The Communicator’s Corner: Stand Guard with Threat Management

This is the third in a series of three articles highlighting the features in Shavlik Protect that go beyond the core patch management capabilities. This installment focuses on Threat Management.

_________________________

Access Denied

It’s scary out there!

We’ve all seen the many computer hacking stories in the news recently. It seems like nearly all large retailers and corporations that are part of our daily lives have now been affected by hackers

But, like the proverbial ostrich with its head in the sand, maybe you are thinking “Hey, this doesn’t affect me! It is only the large organizations that are being attacked.” Well, think again.

The New York Times recently profiled a new website called Hacker’s List, whose sole purpose is to match “professional hackers for hire” with clients who need help doing some digital dirty work. Want to plant a computer virus on your ex’s computer? Want to install spyware on your competitor’s server in order to steal their customer names and contact information? Then this website is for you. Yikes!!

It is stories like this that make me thankful for every tool I can get my hands on to ward off potential attacks. You may not know it, but Shavlik Protect is one of those tools. Shavlik Protect is best known, of course, for its award-winning patch management capabilities. Not as well known, however, is the fact that it offers some of the best threat management capabilities in the industry.

So, what does Shavlik Protect’s Threat Management feature provide you? Well, it combines antivirus and antispyware into a single engine, enabling you to scan for, and eliminate, various threats that may exist on your machines. It provides two forms of threat protection:

  • Active Protection: This is a real-time service that runs on your target machines and monitors for changes to specific security configuration settings and values that are frequently modified by malware programs. If it detects a change, it responds immediately by changing the setting back to the original value, protecting the machine from the effects of the malware.
  • Scheduled Protection: This is a scheduled service that runs periodically on your target machines. It performs scans and threat remediations using options defined by you, the administrator. Scheduled protection enables you to automatically perform scans and remove detected threats (viruses, spyware, etc.) as often as you want. For example, you might choose to run a daily quick scan that searches only the most common locations affected by threats. You might pair that with a more time consuming but thorough weekly full scan (scheduled over the weekend) that scans all local drives and archived files.

The Threat Management feature is implemented using Shavlik Protect’s agent technology. This is because it is best to perform the time-critical threat tasks directly on each machine rather than remotely from a console. You can configure your agents with both threat and patch tasks, enabling threat protection and patch management in a single agent. Not bad, huh?

Like most everything in Shavlik Protect, the Threat Management feature is highly configurable. You can:

  • Specify what file locations and areas will be scanned on each machine, as well as what techniques will be used during the scan.
  • Specify whether to reboot a machine if a detected threat is removed.
  • Specify what an agent should do if it encounters a particular type of threat (the default value for high risk threats is to quarantine the threats).
  • Allow one or more threats that you perceive to be benign or useful.
  • Define exceptions that enable you to never allow or to always allow certain files and folders.
  • Specify what to do if a scheduled threat scan is missed

All agent actions are reported to the Shavlik Protect console. The console provides you with a variety of tools for monitoring your agents’ actions, including generating reports and viewing a complete historical record of all threat tasks and Active Protection events.

Want to learn more? You can:

Note: The Threat Management feature is available with either Shavlik Protect Advanced or as a separately licensable add-on to Shavlik Protect Standard.

 

January 2015 Patch Day Round-Up

110931386-300x199January Patch Tuesday has kicked off with a bit of contention.  Google disclosed two vulnerabilities just days before Microsoft released bulletins resolving the issues.  MS15-001 and MS15-003 likely would have been less of a concern if Google had not made the disclosure, but Google’s strict adherence to their 90 day disclosure policy the updates in question have been publicly disclosed raising the risk of exploit.

Other than being publicly disclosed, there are no known issues around MS15-001.

MS15-002, an update for Telnet, is rated as critical, but most customers will not have to worry as the Telnet service is not configured on Vista or later OSs.  For Server 2003 the Telnet service is disabled by default.  Unless you are running Telnet, this update may not show up as being needed for your environment at all.

MS15-003 has a few issues occurring:

No known issues for MS15-004, MS15-005, MS15-006, or MS15-007 at this time.

MS15-008 has one report of an issue where the setup is a non Windows DHCP/DNS server with 2003 DCs.  After applying the patch to clients they can no longer obtain a DHCP lease from the server.  This seems like a unique situation that not many are likely to encounter.

 

The Communicator's Corner: Go Green with Power Management

506066111This is the second in a series of three articles highlighting the features in Shavlik Protect that go beyond the core patch management capabilities.

_________________________

At home I am the designated “green person.” I am the one who goes around the house turning off lights, TVs, PCs and other devices that are not being used. In addition to saving money, I like to think that I am helping to save the planet in my own little way.

Did you know that with Shavlik Protect, you can do the very same thing but on a MUCH bigger scale? The Power Management feature enables you to control the power state of both the physical machines, and the online virtual machines in your organization. You can use it to automatically shut down, or put to sleep, your physical and online virtual machines at night or on the weekends, saving you money. You can also turn those same machines back on in the morning so they are ready for the work day. It sounds like magic, but it is true!

There are many other reasons for using the power management feature. For example, you can use it to:

  • Prepare your machines for maintenance tasks
  • Check the power status of your machines
  • Reduce power consumption and noise
  • Reduce operating costs
  • Prolong battery life
  • And more!

That first bullet item is especially relevant when used in conjunction with Shavlik Protect’s patch and script capabilities. Like many organizations, you probably have a tight window of time each night to perform maintenance activities. If you are deploying critical security patches or executing an important PowerShell script, you want to make sure the target machines are available during this window. With the power management feature you can issue a Wake-on-LAN command to make certain that your target machines are awake during this critical time.

And if you live in an area that has implemented so-called “green initiatives,” the ability to check the power status of your machines is also key. With just a couple of mouse clicks you can generate a report that shows which machines are powered on and powered off, and which time of the day this occurred. This information can then be used as proof that your organization is abiding by the local green initiatives.

Want to learn more? You can:

Note: The Power Management feature is available with either Shavlik Protect Advanced or as a separately licensable add-on to Shavlik Protect Standard.

 

Mobile Data Security + User Freedom = Shavlik’s Newest Product: Secure Mobile Email by LetMobile

Shavlik is happy to announce that we have added a new product, Secure Mobile Email by LetMobile, to our product line. LetMobile is a secure email solution that brings the same effectiveness and ease of management that you have come to expect from Shavlik to the challenge of protecting corporate information on mobile devices.

Today, I sat down with product manager Eran Livne to learn more about Secure Mobile Email by LetMobile. Eran has led this product from its inception and has spent years studying the mobile device management space.

 

Anne: Why LetMobile? What problem does it solve for our friends in IT?

Eran:  There’s a new challenge with all of these smart devices.  Users buy devices and want to use them for work; however, they don’t want IT to control them and have less concern about security. IT is used to managing and controlling, owns security, and is held responsible if a data breach occurs. There is a huge gap between the interests of these two sides.

 

Anne:  How do we bridge this gap?

Eran:  LetMobile was built to find this balance and to bridge this gap. We provide the best of both worlds; IT gets security compliance management and data protection, and users get a native email experience on the device of their choosing. They don’t have to use subpar email clients to consume corporate emails or separate the process of reading work email from reading personal email.

With LetMobile security policies apply only to corporate data, so the solution has no knowledge or control over personal data or app’s. This means users are free to use their devices how they wish, do not need to fear corporate “big brother,” and don’t have to comply with annoying policies like being forced to lock their devices or granting the company access to wipe their devices.

 

LetMobile diagramAnne:  Wow, that sounds almost too good to be true. How does LetMobile work?

Eran:  LetMobile is a gateway solution. We offer on-premise and SaaS offerings that act as an intermediary between Exchange (or your email service) and user devices. The LetMobile gateway streams email to the device, so email and email attachments are never stored on the device. Additionally, corporate credentials are never stored on the mobile device, so if the device is lost, the user’s corporate creds cannot be compromised.

 

Anne:  Beyond basic email security what are some of the other cool capabilities of LetMobile?

Eran:  LetMobile includes data loss prevention (DLP) capabilities that look into the “body” of emails and attachments and can take action based on the presence of keywords or regular expressions. This coupled with LetMobile’s geo-fencing capabilities means say a financial institution could enforce a policy where customer account numbers are masked in emails unless the device is in a trusted location. LetMobile can keep confidential information from leaving the four walls of your corporate headquarters and even your country’s borders.

 

Anne:  If readers want to learn more about LetMobile or see a demo, what should they do?

Eran:  We have a wealth of information out there on our website. Check out…

Also, Shavlik will be hosting a number of live LetMobile webinars in the coming weeks, so stay tuned to our webinars page for more information.