Shavlik Protect is A Best of VMworld 2016 Gold Award Winner for Security

VMWorld2016_GoldAwards_11x17_Security

We are happy to announce that Shavlik Protect wins the Gold Award of VMworld 2016 for the Security category by TechTarget’s SearchServerVirtualization.com. We whole heartedly agree with their choice, but let’s give our perspective why Shavlik Protect is a winner.

Patch Management = Security Foundation

In today’s security landscape, there are an abundance of products that promise insight into the latest threat’s. With all of the flash and hype, many overlook the security of patch management which eliminates vulnerabilities and the countless threats that target each vulnerability.

There are many patch management products on the market, but Protect is particularly suited for virtual environments for a couple of reasons.

Virtualization Focused

VMworld is synonymous with virtualization and this is one of the great strengths of Shavlik Protect. There are many capabilities that make Protect a must for patching virtual environments including:

  • Online and offline virtual machine patching
  • Virtual machine template patching
  • Snapshot critical assets for superior rollback
  • VMware vCenter integration
  • VMware ESXi Hypervisor patching

The reality is that Protect seamlessly patches virtual environments making it a prime choice for the datacenter.

Just Say Yes to Agentless

Protect can use agents to assess and deploy patches, but our datacenter customers love our agentless capabilities for many reasons:

  • Assess and deploy patches
  • Minimize impact to server workloads
  • New virtual systems are never missed

Robust 3rd Party Patching

Too many organizations only focus on the operating system and turn a blind eye to the 3rd party applications that also create vulnerabilities on systems. Shavlik Protect in an industry leader with an immense catalog of 3rd party applications that is constantly expanded to cover new products and versions.

Just Add Water and Stir

Enterprise software has a bad rap for being very difficult to install and configure. With Protect, you can have the product installed, scanning for patches, and actually deploying patches in half an hour or less! Our engineering team has put a lot of effort in making Protect easy to install and use so you can get value quickly. Now don’t equate ease of install and use with simple. Protect has the capabilities to work in large and complex environments, but you can get started fast. Don’t believe me, try it for yourself.

Shavlik Patch 2.2 available in early access!

ShavlikPatch

The Shavlik Team is proud to announce the availability of Shavlik Patch 2.2 in an early access delivery.  Check out what’s new!

  • Edit packages (watch the video) – Change the command line switches, return codes expected, etc for a given package.
  • IAVA Support – For our Federal customers we have extended our IAVA coverage into our Shavlik Patch offering making it much easier to automatically cross-reference DOD IAVAs.
  • Republish and resigning of packages – The manual steps for doing this are long and painful and going down that rabbit hole is not recommended.  It is also no longer necessary!  We are going to do all the heavy lifting on this one.
  • Manage vendor and product categories (watch the video) – We have a new interface that lets you monitor and manage the categories in use so, again, you do not have to go down a significantly long, manual process to reclaim a category that is no longer in use.

We have a webinar scheduled for April 6th, 2016 to walk through the Shavlik Patch 2.2 features and show you whats new! You can also download Shavlik Patch 2.2 here.

Shavlik Protect 9.2 and Empower Beta Launch

EmpowerDashboard_edited

Shavlik is proud to announce the launch of Shavlik Protect 9.2 Beta and introduce the Empower platform. This simultaneous launch is a significant leap into a rapidly changing world. Shavlik Protect will continue to be the Data Center solution for patching critical systems and ensuring vulnerabilities are being plugged. Shavlik Empower is the platform that Shavlik will use to launch us into the future.

Empower is purpose built to manage your users, the devices they use and follow those users wherever they go. Empower will aggregate data from Protect, from other parts of your network and off network using the

2015: The Year of the Healthcare Breach

HealthcareBreachOur own Rob Juncker, V.P. of research and development for Shavlik, has predicted that Healthcare breaches will rapidly increase in 2015. Now that hackers are getting smarter about attacking endpoints to glean credit card data from retailers, they are looking for more creative ways to make money. In the hacker’s community, credit card data is worth about $1 per card, whereas protected health information (PHI) is currently worth about $10 per record and rising.

Why the discrepancy in price? Because hackers can do more nefarious activities by submitting fraudulent healthcare claims or by buying and selling drugs and medical equipment for financial gain. Credit card companies are just plain better than insurance companies at detecting and shutting down fraudulent activity. Credit card companies also have the option to change your credit card number, whereas your patient data cannot change. Medical fraud could last for years before it is detected and corrected.

Now that Mr. Juncker has made the prediction, 2015 brings us our first major health record breach with Anthem, whose brands include Anthem Blue Cross/Blue Shield and others. The potential theft could be as big as 80 million records and include names, social security numbers, birth dates, policy numbers, diagnosis codes and billing information. The overall security problem is exacerbated by outdated equipment, demands from doctors to use mobile devices, and the loss or theft of devices used by multiple health workers.

So what can healthcare and IT organizations do? The first step is to simply keep up with the latest updates and patches. Once a software vendor such as Adobe releases a patch, hackers now know there is a security hole. Shavlik is seeing an increase of vulnerabilities coming from third-party applications outside of the OS. Patching both the OS and third-party applications is critical to keeping them secure and the data safe.

Vulnerabilities exist on the end-point because they are often unpatched and neglected. IT has enough on its plate to try and keep all the software on every system up-to-date. But in the wave of the latest breaches, it becomes imperative to do so.

As we see healthcare staff requesting more mobile devices such as tablets, we will see more loss and theft of devices that will contain PHI data. Having methods to encrypt the critical data such as email and attachments will greatly decrease the risk.

As a healthcare provider, what does it mean to you? As in retail, security is more and more of an issue that needs to be addressed. Healthcare organizations are now under scrutiny to comply with HIPAA regulations. Anchorage Community Mental Health Services (ACMHS) was fined $150,000 after 2,700 health records were stolen in an attack. They were attacked simply because they were not patching software!

Beware healthcare. 2014 was the year of retail breaches. 2015 is the year of healthcare breaches!

 

 

 

Mobile Data Security + User Freedom = Shavlik’s Newest Product: Secure Mobile Email by LetMobile

Shavlik is happy to announce that we have added a new product, Secure Mobile Email by LetMobile, to our product line. LetMobile is a secure email solution that brings the same effectiveness and ease of management that you have come to expect from Shavlik to the challenge of protecting corporate information on mobile devices.

Today, I sat down with product manager Eran Livne to learn more about Secure Mobile Email by LetMobile. Eran has led this product from its inception and has spent years studying the mobile device management space.

 

Anne: Why LetMobile? What problem does it solve for our friends in IT?

Eran:  There’s a new challenge with all of these smart devices.  Users buy devices and want to use them for work; however, they don’t want IT to control them and have less concern about security. IT is used to managing and controlling, owns security, and is held responsible if a data breach occurs. There is a huge gap between the interests of these two sides.

 

Anne:  How do we bridge this gap?

Eran:  LetMobile was built to find this balance and to bridge this gap. We provide the best of both worlds; IT gets security compliance management and data protection, and users get a native email experience on the device of their choosing. They don’t have to use subpar email clients to consume corporate emails or separate the process of reading work email from reading personal email.

With LetMobile security policies apply only to corporate data, so the solution has no knowledge or control over personal data or app’s. This means users are free to use their devices how they wish, do not need to fear corporate “big brother,” and don’t have to comply with annoying policies like being forced to lock their devices or granting the company access to wipe their devices.

 

LetMobile diagramAnne:  Wow, that sounds almost too good to be true. How does LetMobile work?

Eran:  LetMobile is a gateway solution. We offer on-premise and SaaS offerings that act as an intermediary between Exchange (or your email service) and user devices. The LetMobile gateway streams email to the device, so email and email attachments are never stored on the device. Additionally, corporate credentials are never stored on the mobile device, so if the device is lost, the user’s corporate creds cannot be compromised.

 

Anne:  Beyond basic email security what are some of the other cool capabilities of LetMobile?

Eran:  LetMobile includes data loss prevention (DLP) capabilities that look into the “body” of emails and attachments and can take action based on the presence of keywords or regular expressions. This coupled with LetMobile’s geo-fencing capabilities means say a financial institution could enforce a policy where customer account numbers are masked in emails unless the device is in a trusted location. LetMobile can keep confidential information from leaving the four walls of your corporate headquarters and even your country’s borders.

 

Anne:  If readers want to learn more about LetMobile or see a demo, what should they do?

Eran:  We have a wealth of information out there on our website. Check out…

Also, Shavlik will be hosting a number of live LetMobile webinars in the coming weeks, so stay tuned to our webinars page for more information.

Shavlik Security Advisory: Insufficient Patch Management Could Lead to Attacks From More Than Just Hackers

Two months ago, Shavlik released a security advisory alerting our customer community to the availability of off-the-shelf, exploit kits that enable less sophisticated hackers to mimic a Target-like attack.

In that advisory, Rob Juncker, Vice President of R&D for Shavlik, accurately predicted the availability of these exploit kits would lead to the following.

  • More companies will be coming forward to report breaches.
  • The scope of these breaches will go beyond retailers to impact all types of business that have valuable and private information.

Earlier this month, the game changed again, but this time the threat doesn’t come from hackers alone; it’s coming from the court room, the halls of government, and maybe even from your own employees. For the first time we are seeing companies being held legally and financially responsible for security breaches that occurred due to insufficient and/or negligent security practices.

Today, Shavlik is issuing another security advisory to draw your attention to three landmark cases that made headlines earlier this month.

 

$150K HIPAA Fine for Unpatched Software  

Anchorage Community Health Services was fined $150,000 by the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) for “failure to apply software patches [that] contributed to a 2012 malware-related breach affecting more than 2,700 individuals,” according to GovInfoSecurity.

This incident is the first where a company has been held liable by OCR for failing to patch software, and now a precedent has been set, making disciplined patch management a critical part of HIPAA compliance.

“Successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ePHI on a regular basis. This includes reviewing systems for unpatched vulnerabilities,” OCR Director Jocelyn Samuels said to GovInfoSecurity.

 

Target Ruling Raises Stakes for Cybersecurity Vigilance 

U.S. District Court in Minnesota denied Target Corporation’s motion to have litigation dismissed that has been filed by financial institutions who suffered losses as a result of Target’s 2013 data breach.

According to Reuters, Judge Paul Magnuson found “…banks were foreseeable victims of Target’s allegedly negligent conduct.”The report went on to say, “Importantly, Judge Magnuson said that imposing a duty of care on Target ‘will aid Minnesota’s policy of punishing companies that do not secure consumers’ credit- and debit-card information.’”

This case may set a precedent for companies to be financially liable to both consumers and financial institutions for breaches that compromise customer data.

 

Employee Data Breach the Worst Part of Sony Hack

Two employees filed a class action lawsuit against Sony for allegedly not taking adequate precautions to secure employee data.

According to an article posted on TechCrunch, “The complaint references a tech blog reporting to note that Sony was aware of the insecurity on its network and took the risk.”

It has been confirmed that employee emails, website viewing activities, credit card website credentials, and social security numbers were among the data made public as a result of the Sony breach, and now after having already lost an estimated $100 million, Sony could be in for more expense at the hands of its own employees.

 

In a month where the security stakes have never been higher for corporations, CIO Magazine reported that Most Companies Fail at Keeping Track of Patches, Sensitive Data. According to its report,

  • 12% of companies have no patch management process at all
  • 58% of companies have a patch management process that is not fully mature (e.g. may patch the OS but not third-party applications)
  • 19% of companies have no control or tracking of sensitive data at all

If you see your organization in any of these statistics, now is the time to act. Your response will not only help keep your company out of the headlines but also out of the court room.

Beyond Patch: Shavlik Protect IT Scripts

As we continue in our “Beyond Patch” video blog series, let’s examine Shavlik Protect’s ITScripts capabilities.

Protect’s ITScripts allow you to run PowerShell scripts on targeted machines at a scheduled time.

Why is this important?

  • You can automate the performance of mundane maintenance tasks like Check Disk or defrags. Tasks that often get left undone due to time constraints can now be done automatically at a time of your choosing.
  • You can acquire information about the machines in your environment. For example, you can run scripts to report on disk space or when the machine was last rebooted.
  • Shavlik Protect provides a library of scripts you can use OOTB or…
  • You can create your own PowerShell scripts and use Protect to schedule and to deploy them. This means that nearly any operation can be automated.

Check out this video where Shavlik Product Evangelist John Rush walks you through the ITScripts capabilities within Shavlik Protect. For more information, please contact us at sales@shavlik.com.

Beyond Patch: Shavlik Protect Anti-Virus

Having effective patch management and anti-virus practices are two of the most basic building blocks of network security.

However, this often requires separate software solutions that come with separate agents and most importantly, separate costs. With Shavlik Protect’s antivirus, you can bring together what all too often is separate:  patch and A/V.

Shavlik’s anti-virus solution provides:

  • Access to patch and antivirus capabilities as well as reporting from a single console
  • A single-agent for managing patch, anti-virus, and anti-spyware policies
  • The ThreatTrack Security VIPRE engine

Check out this video where Shavlik Product Evangelist John Rush walks you through the anti-virus capabilities within Shavlik Protect. For more information, please contact us at sales@shavlik.com.

Beyond Patch: Shavlik Protect Power Management

We all know and love Shavlik Protect for its patch management capabilities, but Protect’s value doesn’t stop when the calendar flips past Patch Tuesday.

Protect offers a wide array of features that simplify the complexity of IT, save time and money, and keep your network more secure. In this video blog series we will explore the capabilities of Shavlik Protect beyond patch.

————————

Maximize your time during maintenance windows, find un-managed machines on your network, be green, and even save your company some money…did you know that Shavlik Protect’s Power Management can do all of this and more?

With Shavlik Protect’s Power Management you can…

  • Turn off power-hungry machines when not in use
  • Control power up, sleep, and power down
  • Wake up machines for maintenance windows
  • Perform quick scans to find un-managed machines on your network

Check out this video where Shavlik Product Evangelist John Rush walks you through the Power Management capabilities within Shavlik Protect. For more information, please contact us at sales@shavlik.com.

Shavlik Patch 2.1 Makes 3rd-Party Patching With SCCM Even Easier

PatchWithoutBorderShavlik is proud to announce today’s release of Shavlik Patch for Microsoft System Center 2.1.

This is the second Shavlik Patch release this year, and it represents yet another quantum leap towards making third-party application patching within SCCM easy.

Shavlik Patch 2.1 focuses on five core areas: setup and configuration, automation, core patching capabilities, ease of use and globalization.

  • Setup and Configuration – Our new configuration checker allows you to verify that your SCCM environment is ready to publish and deploy third-party patches. It’s easy for application versions, credentials, and certificates to get out of sync. No problem; the configuration checker will point you to discrepancies in your environment, so you don’t have to guess where the problem exists.
  • Automation – With Shavlik Patch 2.1, you can create and save filters that allow you to control which applications, which vendors, and which individual updates you publish for a timeframe of your choice. For example, say you want to publish all Adobe updates, Oracle Java and Chrome updates, within the last 30 days. You can now build that filter, view the updates that meet that criteria, and automatically publish them.
  • Core Patch Capabilities – With Shavlik Patch 2.1, we introduce a patch details view that tells you lots of great information about each update. Also, Shavlik Patch now handles superceded patches.
  • Ease of Use – You thought Shavlik Patch 2.0 was easy; well, it just got better. Shavlik Patch 2.1 introduces authenticating proxy support, the ability to run scheduled jobs as a different user, and the ability to choose, hide and reorder columns in the updates view.
  • Globalization – Shavlik Patch is now available in 11 languages. Additionally, you can also view translated versions of our User’s Guide. Hablas Espanol? Great, so does Shavlik Patch.

Now, being the seasoned SCCM admin that you are, you’re probably thinking, “Wow, that’s cool, but I won’t be able to use it for six months because it’ll take that long to get it working in my environment.”

Umm…no. Here’s the directions for upgrading Shavlik Patch from 2.0 to 2.1 (no kidding check out our User’s Guide).

  • Close SCCM
  • Download the latest version of Shavlik Patch from www.shavlik.com/downloads
  • Install the Shavlik Patch exe
  • Open SCCM

That’s it! All of your configuration settings, filters, and registration info will still be there. We don’t mess with anything in your SCCM database. You can be up and running on Shavlik Patch 2.1 in about five minutes.

With today’s release, Shavlik has also announced the end of life for Shavlik Patch 2.0 on December 1, 2015. We encourage all customers to upgrade to 2.1 at your earliest convenience. Pro tip – there’s lots of great stuff in 2.1.

For more information about today’s release, please join us for one of our Shavlik Patch 2.1 release webinars.

If you are using Shavlik Patch today, please join us for this webinar.

Patch Like a Pro! New Shavlik Patch for Microsoft System Center 2.1 | Wednesday, November 18, 2014 10:00 am CST | Register Now

If you are new to Shavlik Patch, please join us for this webinar.

Why Break SCCM? Get Third-Party Application Patching Without Additional Infrastructure | Wednesday, November 13, 2014 10:00 am CST | Register Now

Tune in later this week as I continue to share more insights on the latest release of Shavlik Patch and how this solution sets itself apart from other third-party patch add-on’s for SCCM.