Patch mgmt. tools on tap from Shavlik

ST. PAUL, MINN. - Automating will be the prevailing theme next week when Shavlik Technologies releases the first major revision of its patch management product for Microsoft software.

For customers, patch management, vulnerability assessment and remediation, and configuration management are all part of a corporate defense they are building. For example, last month's MS-SQL Slammer worm exploited a flaw in SQL Server that Microsoft identified and issued a patch for in July 2002. Gartner reports that more than 90% of security exploits are carried out through vulnerabilities for which there is a known patch.

With HFNetChkPro 4.0, Shavlik is introducing automated find-and-fix features that control what machines are scanned and how patches are deployed, and that track the success of patch installation for each server. (See review.) The software can autodiscover machines missing critical patches, and then push the patches out and install them. Shavlik also has added templates that let companies customize scans for patch assessment by groups of servers or products. HFNetChkPro 4.0 also includes tools to assess the vulnerabilities that new patches address and to foster collaboration between administrators.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

ST. PAUL, MINN. - Automating will be the prevailing theme next week when Shavlik Technologies releases the first major revision of its patch management product for Microsoft software.

For customers, patch management, vulnerability assessment and remediation, and configuration management are all part of a corporate defense they are building. For example, last month's MS-SQL Slammer worm exploited a flaw in SQL Server that Microsoft identified and issued a patch for in July 2002. Gartner reports that more than 90% of security exploits are carried out through vulnerabilities for which there is a known patch.

With HFNetChkPro 4.0, Shavlik is introducing automated find-and-fix features that control what machines are scanned and how patches are deployed, and that track the success of patch installation for each server. (See review.) The software can autodiscover machines missing critical patches, and then push the patches out and install them. Shavlik also has added templates that let companies customize scans for patch assessment by groups of servers or products. HFNetChkPro 4.0 also includes tools to assess the vulnerabilities that new patches address and to foster collaboration between administrators.

"Shavlik is proving it has the vision in terms of where the market will go and the company is moving and moving quickly," says Eric Hemmindinger, an analyst with Aberdeen Group. He says corporations are looking to build "vulnerability remediation," which includes "everything you can solve by installing software and changing configurations."

Shavlik's challenge now is to expand its product to handle more than just security patches and Microsoft products, and to add a configuration management component.

"Our next plan is to cover products that live on the Microsoft [operating system], such as Lotus Domino," says Mark Shavlik, CEO of Shavlik. "Later this year we will also start to support Unix and Linux platforms." Shavlik says the company also is working on plug-ins for Microsoft Systems Management Server and IBM's Tivoli management platforms.

HFNetChkPro 4.0 introduces drag-and-drop patch management through which administrators can select a group of computers or IP addresses, drop them on an icon that represents a rule such as search for a particular patch and install it if it is missing. The tool works in conjunction with Shavlik's new PushPatch Tracker, which shows in real time what is happening on each server being scanned. Previously, HFNetChkPro only had a static console that reported final results.

HFNetChkPro's scanning engine is the same one found in the more manual HFNetChk, which Shavlik developed and Microsoft licensed for free distribution.

While those products are considered rudimentary tools, HFNetChkPro is the corporate version that competes with products from Aelita, BigFix, ConfigureSoft, Ecora, Loudcloud and others.

Shavlik HFNetChkPro 4.0 will ship next week and is priced at $23.75 per server or workstation for 100 managed CPUs.

Read more about security in Network World's Security section.