RSA show

Just back from vacation in NYC, and its nice to not have to pay someone every time I step out of a car...

Please stop by and visit us at the RSA show this year, we will have presenters from VMware, Juniper and of course best of all Mike Rothman from Security Incite and our own Eric Schultze.  We will cover the latest in security from all of us and our customers, including our new work in the Federal areas with SCAP and FDCC, cool new VM security management, and Juniper's integration with our line.

On other notes it seems Apple is pushing a copy of its Safari browser out to Windows users of iTunes, and with missing patches no less.  We are working on removing and patching this s/w shortly via Protect. 

Brett Favre

Since I am from Green Bay, WI(i) it was nice to see the post from Mike about Brett Favre.  I was at Favre's first game in '91 (Bengals with Boomer at QB) which was shortly after my brother and I watched Favre in practice in summer camp, all we knew was Favre liked to drink, was like 3-5 passing in his 1st season in the NFL, plus we gave a 1st round pick to Atl (rolled our eyes) for the guy, then we saw his great arm and it made us think, or better said hope.

Of coursr I still do not believe the NYG championship game is over, and it took me this long to even write on note on Favre's leaving the game. Its all a healing process.

Shavlik NetChk Compliance 2.1

I am pleased to announce the availability of the newest version of Shavlik NetChk Compliance 2.1, designed to simplify and automate policy and security configuration management, including policy mapping support to map selected security configurations to established industry best practices.  This product  is part of a long  lone of security review and remediation products we  (started with me coding all of it) created since 1996, we have created  products like this for Secure Computing, Microsoft and even 3M  (for internal use in the early 90s), after 11 years somethings have changed, mainly  rules and regulations forcing  more  network security management, but security still boils down to  proper  configuration,  passwords and of course patches, I guess once that problem goes away the need for products like this will too.

Our team works hard to make this easy to use, and to meet the needs of our customers while providing the key security needed.  My hats off to them

The new features in version 2.1 include:

· Shavlik Policy Dashboard for policy compliance snapshot and trending

· NIST 800-53 controls inline for FISMA Compliance support

· New filter options to create, view, and report policy for audits and enforcement, allowing for management by rules and regulation

· Windows Vista system included

 

If you are interested in learning more about our product, please visit our web site at http://www.shavlik.com/product_cat_compliance_mgmt.aspx

 

If you would like to see what industry analyst Ted Ritter of IT Ritter Global Security Compliance, an independent research and advisory business, says after reviewing Shavlik NetChk Compliance, please visit his blog at http://www.itritter.com/blog1/?page_id=24.

BARCLAYS SELECTS SHAVLIK TECHNOLOGIES’ solutions for patch and security configuration management

BARCLAYS SELECTS SHAVLIK TECHNOLOGIES’ solutions for patch and security configuration management

 

Shavlik and Satisnet Team to Fill Immediate Need for Fast and Accurate Patch Status and Configuration Policy Enforcement for Global Banking Leader

 

St. Paul, MN & LONDON (April 23, 2007) — Shavlik Technologies, LLC, a leading automated vulnerability and security configuration management provider, today announced that Barclays, one of the largest financial services companies in the world, selected Shavlik NetChk^™ Protect for its UK network patch scanning requirements, and Shavlik NetChk^™ Compliance to scan, remediate and report on network configuration policy status.  Both solutions were selected on the basis of their rapid assessment and remediation management, and accuracy in determining the security status of Barclays’ enterprise network.

 

The project is being led by Satisnet, Shavlik’s Premier Partner in the

UK

. The initial contract covers the Barclays network in the

United Kingdom

– over 60,000 systems – with potential for worldwide deployment.  Barclays turned to Shavlik Technologies after determining other market solutions lacked the ease of installation, speed and accuracy required for the company’s patch scanning and configuration management requirements. 

 

“Both of Shavlik’s solutions more than proved themselves over the course of Barclays validation testing for proof of concept,” said John McGinley, sales director, Satisnet.  “Shavlik provides a more accurate picture of the network’s security status so the customer can rapidly accommodate patch deployment and configuration management in a timely manner.  Shavlik NetChk Protect outperformed the competition in the areas of patch detection intelligence, patch status reporting, ease of use and value.  Shavlik NetChk Compliance outshined the competition in automation of policy and baseline development, policy enforcement, and audit-ready reporting. No other solutions were seriously considered.”

“We are pleased that Barclays selected Shavlik’s latest solutions to solve their policy and compliance challenges,” said Mark Shavlik, president and CEO of Shavlik Technologies. “Everyday we talk to more enterprise customers who need a simpler way to answer the question, ‘How secure am I?’ and quickly determine which systems on their networks are in or out of compliance with defined policy.  We are able to provide our customers with easy to use security solutions that reduce their overall risk and increase their organization’s IT audit readiness.”

Shavlik NetChk Protect provides integrated patch management and application control.  The solution offers a simpler more automated approach to enterprise vulnerability management, while at the same time addressing the needs of the larger enterprise with features such as support for highly distributed environments, flexible deployment options, rich reporting capability, and up to the minute assessment data.

Shavlik NetChk Compliance is a policy management solution that scans for, compares, and enforces security settings on the network.  The solution simplifies and automates policy and security configuration management, and includes policy mapping support to map selected policies to established industry best practices.

 

About Shavlik Technologies

Shavlik Technologies, LLC is the market leader in the simplification of complex enterprise network configuration, compliance and security.  Shavlik’s solutions support an organization’s need for Active Vulnerability Management – the automated and continual process for preventing, detecting, and removing critical security threats from corporate networks while maintaining policy-driven security configurations.

 

Founded in 1993, Shavlik Technologies is the de facto industry standard for patch management solutions.  With more than 10,000 customers worldwide, Shavlik is trusted to provide the most up-to-date security patch data and the most comprehensive discovery capability to maintain a customer’s overall network security integrity.  Company CEO Mark Shavlik is a founder of the patch management industry as he teamed with Microsoft in 1999 to create the patch engine for Microsoft Base Security Analyzer (MBSA).  This technology is still used by an installed base of millions of users across the globe. Shavlik also licenses its technology to more than 20 leading security companies such as IBM, BMC, Symantec and iPass.  Shavlik’s products have won multiple awards from leading industry trade journals.  For more information, contact Shavlik at www.shavlik.com or call 1-800-690-6911 or +1- 612-331-6737.

 

About Satisnet

Founded in 2000, Satisnet has developed into a pan-European Group specializing in IT and Network Security, providing Sales, Marketing, Support and Training Services.  Satisnet are the leading Security Systems Integrator and the Trusted Security Partner for many of the FTSE 250. 
As a specialist in information security, our expertise lies in identifying, analyzing and minimizing network and system security risks and offering comprehensive solutions that address the total IT requirements of our customers, allowing them to grow and achieve their business goals securely.  Satisnet have been instrumental in introducing some of the leading technologies and services into EMEA, and continue to research new technologies and bring them to market.

 

###

IMPORTANT NOTICES: 

Confidential Information. The information contained in or attached to this e-mail may be confidential information subject to protection by law or terms of applicable confidentiality agreements, and is intended only for the use of the individual or entity named above. It may not be disclosed to or used by anyone other than the addressee, nor may it be copied or forwarded in any way without the consent of the sender. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you should destroy this message and notify the sender by reply email. No binding commitment from the sender may be inferred by means of E-mail communications.

 

me in the news

http://www.informationweek.com/shared/printableArticle.jhtml?articleID=193402580

Me in the news

Shavlik Tech Scholarship

The team at Shavlik Technologies sponsors a full time student who studies Computer Security. I was fortunate enough to be invited to the scholarship awards dinner were a number of student speakers shared their experiences.

Our sponsored student is transitioning from a manufacturing career to one in computer security after the business he worked at for many years shut down.  He is getting high grades and is very motivated to learn Computer Security.

Our sponsorship is attracting new people to the industry, and people with a diverse background which is great as it starts to round out the industry.  Bringing in new ideas and people while at the same time give people a chance.  For that I thank all the employees at Shavlik Technologies for making it happen.

Shavlik Spyware strategy

I often get asked what our Spyware strategy is.  Why did we enter the market when there are established companies including the AV companies?  Why are we different? What is in the future for our Spyware solutions?

Updated, here is a review of our spyware/patch integration:  Redmond Mag Review of Shavlik NetChkPro,

Our interest in Spyware started in 2004 when customers started to ask us to help them manage more with our products as they were now seeking both best of breed and integrated solutions to lower costs and to increase security at the same time.  They said they liked working with our products because they made it much easier for them to manage the patching of their networks and now they wanted us to do more. (sounds like marketing speak I realize, but if I cannot brag about our products who can? :) )

We spent a good part of the first half of 2004 asking customers and looking at the products available for security management and one of the top things that came up with helping people indentify and remove unwanted software from their networks.  Our customers said that they wanted to manage spyware with the same tools and teams as they were managing patching with, this would bring efficiences and cost savings they told us.

Unwanted software was causing a substantional rise in help desk costs, lowered worker productivity and of course security risks.  This was not virus software, this was software users either wanted to install or had it installed as an unknown side effect of other actions.  We call this NonBizware as well as Spyware, and in 2004 no spyware product was addressing these needs.

As is still true today, most spyware products are designed from the end-users perspective, with the goal of stopping the spyware from running.  There is less functionality focused on helping the system admin manage the indentification and removal of unwanted software, something we believe our products are designed to do.  Most spyware products, including those from AV vendors, are still single purpose, they are not designed to solve a bigger security management problem, something we are working to do. We also remove the entire spyware signature to assure the registry and file systems are cleaned up, both for performance increases and to assure the spyware does not regenerate.

Shavlik HFNetChkPro, our patch management product, we soon realized has the features a spyware management product needs, computer groups, rich reporting, ease of use, admin control, advanced network discovery, minimized end-user disruptions and other system management features.  We also support the rapid response needed by the security world via our global XML real time distribution of patch information direct to each customer's desktop.  We saw that the needs of the spyware management industry dove tailed well into our existing patch product's model and we started to created our Spyware product.  At all times we worked hard, and continue to work hard, at keeping our patching product very strong while we added the spyware product to it.  We also wanted to make both our patching and spyware product best of breed, availble stand alone and integrated.  We also want our software to be easy to setup, easy to use and fast.

Today, our integrated patching and spyware product, called Shavlik NetChk Protect is the result of these efforts as our stand alone security patch management and spyware products, all sharing the same code base with only a Key used to enable the products.  We have integrated spyware and patching in the same code base, using the same Shavlik data research and management teams for both patching and spyware.  This gives our customers a common product to manage both and our development teams a solid level of efficiency.

Going forward we will continue to build out both our patching and spyware products, integrated in the same product, as we add more support for simplifed network security management.  Our next release, 5.6, is now in beta and it adds admin controlled client side Active Protection which will monitor, in real-time, for spyware activity and will remediate.  5.6 will have other key new features we will detail shortly.  Over time we will add other product lines to this integrated system, or will build out management suites with similar look and feel so our customers can manage more and more of their networks with our products, some thing we get asked for often.  We will publish more on this as things get closer to release. 

Our Shavlik NetChk Compliance product is one such line that was driven by customer demand to add in compliance management to their network security management. Our Quraneteen work with McAfee and Juniper are more example of this work as is much of our OEM work. In all of these new items we will continue to build on our core of patch and spyware managemet.  A quick look at our products page can be found here.

So this is my giant post answer when for use when I get asked what our Spyware strategy is, it is actully more the Shavlik product strategy with Spyware included. 

About This Blog

Welcome to my observations, thoughts and vision for computer security. I am lucky enough to travel all over the world talking and learning about security as part of my CEO job with Shavlik Technologies  LLC which I founded in 1993.   Our security products are licensed to Microsoft, Symantec, BMC and 20 other OEM customers, and we sell them on our own, bringing our products to over 20,000 global customers for our full product and millions of downloads of our free products.  We also wrote, and co-own, Microsoft MBSA and solely own Shavlik HFNetChk which are used by millions of people to secure their computers.   All this allows me to work with the leading security people and for that I am grateful. I hope readers find the experiences I am able to share helpful in their efforts in the security world. Our products include Shavlik HFNetChkPro, Shavlik HFNetChk Spyware, Shavlik NetChk Protect and Shavlik NetChk Complance.

Initial Entry - Star date 1

Today starts my blog, something I have been looking forward to and thinking about of a long time.  Each day of the week I spend hours thinking about, working on, and talking about computer security and running a security products and services business. This teaches me many things, most of which are well worth sharing.

I have been creating technology for the past 20 or so years, starting out at Microsoft pre-ipo in the 1980s working on NT kernels. Continuing to this day with Microsoft still running technology my company created in the form of MBSA, the well known security product we wrote for Microsoft so many years ago as I run the company I founded in 1993 Shavlik Technologies, LLC. 

My guess is I have one of the longest, most active tenures in the PC world having grown from the DOS and OS/2 world, to Windows and now the Internet.  Now we support, and we work directly with,  Symantec, BMC, McAfee, Juniper and a number of key security vendors along with working directly with 1000s of customers world-wide, discussing security challenges, successes and visions for the future. Its been a great experience and continues to be so.

It always amazes me how far in advance planning must occur to be successful.  Thinking about 2008 in 2006 is a challenge alone.  Then we must add in near term execution with any long term vision, there is no luxury of a 5 year development cycle any more, at least for us.  Keeping our employees, partners and customers on the same page is also key and another big challenge.

Security has long a been a key part of what I do, and what our company does.  Today the world is very much aware of security needs, something that is fairly recent in the history of computing. 

The industry is still very much thinking of meeting a new market with a new technology as fast as possible, security just gets in the way in that case.  Going forward more and more companies, lead by companies like ours, will design security in from the start which will go a long way. 

Patching in security after the fact is very difficult and that is why we are seeing the patch crisis we see today.  Patching is just one aspect, a key one of course, in the greater security space.  At Shavlik we have built a pretty good patching product and now we are adding in other key security items such as removing unwanted software such as spyware, rootkits and the like.  We are also automating the management of security configuration driven by security standards such as ISO.

Security is a big problem that is difficult to solve, sadly there is no silver bullet.  IDS, Firewalls, end user training, patching, Malware configuration management and others are key.  That may be the bad news, but the good news is that there are many good ways to build security into your world, ways that are not too difficult or expensive.  It is in this area that I focus my efforts, making security products and services that are available and easy to use, yet with solid results.

As networks get more and more complicated by mobile devices, unmanaged users and computers on the network the security challenge only grows. Making it a process much more than a solution.