it is running on you are still putting the most secure VM at risk.  With Protect you can patch Citrix, Hyperv-V, and VMware ESXi (Protect 9.0+) infrastructures.
  • Update VMware Tools.  VMware Tools are required for a lot of functionality on VMware VMs.  They are also a security risk.  Ensure you are updating the Tools version on your VMs.  Keep in mind if you do not update the Hypervisor tools version then the status for VMware Tools being up to date is not accurate.  You should ensure you have the latest tools updates applied to your Hypervisors.  There can be a delay and possibly a VM reboot before the Tools version shows out of date after you update the tools version of your Hypervisor.  Protect will detect and push the latest version of tools to systems which may be newer than the version your Hypervisor is evaluating against.

Extend your coverage outside your environment: 

  • Laptops that move in and out of your network regularly can be a risk to your environment.  It is important to ensure these systems are updated more frequently.  They move beyond your corporate perimeter security measures and often reside on public networks exposing them to greater risk.  With Protect 9.0 you can now enroll your console in the ProtectCloud.  This enables agents on your laptops to keep up to date even outside your network.  Policy updates and results are exchanged through the ProtectCloud so you are still able to see machines being updated and ensure they take policy changes you apply.

 

 

 

How to migrate a Shavlik Protect Console

The Shavlik Protect Team has been working on a tool to assist our customers in moving off of older platforms.  Whether you are on x86 and want to move to x64 architecture, want to move from a physical server to a virtual one, or want to move off of older operating systems (XP2003) you are trying to decommission this tool is EXACTLY what you are looking for.  We have been field testing the tool for the past few weeks and have migrated six production Shavlik customers.   So you may ask yourself:
Q: What is the Protect Migration Tool?
A: The Migration Tool is an easy to use utility that backs up the DB, certificates, credentials, groups, templates, scheduled tasks, settings, licensing, etc and allows you to restore to another server.
Q: Why should I migrate my console?
A: There are several reasons, but most common would be:
  • Migrate off an operating system that has been marked for end-of-life (Windows XP, Windows Server 2003, etc.)
  • Migrate from a 32-bit architecture to a 64-bit architecture
  • Migrate to better, faster hardware
  • Migrate off an operating system that is no longer supported by the latest version of Shavlik Protect
Q: Where do I get the Migration Tool?
A: We are starting with an Early Access release in January.  Sign up for the How to Migrate your Shavlik Protect Console in January.  We will announce availability of the tool on the webinar.

Reflecting on 2013: A Transitional Year

Shavlik Vice President of R&D Rob Juncker reflects on 2013 and the transitions that have occurred within our industry and within the Shavlik business this past year.

 

For Shavlik, probably more than any other product line, 2013 was a year of transition for us.  We came into this year as part of VMware focused on delivering patch management solutions to the Small-to-Medium Sized Businesses with a keen eye for virtualization.  We exit this year as a new product line at LANDesk, focused on delivering patch management solutions to anyone of any-size with a focus on virtualization, hybrid cloud, and enabling Microsoft SCCM to achieve this mission.  That’s quite a change from where we started.

With this kind of volatility, I had to sit back and think about the two major shifts that I witnessed this year.  One for our business, and one for our industry.

Our Industry in Transition

I really do sometimes feel bad for all of us in security.  If there was a switch on the wall that we could flip to turn off the darkness, we really would.  This is especially true when you consider the magnitude of attacks, breaches and exploits that occurred in 2013 and with that came an extraordinary volume of patches to accompany those exploits.

Back in 2011, there were some Patch Tuesdays where I remember seeing 10 security bulletins on a patch Tuesday and thought, “Wow, this is going to be fun.”  Those thoughts were clearly just setting the stage of what was to come as in 2013 we saw record numbers of patches due to the wide variety and versions of platforms all of us were supporting.  Each month, the numbers grew as the impacted products created a seemingly endless matrix of applications and targets.  As we here at Shavlik look at a list of bulletins, we quickly know to get our game faces on when we see a .NET, Internet Explorer or cumulative update bulletin.

On top of the volume of patches that were coming down the pipe, the severity of these patches also began to set new standards.  No longer did we have a single-focus on an isolated breech, in 2013 we saw continual and repetitive zero-day vulnerabilities and when one arose, it sometimes was quickly followed up with multiple zero-days for the same product.  (While many of us would like to forget about it, early this year we seemed to coin a new term called “Java Friday” during a nearly weekly release of Java for critical security exploits.

Finally, the security threats themselves took a turn.  I was searching my email last night to see how many notices I received from software providers like Adobe, and retailers that were hacked this year.  At a quick glance, I had more than 11 of these notices.  Suddenly it wasn’t the software itself that was being exploited, it was weaknesses in the provider.
In 2013, our challenge to manage a plurality of platforms with a growing number of attack vectors kept us all on our toes.

Our Growth in Greatness

We made news again this year as we departed VMware in April for LANDesk.  It was a bitter-sweet move for many of us.  We had enjoyed our time at VMware, but knew it was time for us to depart.  In so doing, we found a great home at LANDesk.  This organization has been a pioneer in endpoint protection and they welcomed the Shavlik Product Line with open arms.  We’ve increased our investment in Protect, SCUPdates (which… soon will have a major release) and our OEM work.

We recognize that this has been a transition for many of our customers and we want to thank you for sticking with us during this time.  We are committed as ever to our customer-first culture and with advancements we’ve made in the last two years, our world-class patch testing infrastructure truly will safeguard the quality of content we will provide to you in years to come.

As we close out this quarter though, there has been plenty of great news to celebrate.  First, we’re excited to be re-aligned with Microsoft.  At Shavlik they were a great partner of ours and we’re happy to be part of the Microsoft System Center Alliance program again.  On top of achieving this status with them, we’ve worked hard alongside their team to bring exciting and innovative technologies alongside SCCM which you will see early next year.

Thanks

Once again, we’re excited to end the year with great success.  The journey this year was not the one that we necessarily had in mind, but all is well that ends well, and for us it ended great.  Next year, we have exciting plans to push into new spaces and grow our product breadth.  All of this would not be possible though without our customers and your support, investment and time.  For that reason, on behalf of the entire Shavlik R&D team, we wish you and your family a safe and Happy Holidays.

Did you know about all these great resources?

One thing that is always hard to keep up with is all the different resources available from a vendor regarding their products.  I started to make a list of all the training and support resources, media feeds, and other sources of information that a Shavlik customer would find valuable and decided to share them in this post.

Support and Training:

  • Support.shavlik.com – Your one stop shop for most everything you will need on the support side.  Has a complete set of links to online video training, online documentation, self help offline activation portal, knowledge base, submit support tickets etc.
  • Community.shavlik.com – Knowledge base with a wealth of self help information.

Content Announcements:

  • Shavlik Content Announcements – The same feed that shows up in the Shavlik Protect home page showing what new updates are available in each content release.  You can subscribe to this feed by email, by RSS
    (http://protect7.shavlik.com/feed/), or by following @ShavlikRSS on Twitter.
  • Shavlik Patch Tuesday Webinar – Get more in depth on what comes out on Patch Tuesday.  This webinar discuss all the Microsoft Security Bulletins release with recommendations on what to prioritize.  We also discuss the 3rd Party release around Patch Tuesday, other Security Threats and Advisories, and summarize the release between Patch Tuesdays. Sign up on our webinars page for this and other webinars.

Social Media: To keep up to date on product, security, and other related topics.

Have a great weekend everyone!

 

A day in the life of a Shavlik Administrator

We recently caught up with Randy Bowman to learn more about how Shavlik helps him in his role as network engineer for the Presbyterian Church of the USA in Louisville, Kentucky.

The Details:

The System: The Presbyterian Church of USA licenses Shavlik for 50 servers with 450 endpoints disbursed in Louisville and Stone Point, New York.

The Team:  Consists of a two member networking team that takes care of the servers and server patching on a monthly basis as well as a team member that administers desktop support.  The desktop team member also takes care of patching the individual computers, which frees up network staff.

Q: Shavlik: What motivated you to look for a security solution?

A: Randy Bowman: About 8 years ago I came on board after some significant staffing changes.  For practical reasons we did not have very much available in the way of documentation.   We had to make up for lost time in our patching and we ended up getting a virus.  The result was that we were down for three days.

Q: Shavlik: How did you come to use Shavlik?

A: Randy Bowman: One thing I took on as legacy software was UpdateEXPERT (Shavlik acquired UpdateEXPERT in 2007). From there it was an easy transition to Shavlik Protect.  We find it makes things a lot simpler for us.  It allows us to patch several servers at one time and patch them in the evening when they are free of traffic.  We have the flexibility to reboot the servers or do them manually. If the server is open we can throw on the patching right then and there and have it reboot.

Q: Shavlik: What made Shavlik so appealing?

A: Randy Bowman: Time savings. Being able to quickly implement the patches and download them when they come on Patch Tuesday is a huge benefit. We usually wait until Friday or wait for a notification from Shavlik saying it’s okay for the patches to be installed. Here we’ve got 50 plus servers.   I can patch half one night and half the next night, and that would be the first patch. Even if it takes two passes to go through and get a server completely patched, it still saves us time. We are patched in less than a week, where before we would have to do some even manually. Patching is a piece of cake really. In comparison to what we’ve had before, it saves us so much time. Another thing is, if there’s an agent that needs to be on the server like if you brought a new server out, even if it’s just a test server, you can open Shavlik and tell it to push the new agent and BOOM it’s done. 

Q: Shavlik: Once you chose to use Shavlik, how long did it take you to get up and running?

A: Randy Bowman: In 2 days we had it going. It actually would have taken 1 day but we were having some separate technical issues with the servers that caused delays.

Q: Shavlik: For this installation, did you have people helping you or was it just plug-and-play?

A: Randy Bowman: It was plug-and-play, more or less. A fellow network engineer did the last upgrade to 9.0. He was on the phone with support and got it done in an hour.

Q: Shavlik: What is your favorite Shavlik feature?

A: Randy Bowman: I like how you can go through and scan the machines in a machine group and it will tell you how many patches are missing. You can run the report and in 5 minutes you’ve got results emailed to you about what patches are missing. When it comes to critical security patches, we sat down years ago and decided this is what we need. It’s easy for Shavlik to go through and look for these and let us know what’s patched and what’s not, and if it’s critical or not.

Shavlik Joins Microsoft System Center Alliance

Shavlik is happy to announce we have joined the Microsoft System Center Alliance Program. By joining the Alliance Program, Shavlik is reaffirming its commitment to customers who use System Center Configuration Manager.

“Shavlik is thrilled to be part of the Microsoft System Center Alliance Program,” said Marshall Smith, Vice President of Partnering and Operations for Shavlik. “We have patched Microsoft and third-party applications since the beginnings of Shavlik, and we plan to continue empowering our customers with our popular SCUPdates, Management Intelligence, and additional Shavlik products that add value for System Center customers.”

“Our membership in the Alliance will help us continue to foster the communication required to shape and refine our products and to meet the needs of our mutual customers.”

Shavlik SCUPdates eliminates the time-consuming task of researching and creating the updates required to patch third-party products via SCCM. After downloading the SCUPdates catalog and importing desired patches into Configuration Manager using System Center Updates Publisher (SCUP), users can manage and deploy third-party updates from within SCCM in the same manner in which they manage Microsoft updates.

“System Center 2012 R2, with its trailblazing functionality, provides a solid foundation for third parties such as Shavlik to build on and add value for customers,” said Brian Hillger, Director, Product Marketing, Microsoft Corporation.

“With SCUPdates, Shavlik is helping customers keep third-party applications patched and secure with consistent accuracy and ease-of-use. Microsoft is pleased to welcome Shavlik into the System Center Alliance.”

Shavlik Management Intelligence extends SCCM data for effective asset management.

Read the full article here to learn more about the Alliance Program as well as how Shavlik can help you extend the capabilities of Configuration Manager.

 

December Patch Tuesday Advanced Notification

Microsoft has announced this month’s Patch Tuesday release.  There are 11 total patches – 5 Critical and 6 Important – expected to be released on Tuesday, December 10. Here is the breakdown for this month:

Security Bulletins:

  • Five bulletins are rated as Critical.
  • Six bulletins are rated as Important.

Vulnerability Impact:

  • Six bulletins address vulnerabilities that could allow Remote Code Execution.
  • One bulletin addresses a vulnerability that could lead to Information Disclosure.
  • Three bulletins address vulnerability that could allow Elevation of Privileges.
  • One bulletin addresses a vulnerability which could lead to a Security Feature Bypass.

Affected Products:

  • All supported Windows operating systems
  • All versions of Office
  • Office Web Apps 2013
  • Lync 2010 and 2013
  • SharePoint Server 2010 and 2013
  • Exchange Server 2007, 2010, and 2013
  • ASP.NET SignalR
  • Visual Studio Team Foundation Server

If all expected bulletins are released on Tuesday, Microsoft will close 2013 having released 23 more patch day bulletins than in 2012 and six more than in 2011.

Join us as we review the Microsoft and third-party releases for December Patch Tuesday in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, December 11 at 11 a.m. CST.  We will also discuss other product and patch releases since the November Patch Tuesday.

You can register for the Patch Tuesday webinar here.