Federal agencies, cybersecurity, and an order from the White House to step up their game

168799504

Dateline 2015:

Scary stuff, right? Unfortunately, this should all sound very familiar as there has been a steady stream of headlines around the rising concerns of securing U.S. federal agencies from cyber attack.

I recently had a conversation with Ben Tacheny, the U.S. Federal Territory Sales Representative here at Shavlik. Needless to say, Ben has been very busy as of late. He had a lot of really good insights and guidance that I wanted to share.

Q: Ben, what kinds of security problems are federal government agencies facing today?

Protect 9.2 Sneak Peek: Patch Tuesday + X

Every month, you start your maintenance, not on Patch Tuesday, but on Patch Tuesday + x days. I have seen dozens of spreadsheets that all look alike and heard the same from even more customers. They pretty much all start on the second Tuesday of the month with all of the subsequent execution happening with that as the anchor. +1 day test group 1, +3 days test group 2, +5 days dev group 1, +9 days dev group 2, + 11 days Prod 1, etc. The problem with this is in the Outlook style scheduling.

June Patch Tuesday Round-Up

We are at Patch Tuesday + 8 days and many of you are probably well in to your third round of patching machines or farther along.  Here is a recap of Patch Tuesday highlights and some things to watch out for:

  • Two Critical updates – MS15-056 and MS15-057
  • Two public disclosures – MS15-056 (CVE-2015-1765) and MS15-060 (CVE-2015-1756).  Public disclosure increases the risk of exploit significantly so MS15-060 should be a higher priority along with the two critical updates from this month.
  • Exploit detected – MS15-061 has been seen used in a targeted attack.  Even though this is rated as important it should be a higher priority to roll-out.  This update plugs a vulnerability used by Duqu 2.0 as discussed by Kaspersky.
  • MS15-061 in combination with certain software can cause Copy\Paste to stop working – In reports on Reddit and PatchManagement.org this can occur if Spector 360 is installed on systems where this occurred.  Still recommended to roll-out as a priority.
  • Adobe Flash update resolves 13 vulnerabilities – Priority 1 update, should be pushed ASAP along with Chrome release.
  • Google Chrome – Released update with support for Adobe Flash update.  This update inherits the Priority 1 from Adobe Flash and should also be pushed ASAP.

WUB WUB WUB and Windows 10

KeepCalmandWUB

Did you know that WUB is the new UNTS in Electronica Dubstep?  I’m more of a Rock n Roll kinda guy myself, so news to me! Today I want to talk about WUB, but a different kind of WUB.  Windows Update for Business.

There are a lot of vague announcements, and a myriad of conclusions from security experts and the media, regarding recent Microsoft news about the upcoming release of Windows 10 and the introduction of Windows Update for Business.

Protect 9.2 is so fast, why it’s Greased Lightning!!!!!

Greased_Lightning

Sorry kids, what you see here is the original cast of Grease performing Greased Lightning, not any of the Glee or Broadway crews.

Couldn’t help myself. Had to be done. So now that I have dated myself and pointed out to the Millennials that everything they watch, and love, was done before a couple decades ago… Let’s talk about Shavlik Protect 9.2.

We are rapidly approaching our release of Protect 9.2. In fact, we are already feature complete and have field tested in three different customer environments. I wanted to share some of what is coming and entice you to join the beta, which is coming soon!

The first thing I wanted to talk about was the speed of our assessments. In the different environments we have tested in, we have seen considerable increases in speed and also a reduction of resource usage. Our next-generation engines are faster and more efficient than ever. Let me share some of the differences we have seen in performance: 

Loading up the content to scan agentlessly on Protect 9.1 and earlier could take as much as 500 MB initially to load everything needed to start scanning. Then, depending on how many machines you scan, it would drop down a bit before building again as each thread gathers data.  In contrast Protect 9.2 has an initial load of around 70 MB and the growth of each thread is considerably less.

Agentless scan times will vary based on the latency of the machine you are scanning, but here are some tests we ran to give you an idea of how much of a difference we are seeing.

  • A LAN connected machine that would take around 15 seconds to scan in Protect 9.1 take a little less than 10 seconds in Protect 9.2. 
  • A WAN connected machine, with reasonable latency (20-60ms), may have taken 1.5 to 2 minutes to scan in Protect 9.1. In Protect 9.2, it now takes around 45-60 seconds to scan. 
  • A VPN connected machines with high latency (140ms) that took around 15 minutes to scan in Protect 9.1 now takes around 7:30 in 9.2. (I performed this one from my hotel room at RSA on the hotel Wi-Fi connected to the VPN scanning a machine back at the office).

So, with Protect 9.2 you will see a considerable reduction in RAM consumption on the console and a 30-50% reduction in agentless scan times (varying by environment).

We also looked at more extreme agent scenarios to see how much of an increase in performance we would see there. We took a machine that was running pretty resource intensive (high RAM and CPU utilization) and on a Protect 9.1 agent the assessment took around 30 seconds. In Protect 9.2 the same agent scan took around seven seconds under the same heavy load. Again, considerable performance improvement!

If you want to take Grease Lightning for a spin in beta you can contact us at Beta@Shavlik.com to get on the beta list.

If that has not convinced you, stay tuned. I will be discussing other new features in the coming weeks. Just to give you a hint on next week, think of how you setup your maintenance schedule for patching. It all starts with Patch Tuesday. So your spreadsheet plays out like this: 

Patch Tuesday +1 day

Patch Tuesday +3 days

Patch Tuesday +6 days…. etc. 

More details on this next week.