A new Flexera Community experience is coming on November 18th, click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does Flexera offers services/Solutions to identify the End of Life or End of Support

Interested to know if Flexera offers exclusive services/ Tools to identify about the software/Product identified has reached its End of support (EOS) or End of life(EOL)? I know it basically  reports the outdated and vulnerable software/components/product used. 

 

 

(13) Replies

You have the "Data Platform" capabilities through the BDNA acquisition and the 'Technopedia' content libraries for both Hardware & Software.

That combined with your recognised inventory would provide very good output.

Regards, Jens

Thanks for the insight. Could you guide where to download the 'Data Plaform' Trial. Do you think I can access the asset catalogue to download with EOL and EOS. I'm inclined to know the process.

You would need to get in touch with your account team in order to trial it first in PoC.

Jens

dhudak42
By Level 3 Flexeran
Level 3 Flexeran

Hello,

 

Software Vulnerability Manager runs an assessment that identifies applications that are installed on targeted hosts. This information is then compared to our own Secunia Research vulnerability database. If a product has gone EoL due to a new major version being released it will flag the previous version detected as EoL. Our Tech Insights product ( Data Platform) has EoL/EoS data that is not directly attributed to vulnerabilities. By employing both in an environment a user can have robust information about the various statuses ( Insecure, EoL/EoS, Secure) of detected installed applications. 

 

Best Regards,

Dylan Hudak

Senior Solution Engineer

RDanailov
By Level 7 Flexeran
Level 7 Flexeran

Hi, 

The End-Of-Life is one of the primary software security states that are used by our SVM/SVR software. As such, Flexera tracks the EOL status for the software products we support in our database. We rely on several sources to identify the EOL states of the supported applications, including the vendor announcements. 

In the case of our SVR product, we will display the Secure/Insecure/EOL status of each application you subscribed for within your Asset Lists. The information can be tracked via the web interface or pulled out through the API. 

EOL Status provided.PNG

In the case of SVM 2019, each of the applications that have been successfully identified by the SVM scanning engines will be linked to its corresponding current status - Secure/Insecure/EOL. 

SVM 2019 EOL example.PNG

Again in SVM 2019 one can create a "Smart Group" filter which tracks only EoL status across the entire domain and further enlists summing of all application versions that have been assigned with this status in one view. 

SVM 2019 EOL example Smart Groups.PNG

Let us know if you need to look deeper into this, or if any follow-up questions arise. 


Regards,
Rosen
"To understand where a system breaks, one should think like the person who built it"
Thank you for the details. How
Data Platform product is different from this SVM/SVR? Wondering, if we can get access to the API details

Hi @VAicon,

The SVR/SVM are software vulnerability management solutions that focus on the software vulnerabilities on your network. With the SVM 2019, you can perform software inventory of those applications that are present on your systems' hard drives, The EOL status will reflect only on the discovered by SVM 2019 scan applications. 

The SVR solution opens up access to all software product versions supported in the SVR database (which is beyond the scope of what you will scan normally) and their EOL/Secure/Insecure statuses. In SVR, you can create Asset lists and evaluate only your apps, or you can do ad-hoc verification of a wider scope of statuses by performing a search against the entire SVR database (in case you haven't subscribed for particular asset list). 

The Data Platform product has a wider focus on EOL status identification since it does not only look at the supported vulnerability management application database of the SVR/SVM, but it is more specialized to provide identification of EOL programs, and more comprehensive than the SVR database in that same regard. 

 

Regards,
Rosen
"To understand where a system breaks, one should think like the person who built it"

Hi

Is End of Life same as End Of Support in this report? Normally, End of Support date is 3-5 years after End of Life announcement

If an application is flagged as EoL is it possible to get more information on when was the EoL date or the EoS date? I want to understand how critical is when I see an application flagged as EoL, do I have time to plan for an upgrade or do I need to think of an urgent solution?

Thanks

 

Hi @digmoca

I will get back to you about your question shortly, please be patient with me until I return an answer. 

Thank you!

Regards,
Rosen
"To understand where a system breaks, one should think like the person who built it"

Hi @digmoca,

To answer your question quickly, Flexera will continue to track and support the program in question as long as the vendor continues to issue security advisories for their product, and continues to ship security updates.

Programs which enter their official EOL period, but continue to be supported by the vendor through EOS/ELS agreements, will normally receive attention by the vendor who will normally issue security reports and patches. In such occasions, Flexera will also continue to support the product in question and will mark it End-Of-Life only when the vendor stops issuing security advisories and security patches altogether - full stop on supporting it. 

I hope this information answers your question. 

Regards,
Rosen
"To understand where a system breaks, one should think like the person who built it"

Thanks @RDanailov  for your response

So the EoL indicates that product is already reached the end of  EoL period and not supported by the Vendor, correct? any product tagged as EoL needs to be review for upgrade quickly

Is there any way to get the End of Support date in this report or in other report of SVM? or information on the End of Life date to flag this asset at risk and actions can be done before reaches End of Support?

Thanks

SVM provides EOL status and not dates at this time. There is an Advisory Published date you can sort on if you are trying to determine age. As we work to unify the back end data between our various products our goal is to not only reduce the need for different agents but to unlock the ability to leverage data between offerings (in this case to expose EOL dates from Data Platform which were outside the scope of our original security data for SVM). 

I'm happy to get you in touch with our solutions expert - he can answer your questions and tell you about the process. I will reach out shortly by email to set that up.