Interested to know if Flexera offers exclusive services/ Tools to identify about the software/Product identified has reached its End of support (EOS) or End of life(EOL)? I know it basically reports the outdated and vulnerable software/components/product used.
Jul 18, 2019 01:31 AM
You have the "Data Platform" capabilities through the BDNA acquisition and the 'Technopedia' content libraries for both Hardware & Software.
That combined with your recognised inventory would provide very good output.
Jul 18, 2019 01:37 AM
Software Vulnerability Manager runs an assessment that identifies applications that are installed on targeted hosts. This information is then compared to our own Secunia Research vulnerability database. If a product has gone EoL due to a new major version being released it will flag the previous version detected as EoL. Our Tech Insights product ( Data Platform) has EoL/EoS data that is not directly attributed to vulnerabilities. By employing both in an environment a user can have robust information about the various statuses ( Insecure, EoL/EoS, Secure) of detected installed applications.
Senior Solution Engineer
Jul 18, 2019 02:30 PM
The End-Of-Life is one of the primary software security states that are used by our SVM/SVR software. As such, Flexera tracks the EOL status for the software products we support in our database. We rely on several sources to identify the EOL states of the supported applications, including the vendor announcements.
In the case of our SVR product, we will display the Secure/Insecure/EOL status of each application you subscribed for within your Asset Lists. The information can be tracked via the web interface or pulled out through the API.
In the case of SVM 2019, each of the applications that have been successfully identified by the SVM scanning engines will be linked to its corresponding current status - Secure/Insecure/EOL.
Again in SVM 2019 one can create a "Smart Group" filter which tracks only EoL status across the entire domain and further enlists summing of all application versions that have been assigned with this status in one view.
Let us know if you need to look deeper into this, or if any follow-up questions arise.
Jul 19, 2019 05:18 AM - edited Jul 19, 2019 05:20 AM
The SVR/SVM are software vulnerability management solutions that focus on the software vulnerabilities on your network. With the SVM 2019, you can perform software inventory of those applications that are present on your systems' hard drives, The EOL status will reflect only on the discovered by SVM 2019 scan applications.
The SVR solution opens up access to all software product versions supported in the SVR database (which is beyond the scope of what you will scan normally) and their EOL/Secure/Insecure statuses. In SVR, you can create Asset lists and evaluate only your apps, or you can do ad-hoc verification of a wider scope of statuses by performing a search against the entire SVR database (in case you haven't subscribed for particular asset list).
The Data Platform product has a wider focus on EOL status identification since it does not only look at the supported vulnerability management application database of the SVR/SVM, but it is more specialized to provide identification of EOL programs, and more comprehensive than the SVR database in that same regard.
Jul 22, 2019 03:30 AM
Is End of Life same as End Of Support in this report? Normally, End of Support date is 3-5 years after End of Life announcement
If an application is flagged as EoL is it possible to get more information on when was the EoL date or the EoS date? I want to understand how critical is when I see an application flagged as EoL, do I have time to plan for an upgrade or do I need to think of an urgent solution?
Jul 21, 2019 06:22 PM - edited Jul 21, 2019 09:06 PM
I will get back to you about your question shortly, please be patient with me until I return an answer.
Jul 22, 2019 03:47 AM
To answer your question quickly, Flexera will continue to track and support the program in question as long as the vendor continues to issue security advisories for their product, and continues to ship security updates.
Programs which enter their official EOL period, but continue to be supported by the vendor through EOS/ELS agreements, will normally receive attention by the vendor who will normally issue security reports and patches. In such occasions, Flexera will also continue to support the product in question and will mark it End-Of-Life only when the vendor stops issuing security advisories and security patches altogether - full stop on supporting it.
I hope this information answers your question.
Jul 29, 2019 03:18 AM
Thanks @RDanailov for your response
So the EoL indicates that product is already reached the end of EoL period and not supported by the Vendor, correct? any product tagged as EoL needs to be review for upgrade quickly
Is there any way to get the End of Support date in this report or in other report of SVM? or information on the End of Life date to flag this asset at risk and actions can be done before reaches End of Support?
Aug 01, 2019 06:58 PM - edited Aug 01, 2019 06:58 PM
SVM provides EOL status and not dates at this time. There is an Advisory Published date you can sort on if you are trying to determine age. As we work to unify the back end data between our various products our goal is to not only reduce the need for different agents but to unlock the ability to leverage data between offerings (in this case to expose EOL dates from Data Platform which were outside the scope of our original security data for SVM).
Aug 02, 2019 07:02 AM