Thank You for Joining Shavlik at VMworld 2014

 

ShavlikBoothVMworld2014

Last week I was in San Francisco for VMworld 2014.  We had a great week and a lot of traffic in our booth.  We had over 1500 people stop by the booth between Sunday and Wednesday.  We crammed crowds of VMworlders into the booth for live demonstrations of Shavlik Protect 9.1 (Ryan from our SE team lining up another crowd for a demo and Becky loading up more snap bracelets to give away).  We slapped a couple thousand blue Shavlik snap bracelets (which are also a stylus) on the people who stopped by and a few drive by’s who didn’t stop to talk.

KateVMworld2014

We also had hundreds of Shavlik users stop by the booth as well.  I think I met a couple dozen long time users who remember HFNetChk.  That dated them pretty much all the way back to the beginning of Shavlik and the original command line assessment tool based on the original MBSA.  It was great talking with you all and hearing the things you liked and those things you would like to see improve in the product.  Keep that feedback coming as that is how we ensure the product does what you want.

Make sure to catch us in April at RSA.  If you do you can join us for snap bracelet target practice. Below is Kate from our Field Marketing team loading up with snap bracelets between demos.

The Next Generation of SCUPdates, Shavlik Patch for Microsoft System Center, Is Here

Shavlik is happy to announce the release of Shavlik Patch for Microsoft System Center. This follow-on to Shavlik SCUPdates provides third-party patching within Microsoft System Center Configuration Manager (SCCM) and does it in such a manner that third-party patching has never been easier.

 

What’s cool in Shavlik Patch?

If you are using SCCM 2012 (or later versions)…

  • Ability to patch more than 100 popular applications completely within Configuration Manager
  • An integrated add-in for the Configuration Manager console that no longer requires the use of System Center Updates Publisher (SCUP)
  • Automatically check for and download patch data from Shavlik
  • Publish new patches through SCCM manually or automatically
  • Smart handling of difficult to install patches like Java

If you are using SCCM 2007…

  • Continue to enjoy the goodness of SCUPdates just with a new name

 

Want to see it in action?

Join Shavlik Chief Marketing Officer Steve Morton, Systems Engineer John Rush, and I as we discuss the details of the new release and show you how Shavlik Patch will revolutionize the way you perform third-party patching within Configuration Manager.

Introducing the New Shavlik Patch for Microsoft System Center
Wednesday, February 12, 2014 10:00 a.m. CST
Register Now

 

Download it now and see for yourself

  • Learn more about Shavlik Patch here.
  • View quick videos about how to install and configure Shavlik Patch here.
  • Download a free trial of Shavlik Patch here.
  • View user documentation for Shavlik Patch here.

See you all at the webinar on Wednesday and check back later this week for an additional post providing more info on what this release means to existing SCUPdates customers.

Protect Console Migration Tool Early Access

We have been developing a tool to easy the burden of moving a Shavlik Protect Console from one system to another.  It could be done with some manual effort.  Moving certificates, swapping out the name of the system so agents would just start talking to the new one once you had moved everything, but it was a pain.  With the performance benefits of 64 bit and the EOL of Windows XP (Apr 2014) and Server 2003

Security Resolutions for 2014

The holidays are nearly over and many of us are starting to think of resolutions as we start a new year.  You may be contemplating diets, kicking a habit, getting a gym membership or excise equipment at home, but at the office, think about ways to improve your security in 2014.  Here are some suggestions to contemplate.  These are probably already problems or projects you have been thinking about and maybe you already have them solved or planned out to solve this next year.  If you haven’t, keep in mind all of these are possible with Shavlik Protect.

Increase patching frequency for your end user machines:

  • Microsoft may only release patches once a month, but the 3rd party apps on your systems are updated throughout the rest of the month.  Products from vendors like Adobe, Java, Google, Apple, Mozilla, and others are a prime target for hackers as many companies neglect to update them.  Our Content Team releases new data multiple times each week which includes security updates for these products.
  • Talk to vendors who are holding you on a vulnerable version of software due to a dependency on their application.  A good example of this is Java Runtime.  If you have software dependent on an older version of Java this is a risk to your environment.  I can’t tell you how many companies I talk to that have a dependency on a version of Java 6 due to a software vendor who has a dependency on a specific version of Java.  There are known exploits and off the shelf software to take advantage of them making this an easy target for hackers.
  • Check for End of Life software on your systems.  Shavlik shows software titles that have reached EOL with their vendor.  Any titles that are no longer supported become a risk to your environment and should be updated or removed if possible.

Secure your virtual infrastructure: 

  • Securing the Guest OS is all fine and good, but if you do not patch the infrastructure it is running on you are still putting the most secure VM at risk.  With Protect you can patch Citrix, Hyperv-V, and VMware ESXi (Protect 9.0+) infrastructures.
  • Update VMware Tools.  VMware Tools are required for a lot of functionality on VMware VMs.  They are also a security risk.  Ensure you are updating the Tools version on your VMs.  Keep in mind if you do not update the Hypervisor tools version then the status for VMware Tools being up to date is not accurate.  You should ensure you have the latest tools updates applied to your Hypervisors.  There can be a delay and possibly a VM reboot before the Tools version shows out of date after you update the tools version of your Hypervisor.  Protect will detect and push the latest version of tools to systems which may be newer than the version your Hypervisor is evaluating against.

Extend your coverage outside your environment: 

  • Laptops that move in and out of your network regularly can be a risk to your environment.  It is important to ensure these systems are updated more frequently.  They move beyond your corporate perimeter security measures and often reside on public networks exposing them to greater risk.  With Protect 9.0 you can now enroll your console in the ProtectCloud.  This enables agents on your laptops to keep up to date even outside your network.  Policy updates and results are exchanged through the ProtectCloud so you are still able to see machines being updated and ensure they take policy changes you apply.

 

 

 

A day in the life of a Shavlik Administrator

We recently caught up with Randy Bowman to learn more about how Shavlik helps him in his role as network engineer for the Presbyterian Church of the USA in Louisville, Kentucky.

The Details:

The System: The Presbyterian Church of USA licenses Shavlik for 50 servers with 450 endpoints disbursed in Louisville and Stone Point, New York.

The Team:  Consists of a two member networking team that takes care of the servers and server patching on a monthly basis as well as a team member that administers desktop support.  The desktop team member also takes care of patching the individual computers, which frees up network staff.

Q: Shavlik: What motivated you to look for a security solution?

A: Randy Bowman: About 8 years ago I came on board after some significant staffing changes.  For practical reasons we did not have very much available in the way of documentation.   We had to make up for lost time in our patching and we ended up getting a virus.  The result was that we were down for three days.

Q: Shavlik: How did you come to use Shavlik?

A: Randy Bowman: One thing I took on as legacy software was UpdateEXPERT (Shavlik acquired UpdateEXPERT in 2007). From there it was an easy transition to Shavlik Protect.  We find it makes things a lot simpler for us.  It allows us to patch several servers at one time and patch them in the evening when they are free of traffic.  We have the flexibility to reboot the servers or do them manually. If the server is open we can throw on the patching right then and there and have it reboot.

Q: Shavlik: What made Shavlik so appealing?

A: Randy Bowman: Time savings. Being able to quickly implement the patches and download them when they come on Patch Tuesday is a huge benefit. We usually wait until Friday or wait for a notification from Shavlik saying it’s okay for the patches to be installed. Here we’ve got 50 plus servers.   I can patch half one night and half the next night, and that would be the first patch. Even if it takes two passes to go through and get a server completely patched, it still saves us time. We are patched in less than a week, where before we would have to do some even manually. Patching is a piece of cake really. In comparison to what we’ve had before, it saves us so much time. Another thing is, if there’s an agent that needs to be on the server like if you brought a new server out, even if it’s just a test server, you can open Shavlik and tell it to push the new agent and BOOM it’s done. 

Q: Shavlik: Once you chose to use Shavlik, how long did it take you to get up and running?

A: Randy Bowman: In 2 days we had it going. It actually would have taken 1 day but we were having some separate technical issues with the servers that caused delays.

Q: Shavlik: For this installation, did you have people helping you or was it just plug-and-play?

A: Randy Bowman: It was plug-and-play, more or less. A fellow network engineer did the last upgrade to 9.0. He was on the phone with support and got it done in an hour.

Q: Shavlik: What is your favorite Shavlik feature?

A: Randy Bowman: I like how you can go through and scan the machines in a machine group and it will tell you how many patches are missing. You can run the report and in 5 minutes you’ve got results emailed to you about what patches are missing. When it comes to critical security patches, we sat down years ago and decided this is what we need. It’s easy for Shavlik to go through and look for these and let us know what’s patched and what’s not, and if it’s critical or not.

December Patch Tuesday Advanced Notification

Microsoft has announced this month’s Patch Tuesday release.  There are 11 total patches – 5 Critical and 6 Important – expected to be released on Tuesday, December 10. Here is the breakdown for this month:

Security Bulletins:

  • Five bulletins are rated as Critical.
  • Six bulletins are rated as Important.

Vulnerability Impact:

  • Six bulletins address vulnerabilities that could allow Remote Code Execution.
  • One bulletin addresses a vulnerability that could lead to Information Disclosure.
  • Three bulletins address vulnerability that could allow Elevation of Privileges.
  • One bulletin addresses a vulnerability which could lead to a Security Feature Bypass.

Affected Products:

  • All supported Windows operating systems
  • All versions of Office
  • Office Web Apps 2013
  • Lync 2010 and 2013
  • SharePoint Server 2010 and 2013
  • Exchange Server 2007, 2010, and 2013
  • ASP.NET SignalR
  • Visual Studio Team Foundation Server

If all expected bulletins are released on Tuesday, Microsoft will close 2013 having released 23 more patch day bulletins than in 2012 and six more than in 2011.

Join us as we review the Microsoft and third-party releases for December Patch Tuesday in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, December 11 at 11 a.m. CST.  We will also discuss other product and patch releases since the November Patch Tuesday.

You can register for the Patch Tuesday webinar here.

 

Happy Thanksgiving from the Shavlik Team

The holiday season is upon us and 2013 is nearly over!  As in all things it is good to take time and reflect on what we have accomplished and what we are thankful for.  The Shavlik Team would like to share what we are thankful for.

GrandBabies

 

Harriet in our Finance Team says “I am especially thankful for my two new grandchildren.  They were born 11 weeks early.  The compassion and support from my coworkers made the struggles, we as a family had to deal with so much easier.  I work with so many wonderful people who really do care about people and their hardships.”

Bob

 

 

 

Bob in Sales says “I’m thankful for a great Dev/QA/test team that released a Rock Solid – Shavlik Protect 9.0 product!!  I’m also thankful for my awesome Partners and User Community (Customers) that recognize that Shavlik solves a complex (patching) problem with an easy to use solution, Thank you all!”

 

 

brent

 

 

 

 

 

Brent in Development says “I’m thankful for my wonderful, loving family, and how they lead by example. It’s also a pleasure to have worked with many of the same passionate coworkers for the past five years.

 

 

Nerf

 

 

 

 

 

 

Shavlik Team Members from Sales, R&D, Product Management, IT Ops, and Management are thankful for “NERF, office shenanigans, and an excellent bunch of co-workers to work and play with.”

 

 

ThePMBunch

 

 

 

The Product Management Team (Chris, Mike, Anne, and Aaron) are thankful for “All of the customers who have taken time to send us feature requests, talk to us at trade shows, join us for a conference call, allow us to come onsite and learn more about what they do and what would improve their product experience.  The time you spend helping us to understand your needs helps us to improve the experience of Shavlik Products.  Thank You!” and Aaron is especially thankful for “What does the Fox say!” (Aaron’s Fox picture was from a Halloween “What does the Fox Say?” performance).

 

 

 

 

 

Protect wins the Information Security™ Magazine and SearchSecurity.com's 2013 Readers’ Choice Award for Vulnerability Management

Thank you Shavlik users for making Shavlik Protect the Information Security ™ Magazine and SearchSecurity.com  2013 Readers’ Choice Award winner. Shavlik Protect received gold in the vulnerability management category and was among the highest scorers this year in any category.

“Shavlik is honored to receive Gold in the 2013 Readers’ Choice Awards,” said Steve Morton, Chief Marketing Officer for Shavlik. “This award not only validates the hard work of our employees but also reinforces and shows the high level of trust our clients place in us and their positive experience with Shavlik Protect.”

From all of us, thank you for this honor and more importantly, your continued confidence in and support of the Shavlik family of products.

Shavlik PAC is back!

Last week, about a dozen Shavlik Protect customers gathered in Minneapolis to rekindle the Shavlik Product Advisory Council (PAC). PAC members represent the existing user base and serve as advisers to Shavlik’s product development team.

During the two-day session, PAC members learned about Shavlik’s strategy, roadmap, and new product offerings, but more importantly, they got to share their perspectives on IT today, patch management, and the challenges they face inside and outside of Shavlik products. Their input will help shape the future of the Shavlik product line.

This first meeting focused on Shavlik Protect but future PAC meetings will expand to include users of SCUPdates, Management Intelligence, and Shavlik MDM.

Shavlik would like to extend a huge thank you to the PAC members for their participation in this event. You guys are the best!

PAC

 

(Top photo) PAC members shared their experiences and challenges both inside and outside of Shavlik products with members of the Shavlik product development team.

 

Wild game

(Bottom photo) The event wasn’t all work, though. PAC members attended a professional hockey game and saw our Minnesota Wild pull out a victory over the Carolina Hurricanes.

 

Avoid the latest Java Zero Day by upgrading to Java 7 today

If you have not ready up on the ZDNet and other posts regarding this exploit here is a link to an article talking in more depth.  If you are still on Java 6 you are vulnerable to this Java vulnerability.  Java 7 update 21 and earlier are also exposed.  There is an exploit kit available to hackers for $450 dollars.  They can purchase a way to exploit this vulnerability off the shelf.  This means it is past time to upgrade your Java runtime.

So, Shavlik Protect users, here are some easy steps to create a scan template to allow you to deployupgrade Java 7 update 25 to your machines to ensure they are up to date.

For users on Protect 9.0 the steps are as follows:

  1. Create a new Patch Group by clicking on the +New > Patch Group…
  2. Name the Patch Group “Java 7 Software Distribution”
  3. Click add and sort by QNumber column.  Select QJAVA7U25N and QJAVA7U25X64N and save the patch group.
  4. Click +New > Patch Scan Template… and name it Java 7 Software Distribution
  5. On the Filtering tab uncheck the Patch Type > Security Patches and Patch filter settings set to “Scan Selected” and click the “…” button and select the “Java 7 Software Distribution” patch group.
  6. Click on the “Software Distribution” tab and check the box to enable Software Distribution.  Save the scan template.
  7. Scan and Deploy the Java 7 update 25.

The best way to protect against this zero day is to eliminate the presence of Java 6 and this should be an easy way to do so.

Chris Goettl