Shavlik Technologies

Last updated
Shavlik Technologies
Company type Private company
Industry Computer Security
Founded1993
FounderMark Shavlik
Headquarters
New Brighton, Minnesota
,
United States
ProductsShavlik Protect Shavlik SCUPdates
Parent Ivanti
Website www.shavlik.com

Shavlik Technologies was a privately held company founded in 1993 by Mark Shavlik, who also was one of the original developers of Windows NT in the late 1980s and early 1990s at Microsoft. [1]

Contents

The company provided software and services for network vulnerability assessment and for managing network security patches. Mark Shavlik left his role as CEO when Shavlik Technologies was acquired by VMware in May 2011, then held the position of Vice President and General Manager at VMware until March 2013. Today Mark Shavlik is the CEO of security automation product creator Senserva.

In April 2013, LANDESK purchased the Shavlik business unit and all rights to the Shavlik products from VMware. During the same period, LANDESK announced a partnership that made VMware an Alliance Partner. [2]

In 2017 LANDESK merged with HEAT Software creating a new IT Software company called Ivanti. Today, while the Shavlik name has been retired, the same Shavlik products are vital to the Ivanti security portfolio. [3]

History

Prior to the acceptance of Windows NT as a legitimate, enterprise operating system in the late 1990s, most enterprise software was written for Unix or some other mainframe operating system. Shavlik's roots were in providing consulting services to help organizations make the leap to Microsoft OS's and contributed to them delivering products on NT. Shavlik later extended its services business into software security consulting, primarily with businesses in highly regulated industries such as banking and healthcare. The services centered on providing a Certified Information Systems Security Professional (CISSP) to perform security audits and penetration testing.

In the early 2000s the failure to keep software up-to-date by applying patches was a common flag on audits. One of the central challenges in addressing the problem was that companies did not have an easy way to determine which machines were out of date and they did not have a methodology to deploy updates. During this era, Microsoft wrestled with addressing this issue internally. They wanted a tool to detect which NT servers in a large NT server environment were missing patches so "hot fixes" (see Hotfix) could be installed on those machines. However, because these NT servers were critical to operations, Microsoft required that this process be completed without installing any extra software, such as an agent, on the servers.

In an effort to address the "hot fix"issue, Shavlik built the first agentless patch scanner for Windows NT. [4] The product was named HFNetChk (the acronym designating HotFix Network Check). The HFNetChk release was followed by another partnership wherein Shavlik helped build the Microsoft Baseline Security Analyzer (MBSA). This tool did minimal patch scanning along with some basic OS configuration checks. It was delivered by Microsoft as part of the Windows 2000 Server Toolkit.

HFNetChk Pro 3.0, which was never released externally, introduced the ability to not only scan for missing patches but also to deploy those patches. This eliminated the need for an IT administrator to apply patches manually.

In 2003, Shavlik brought HFNetChk to market for the first time. Version 4 featured a Visual Basic "web friendly" user interface. Previous versions of HFNetChk were operated via a command line interface.

Patch Management

In January 2003, the SQL slammer worm exploited a vulnerability in SQL Server that allowed a denial of service and slowed traffic on many internet hosts to a crawl. The worm went viral affecting 75,000 systems in the first ten minutes. Microsoft had made a patch available six months prior indicating that a failure to patch led to the widespread, security breach, not the vulnerability itself. [5]

Shavlik's HFNetChk was the first product in the market that could scan for and deploy missing patches on Windows machines. In the aftermath of the SQL Slammer worm and after a series of other highly publicized exploits hit in 2003/2004, Shavlik made the decision to move away from consulting and to fully invest in software development for patch management products.

Shavlik Protect

Shavlik added standalone and integrated anti-virus capabilities to version 5 of HFNetChk and changed the product name to HFNetChk Protect, eventually dropping HFNetChk. [6]

During the Version 6 timeframe, Protect introduced the capability to patch offline virtual machines and VM templates. This project was the first in a series of partnerships Shavlik entered into with VMware, and the capability meant that Protect could agentlessly patch machines in both physical and virtual environments. With Version 7 and its various point releases, a new user interface was introduced as well as physical and virtual asset inventory. Agent support was integrated into Protect and was no longer offered as a separately licensed product. Shavlik also shifted more of its detection logic out of Protect and into the content.

Version 8 of Protect fixed many stability issues. Due to a number of customer complaints, Shavlik focused on making the product more stable. Version 9 introduced hypervisor patching for VMware implementations as well as the ability to patch off-network machines via the cloud.

Microsoft Collaboration

Shavlik's technological advancements have been significant enough to attract attention from Microsoft, resulting in cooperative efforts between the two companies and the development of the Microsoft Baseline Security Analyzer (MBSA), which is based on Shavlik's HFNetChk (the acronym designating HotFix Network Checker) released in 2001. [7] This technology has evolved, but is still the core technology in the current product offerings and has been licensed by multiple OEM partners to provide patch management capabilities to a variety of IT management solutions with a combined install base of millions of users across the globe. [8]

In the late 2000s, the industry saw applications being exploited by hackers shift from Microsoft OS and other Microsoft applications to third-party applications like Java, Adobe, music players, and non-Microsoft internet browsers. During this time, products like Microsoft System Center Configuration Manager (SCCM) provided Windows patch capabilities via the Windows Server Update Services (WSUS); however, it didn't (and still doesn't) patch third-party products. According to Global Analyst Firm Gartner, this left administrators with limited choices: don't patch third-party products leaving the network at risk, author and test a custom patch each time a third-party product requires an update, or deploy the patches manually to each affected machine. [9]

In April 2010, Shavlik released SCUPdates – a catalog of patch content that automated the process of building third-party patches and delivering them to Windows clients via an integration with Microsoft System Center Updates Publisher (SCUP) and SCCM. In tandem with the initial SCUPdates release, Microsoft and Shavlik also announced Shavlik's inclusion into the Microsoft System Center Alliance. [10]

Patch Management to the Cloud

In 2010 Shavlik released IT.Shavlik which provided a web-based front-end to the traditional Shavlik toolkit of asset inventory, patch scanning, and patch deployment. This Software as a Service (SaaS) application simplified the workflow for inventory and systems patching than was possible with the on-premises, Protect solution.

Microsoft referred to SaaS as "software plus services" for a few years. [11]

In early 2009, Shavlik formed an OEM partnership with VMware to build a cloud-based application designed to help IT administrators in smaller businesses deploy a virtual environment. VMware Go (vGo) was intended to be an "onramp to virtualization," serving smaller customers until they were ready to upgrade to the more sophisticated vCenter suite. vGo was originally brought to market as a free-use cloud-based product.

VMware and Shavlik invested heavily in vGo, and the product was expanded to include asset inventory, patch scanning, and an IT advisor recommendation engine. Later in attempts to monetize vGo's services, a paid version called VMware Go Pro introduced patch deployment. This led to the migration of users from IT.Shavlik to VMware Go.

Acquisition History

VMware's interest in VMware Go as well as the virtual infrastructure patching capabilities within Protect led to its acquisition of Shavlik Technologies in May 2011. The terms of the acquisition were not publicly disclosed. [12]

In January 2013, VMware announced its intent to "sharpen its focus" on the software-defined data center and hybrid cloud services. [13] As part of this realignment, VMware sought to sell off products that weren't contributing to its core business such as its SlideRocket presentation software and other "non-key cloud and virtualization technologies." [14] The Shavlik product line found itself on that list.

In April 2013, LANDesk Software purchased the Shavlik business unit and all rights to the Shavlik products from VMware. At the same time LANDesk announced a partnership which added VMware to LANDesk's list of Alliance Partners. [15] Shavlik's move to LANDesk triggered new investment in Shavlik Patch for Microsoft System Center (formerly SCUPdates) as well as other products that enhance the experience for companies using SCCM.

In early 2017, Clearlake Capital acquired LANDesk and Shavlik, along with Heat Software, Appsense and Wavelink; the combined company uses a new corporate name and product brand, Ivanti. [16] [17]

Related Research Articles

<span class="mw-page-title-main">Windows Update</span> Software update distribution service for Microsoft Windows

Windows Update is a Microsoft service for the Windows 9x and Windows NT families of the Microsoft Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Windows, as well as the various Microsoft antivirus products, including Windows Defender and Microsoft Security Essentials. Since its inception, Microsoft has introduced two extensions of the service: Microsoft Update and Windows Update for Business. The former expands the core service to include other Microsoft products, such as Microsoft Office and Microsoft Expression Studio. The latter is available to business editions of Windows 10 and permits postponing updates or receiving updates only after they have undergone rigorous testing.

<span class="mw-page-title-main">Service pack</span> Single installable package of software updates

In computing, a service pack comprises a collection of updates, fixes, or enhancements to a software program delivered in the form of a single installable package. Companies often release a service pack when the number of individual patches to a given program reaches a certain (arbitrary) limit, or the software release has shown to be stabilized with a limited number of remaining issues based on users' feedback and bug reports. In large software applications such as office suites, operating systems, database software, or network management, it is not uncommon to have a service pack issued within the first year or two of a product's release. Installing a service pack is easier and less error-prone than installing many individual patches, even more so when updating multiple computers over a network, where service packs are common.

A patch is data that is intended to be used to modify an existing software resource such as a program or a file, often to fix bugs and security vulnerabilities. A patch may be created to improve functionality, usability, or performance. A patch is typically provided by a vendor for updating the software that they provide. A patch may be created manually, but commonly it is created via a tool that compares two versions of the resource and generates data that can be used to transform one to the other.

Microsoft Configuration Manager (ConfigMgr) is a systems management software product developed by Microsoft for managing large groups of computers providing remote control, patch management, software distribution, operating system deployment, and hardware and software inventory management. Configuration Manager supports the Microsoft Windows and Windows Embedded operating systems. Previous versions also supported macOS (OS X), Linux or UNIX, as well as Windows Phone, Symbian, iOS and Android mobile operating systems.

A hotfix is a software update that is released outside the normal update cycle or intended to be applied to a live system; often to fix a bug.

Microsoft Servers is a discontinued brand that encompasses Microsoft software products for server computers. This includes the Windows Server editions of the Microsoft Windows operating system, as well as products targeted at the wider business market. Microsoft has since replaced this brand with Microsoft Azure, Microsoft 365 and Windows 365.

A dedicated hosting service, dedicated server, or managed hosting service is a type of Internet hosting in which the client leases an entire server not shared with anyone else. This is more flexible than shared hosting, as organizations have full control over the server(s), including choice of operating system, hardware, etc.

<span class="mw-page-title-main">Windows Server 2008</span> Fourth version of Windows Server, released in 2008

Windows Server 2008, codenamed "Longhorn Server", is the seventh release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on February 27, 2008. Derived from Windows Vista, Windows Server 2008 is the successor of Windows Server 2003 and the predecessor to Windows Server 2008 R2. It removed support for processors without ACPI, and is the first version that includes Hyper-V.

<span class="mw-page-title-main">Windows Server Update Services</span> Update distribution system for Windows Server

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program and network service developed by Microsoft Corporation that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment. WSUS downloads these updates from the Microsoft Update website and then distributes them to computers on a network. WSUS is an integral component of Windows Server.

Veritas Backup Exec is a data protection software product designed for customers with mixed physical and virtual environments, and who are moving to public cloud services. Supported platforms include VMware and Hyper-V virtualization, Windows and Linux operating systems, Amazon S3, Microsoft Azure and Google Cloud Storage, among others. All management and configuration operations are performed with a single user interface. Backup Exec also provides integrated deduplication, replication, and disaster recovery capabilities and helps to manage multiple backup servers or multi-drive tape loaders.

<span class="mw-page-title-main">Microsoft Baseline Security Analyzer</span> Computer security evaluation tool

Microsoft Baseline Security Analyzer (MBSA) is a discontinued software tool that is no longer available from Microsoft that determines security state by assessing missing security updates and less-secure security settings within Microsoft Windows, Windows components such as Internet Explorer, IIS web server, and products Microsoft SQL Server, and Microsoft Office macro settings. Security updates are determined by the current version of MBSA using the Windows Update Agent present on Windows computers since Windows 2000 Service Pack 3. The less-secure settings, often called Vulnerability Assessment (VA) checks, are assessed based on a hard-coded set of registry and file checks. An example of a VA might be that permissions for one of the directories in the /www/root folder of IIS could be set at too low a level, allowing unwanted modification of files from outsiders. MBSA was written by Mark Shavlik working in partnership with Microsoft.

<span class="mw-page-title-main">Ivanti</span> American IT software company

Ivanti is an IT software company headquartered in South Jordan, Utah, United States. It produces software for IT Security, IT Service Management, IT Asset Management, Unified Endpoint Management, Identity Management and supply chain management. It was formed in January 2017 with the merger of LANDESK and HEAT Software, and later acquired Cherwell Software. The company became more widely known after several major security incidents related to the VPN hardware it sells.

System Center Virtual Machine Manager (SCVMM) forms part of Microsoft's System Center line of virtual machine management and reporting tools, alongside previously established tools such as System Center Operations Manager and System Center Configuration Manager. SCVMM is designed for management of large numbers of Virtual Servers based on Microsoft Virtual Server and Hyper-V, and was released for enterprise customers in October 2007. A standalone version for small and medium business customers is available.

Ericom Software, Inc. is a Closter, New Jersey–based company that provides web isolation and remote application access software to businesses.

VHD and its successor VHDX are file formats representing a virtual hard disk drive (HDD). They may contain what is found on a physical HDD, such as disk partitions and a file system, which in turn can contain files and folders. They are typically used as the hard disk of a virtual machine, are built into modern versions of Windows, and are the native file format for Microsoft's hypervisor, Hyper-V.

<span class="mw-page-title-main">WaveMaker</span> Low-code programming platform

WaveMaker is a Java-based low-code development platform designed for building software applications and platforms. The company, WaveMaker Inc., is based in Mountain View, California. The platform is intended to assist enterprises in speeding up their application development and IT modernization initiatives through low-code capabilities. Additionally, for independent software vendors (ISVs), WaveMaker serves as a customizable low-code component that integrates into their products.

HP ConvergedSystem is a portfolio of system-based products from Hewlett-Packard (HP) that integrates preconfigured IT components into systems for virtualization, cloud computing, big data, collaboration, converged management, and client virtualization. Composed of servers, storage, networking, and integrated software and services, the systems are designed to address the cost and complexity of data center operations and maintenance by pulling the IT components together into a single resource pool so they are easier to manage and faster to deploy. Where previously it would take three to six months from the time of order to get a system up and running, it now reportedly takes as few as 20 days with the HP ConvergedSystem.

Citrix Virtual Apps is an application virtualization software produced by Citrix Systems that allows Windows applications to be accessed via individual devices from a shared server or cloud system.

<span class="mw-page-title-main">MSP360</span> Application service provider

MSP360, formerly CloudBerry Lab, is a software and application service provider company that develops online backup, remote desktop and file management products integrated with more than 20 cloud storage providers.

LPAR2RRD is an open-source software tool that is used for monitoring and reporting performance of servers, clouds and databases. It is developed by the Czech company XoruX.

References

  1. InformationWeek Five Questions For Mark Shavlik, CEO of Shavlik Technologies
  2. LANDesk Acquires Shavlik from VMware Official Announcement
  3. Distribution, Robinson (2017-03-28). "Shavlik is now Ivanti". ITWeb Technology News. Retrieved 2018-01-02.
  4. HFNetChk: Microsoft's New Hotfix Tool News Coverage
  5. SQL Slammer: Hot it Works and How to Prevent It News Coverage
  6. Shavlik Products Page Company Website
  7. ServerWatch Windows Patch Management, Shavlik Technologies
  8. Info Security Products Guide Helping Organizations Stay Ahead of Security Breaches and Challenges
  9. Gartner Blog Post, May 6, 2013 Patch Management Not a Solved Problem
  10. Satellite Spotlight, April 15, 2010 Shavlik Technologies Joins Microsoft System Center Alliance
  11. "Microsoft describes software plus services". InfoWorld. 26 July 2007. Retrieved 7 February 2017.
  12. VMware to Acquire Shavlik Technologies, May 16, 2011 Official VMware Release
  13. Bloodiest Tech Industry Layoffs of 2013 So Far Archived 2014-02-04 at the Wayback Machine News Coverage
  14. VMware Announces Mass Layoffs After Positive Earnings Report News Coverage
  15. LANDesk Acquires Shavlik from VMware, April 9, 2013 Official LANDesk Release
  16. Shavlik is now Ivanti, March 28, 2017 Press Release reported in ITWeb
  17. Realize value in minutes, not months ivanti company page

Further reading

  1. Battening the patches: Shavlik Technologies of Roseville has built a niche as one of the nation's leading testers and managers of computer security... Star Tribune, Minneapolis, MN, February 15, 2009
  2. Microsoft Patch Tuesday Brings Four Fixes For Eight Flaws Information Week: February 10, 2009
  3. Relying on Microsoft's WSUS patch management is 'almost negligent' SC Magazine: February 6, 2009
  4. Shavlik Technologies Optimizer Series Doing Its Part for the Economy! Business Wire: February 5, 2009
  5. Microsoft Plans To Fix UAC Security in Windows 7 RC Redmond Magazine: February 5, 2009
  6. Shavlik Technologies Named Finalist for Two Prestigious SC Magazine Awards Reuters: January 7, 2009
  7. LANDesk Acquires VMware Protect Product Family LANDesk: April 9, 2013
  8. 2014 ivanti history
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.