A new Flexera Community experience is coming on November 18th, click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bkelly
By
Flexera Alumni

As you see what this is and what’s gone into it, I think you’ll quickly appreciate that this is the result of a very large effort by a lot of people. It took a very long time to bring it to you—I am appropriately excited to finally unveil it to you!

SVM takes software patch management far beyond that of a simple patch catalog. It provides integrated vulnerability research by our Secunia Research team, assesses where vulnerable software is found and provides you with easy-to-leverage insights for prioritizing remediation efforts. It also provides patches so you can more quickly remediate popular applications by publishing updates via WSUS or SCCM. Our patches are wrapped in scripts that provide consistency and customization options. They can also handle edge cases where the vendor update may not behave as expected. To offer such patches, many criteria needed to be met, including the need for the set up to be freely distributable, silently installable and to behave as reliably as expected. Additionally, SVM is all about addressing software vulnerabilities, so we only created patches when a known security vulnerability would be addressed.

Organizations spend way too much time creating deployment packages to update software, and see a patch catalog as a way to offset some percentage of that effort. SVM offers far more patch management capabilities than any patch catalog ever could. However, choosing SVM for all its insights and capabilities should not mean compromising on accessing a large number of time-saving patches.

Today, with the release of the Vendor Patch Module, SVM can now provide over a thousand patches out of the box, as well as details on more than a thousand others to help you create even more patches faster.

With awareness of so many vulnerabilities (thanks to Software Vulnerability Manager) and so many patches at your disposal (thanks to the Vendor Patch Module) you are likely to quickly appreciate the need for intelligent prioritization. Some environment-specific testing is still required, and so you must resist just publishing huge numbers of patches, and prioritize appropriately to patch responsibly. SVM helps you to prioritize by prevalence (how many affected devices are out there), by criticality (the seriousness of a vulnerability), by affected assets (it is common to prioritize some groups of devices over others), and finally, by our new threat score. A threat score is a 0-99 value illustrating the likelihood the vulnerability is being exploited.

Threat Intelligence introduces a new level of insight in prioritization. Most exploited vulnerabilities see a CVSS score between 4 and 7 which would make them outside a typical prioritization that focused on criticality alone. In fact, if you look at the top 20 biggest software vendors, they only represent about 20% of last year's exploited vulnerabilities. SVM with the Threat Intelligence Module and the new Vendor Patch Module work great together by helping you to better prioritize the many patches now at your disposal.

And to that end, there is a promotion on now for the first 100 customers who purchase the Vendor Patch Module: We will provide a free year of the Threat Intelligence Module. Contact your customer support manager or sales representative today to take advantage or contact us here.

Resources

(1) Comment