Mar 02, 2023
08:48 AM
2 Kudos
No, there is no SLA, but we will work as quickly as possible to address new requests. If requests meet the criteria above, they are typically added within three business days, but this is not a contractual commitment; there are times when we must work with the vendor and are subject to how responsive they are to requests.
We have been, and will continue to, speed up our processing of released vendor patch updates, which will have a direct impact on the availability of newly added software as well.
... View more
Mar 01, 2023
03:38 PM
IT Visibility users will notice a new root-level menu item, “Vulnerabilities,” is now available. This is the first of multiple planned steps to ease access to Flexera’s rich software vulnerability research content.
Software Vulnerability Research (SVR) provides rapid awareness of new software vulnerabilities associated with desired software vendors and titles. Our rich security advisories provide valuable details to help you understand, prioritize, and remediate software security updates.
In addition to accessing this data within SVR, we are planning to provide this research data via a Software Vulnerability Enrichment Pack soon, which will add software vulnerability references to further enrich your software inventory in IT Visibility. Watch this space for updates.
Below is a quick review of some of the ways you can (and will soon) be able to leverage Flexera’s software vulnerability research data.
Software Vulnerability Research
Flexera’s Secunia Research team has been authoring valuable software vulnerability advisories for decades covering a wide range of platforms. SVR is a SaaS based solution aimed at helping ensure prompt, appropriate awareness of software vulnerabilities. One can create a ticket (internally or in an external ITSM solution like ServiceNow or Remedy) or send an email or text message to the appropriate personnel based on a manually defined “watch list.” In the future, we intend to offer the ability to create a watch list based on your IT Visibility inventory. Click here to learn more about SVR.
Software Vulnerability Enrichment Pack
Within IT Visibility, it will be possible to enjoy these valuable software vulnerability insights in conjunction with existing inventory data, end-of-life dates, and business service context. Because the level of version granularity associated with inventory data is not always sufficient to definitively declare an installed version secure or insecure, matched items are to be considered potentially vulnerable and worthy of further investigation. Watch for the Software Vulnerability Enrichment Pack, coming soon.
Software Vulnerability Manager
For those looking to assess, prioritize, and remediate software vulnerabilities in their environment, Flexera offers Software Vulnerability Manager (SVM). This solution can definitively identify specific vulnerable versions of software on your endpoints and provide the data necessary to prioritize those in need of attention. SVM can then automatically (or manually) remediate vulnerable software by publishing vendor patches to established endpoint management solutions like Intune, ConfigMan, Workspace One, BigFix, and others. Click here to learn more about SVM.
... View more
Labels
Feb 28, 2023
08:00 PM
2 Kudos
SBOM = Software Bill of Materials. Essentially the components that comprise any given software offering. These components within your software may have security and licensing implications. A more thorough explanation can be found here. A FAQ on SBOM Insights offers more here.
... View more
Feb 28, 2023
02:21 PM
1 Kudo
Unfortunately, this is how the vendor chose to provide the setup, which is not unusual. Sometimes MSI packages are provided in self-extracting executables too. In this case, the zip file delivery ensures their README document is available alongside the MSI setup. I'm afraid we do not have any current plans to manipulate the packages vendors provide, as there are varying degrees of risk to doing so.
... View more
Feb 28, 2023
10:47 AM
3 Kudos
Flexera One users will notice the availability of a new root-level menu item, “SBOM Management.” This is the first of multiple planned steps to integrate Revenera’s SBOM capabilities with Flexera One.
Why the Software Supply Chain Matters
There’s more to modern software than meets the eye. A single software application includes various parts from multiple developers and components from third-party providers—all delivered via different systems from both inside and outside a software vendor’s organization. Net—the software applications you use throughout your enterprise are complex.
Vulnerabilities—like Log4j—do happen. Quickly knowing where you might have an issue is critical to ensuring a high level of data security.
SBOM Insights ingests data from a wide range of sources and then unifies all internal and external SBOMs into a single, actionable view.
SBOM Insights for Inventory Management
With SBOM Insights, you not only have the ability to identify and record all third-party IP through a complete and accurate SBOM, but to collect your SBOM parts from multiple sources—in various industry formats—in the cloud. This method of cloud inventory management provides full visibility to all third-party components to designated users within your organization.
Building software? SBOM Insights creates transparency into the complete makeup of not just the software you use, but also what you build for both your customers and downstream supply chain partners at any time.
SBOM Insights creates an active repository—with actionable data—of what’s in ALL your applications. With everything coming from your enterprise catalogued, when the next high-profile vulnerability hits, you have the unified data at your fingertips to quickly uncover your exposure and expediently fix problems in all of the software components coming from inside and outside your organization.
Revenera SBOM Insights gives you the ability to manage security and legal risk by maintaining an actionable SBOM in the cloud.
Have questions? Reach out to @alexrybak or @kemorton for more.
... View more
Labels
Feb 15, 2023
07:52 AM
2 Kudos
The Patch Publisher has come a long way since its initial release and today provides a superior user experience for patching operations. If you have not tried it, we encourage you to do so as we begin plans to retire the older web based admin console.
For those that have not yet made the move to our new web admin console and Patch Publisher interfaces, it is worth noting that with the latest Windows update, the IE browser now redirects to open Edge. SVM customers that wish to use the old web UI should do so using IE Mode, which enables the use of ActiveX.
Edge (Version 110.0.1587.41) allows switching specific websites to IE mode from Windows Settings, as shown below.
Also See
Flexera SVM and Microsoft Internet Explorer EoSL - Community
FAQ Regarding the new SVM User Interface (admin console)
... View more
Feb 06, 2023
10:44 AM
4 Kudos
Not keeping up with patches that are known to negatively impact security risk is nothing short of irresponsible. But learning of impactful vulnerabilities that affect you and being able to patch those in true need of updates is not as easy as it may sound. In a reactive mode driven by the news of the day, this is a losing battle.
Log4J and Spring4Shell made plenty of noise in 2022, and 2023 shows no signs of letting up with these old vulnerabilities still associated with patches being released today. Hitting the news just now is yet another old patch that’s been available since early 2021 but is somehow still the vulnerability behind a wave of ransomware attacks affecting ESX Server.
Organizations that initially strove to keep everything patched and up to date in order to minimize such risks quickly learn that because of the necessary preparation, testing, and deployment for patches to be deployed safely, the volume of patches being released is too great. Proper software vulnerability management means constantly reviewing what is impacting your environment and responding surgically only to those that actually require attention.
In a world where serious vulnerabilities are announced with disturbing frequency, it is important to invest in a solution that is keeping up with not only the threat landscape but also delivering enhancements that serve to help you be more productive in your efforts to stay secure.
2022 was a big year for Flexera’s Software Vulnerability Management solutions. Chief among the big investments customers witnessed in SVM was the evolution of our user experience via an overhaul of our web-based admin interface and the introduction of a new Patch Publisher tool. There were 17 releases throughout the year between SVR, SVM Cloud, and SVM On-prem. Check out just some of the key enhancements below, with links to individual release announcements.
As 2022 began, SVM had just reacted quickly to the threat to Log4j by introducing a targeted awareness report that could help identify where it may be hiding on scanned endpoints. Details.
An ability to ignore but log specific paths provided customers the ability to control the focus of scans, but not at the expense of being aware of what vulnerable software exists. Details.
The new web-based user interface introduced presented not just a facelift but multi-browser support (and an end to the ActiveX dependency of the previous console) by moving restrictive operations like creating and publishing patches to a new Patch Publisher tool. New UI Details. Patch Publisher Details.
While nothing can beat the certainty of a file signature-based scan for vulnerable software, we responded to customer feedback to introduce an alternative, inventory-based assessment to provide a heat map of possible concerns affecting systems not traditionally scanned. Details.
We iterated on the new Patch Publisher throughout the year, adding more and more power in a long list of ways, including criteria-driven publishing automation, proxy support, BigFix publishing support, integration with AdminStudio, the ability to publish patches to more than one deployment system simultaneously (eg. InTune and ConfigMgr), and much more.
The ability to automatically delete hosts for which the last scanned/check-in time was greater than a specified number of days.
The ability to configure scanning of cloud-stored files on Windows and Mac systems to optionally prevent the downloading of cloud-hosted files such as those managed by OneDrive.
Keep up with regular updates to SVM and SVR by subscribing to our release blog.
... View more
Feb 01, 2023
03:32 PM
The first SVR update of the year 2023 is live now; it's a day late to be called our "January" release, but we are planning another update in February, so forgive the one-day discrepancy 😉
Major improvements to the software suggestion process and some minor product enhancements have been introduced with this update.
Add Multiple Email Addresses While Suggesting Software
You can now add multiple email addresses when suggesting software to be added to SVR. You may optionally include additional team members in the request when suggesting software. Upon completion of your request, an email confirmation will be sent to all email addresses specified, which can improve internal communications by reducing time spent alerting other stakeholders as to the status of software suggestion requests.
Updated Process for Software Suggestions
In our ongoing efforts to improve response times and increase the value of your investment, we have implemented a new backend process for managing incoming software suggestions. This is part of the continuous improvements we have been making to the software suggestion functionality over the last couple of quarters. The new process significantly improves the way we track the software suggestions thus helping us manage the requests more efficiently. Building on this work, we are to expose estimated response times based on actual activity and backlog load to set realistic expectations for software suggestions in the future.
As a reminder, software suggestion guidelines may be found here.
Improved Advisory Search
A problem addressing searches with several keywords has been addressed. While searching Secunia Advisories using a long text as a keyword would sometimes not returned any results due to backend timeouts. This issue has been resolved with this release.
To see the full release notes, click here.
... View more
Jan 26, 2023
08:52 AM
Yes, you can suggest new software to be covered from within the SVM Patch Publisher interface: Suggest Software (flexera.com)
... View more
Jan 11, 2023
08:32 AM
Understood. We can discuss this on our call. I only mean to point out that the ability to run our scanner and an operating system being EOL are two different things.
... View more
Jan 11, 2023
08:10 AM
1 Kudo
We don't publish a public roadmap, but I'd be very happy to set up a call to discuss. I'll contact you directly about this.
For your specific example, we won't be dropping support from a scanning perspective, so we can continue to report EOL versions of Windows as EOL. I don't foresee a technical reason we should need to drop support for older versions of the supported operating systems listed above.
... View more
Jan 11, 2023
07:56 AM
2 Kudos
Great response, James. Just a couple of things to add and clarify:
While the Linux scanner may run on more than just RHEL, we are only doing the research required for scans to have value on REHL, so it does not make sense to run it on unsupported versions. It is a significant investment for us to add more flavors of Linux due to the cost of the data burden that comes with it. That said, we are measuring such demand in Ideas, so please vote on further support there.
Also, we are working on RHEL v9 support now, and I anticipate we should be able to release such support this month (January 2023).
... View more
Dec 15, 2022
03:05 PM
2 Kudos
While we just had a major release of AdminStudio 2022 one month ago today, the team has been hard at work to squeeze in a few new updates before we close out the year. Today AdminStudio has released a service pack for that R2 release that adds the following improvements:
Support for IAM Authentication for FNMS Integration
Support for Windows 11 - 22H2 and Windows 10 - 22H2
PowerShell Cmdlets / REST API Enhancement
IAM Authentication
A new authentication method (IAM) has been introduced to support FNMS/ITAM integrations. Documented here, this update is important to those integrating with FNMS because the AGW authentication gateway will be retired by the end of January 2023. This integration allows for the automated collection of Flexera Identifiers in the FNMS Application Recognition Library (ARL). If you have FNMS or Flexera ITAM and were unaware of this integration, read more here in the AdminStudio documentation.
Support for Windows 11 - 22H2 and Windows 10 - 22H2
Always working to keep up with the latest Windows releases, this new update to AdminStudio allows you to test the compatibility of your applications against the latest Windows Operating Systems: Windows 11 22H2 and Windows 10 22H2.
PowerShell Cmdlets / REST API Enhancement
Two new Cmdlet and Rest API enhancements have been introduced to better leverage the AdminStudio backlog capability. Get-ASGetBacklogRequests and New-ASPackageRequest.
Get-ASGetBacklogRequests – Running this returns a list of the package requests present in the AdminStudio backlog so you can display such as part of a custom integration.
New-ASPackageRequest – To help you avoid duplicate requests being added to the AdminStudio backlog, a warning message will be returned when a duplicate request is attempted.
For complete release notes, click here.
... View more
Dec 14, 2022
03:01 PM
A new Patch Publisher Connections view has been added
In an additional move to minimize situations where users must jump between our new web-based admin console and the Patch Publisher, we have introduced a new space where you can view and delete all Patch Publisher and related connections. Find it as a new tab under Patching > Patch Publisher Connections. It is also possible to delete independent connections of the selected Patch Publisher.
An enhanced status column is visible in Software Suggestions
Providing improved communications regarding Software Suggestion requests, the Status column now displays the current status of your software suggestion requests as tracked by our internal processing process.
Full release notes: Software Vulnerability Manager (Cloud Edition) Release Notes (flexera.com)
Note: This update includes other security and backend updates. SVM Patch Publisher was updated to version 7.6, which includes a fix for an issue where a download link may have been presented incorrectly in the SPS wizard (when the view was customized to group products where the patched version and architecture are identical). Additionally, have updated the architecture diagram in the documentation to better reflect recent changes to the solution.
... View more
Oct 25, 2022
01:30 PM
1 Kudo
In case you've missed it, we meet every other month for a roundtable discussion on topics surrounding application packaging and deployment. We've covered a variety of topics over the last couple of years and, while it may be good to revisit some of them, we'd love to hear any ideas you may have for future topics. What would you like to hear more about? Please be as specific as possible and ask as many questions as you can think of to drive a content-rich discussion on things you care about.
Sign up today and check the box to be reminded of future sessions when you do!
... View more
About
Founder of ITNinja (formerly AppDeploy), author, Microsoft MVP and regular speaker on topics related to application and desktop management and security. Check out a portfolio of my work at https://www.bkelly.com
Director, Product Management
Charlotte, NC
Latest posts by bkelly
Subject | Views | Posted |
---|---|---|
119 | Mar 02, 2023 08:48 AM | |
242 | Mar 01, 2023 03:38 PM | |
452 | Feb 28, 2023 08:00 PM | |
217 | Feb 28, 2023 02:21 PM | |
723 | Feb 28, 2023 10:47 AM | |
342 | Feb 15, 2023 07:52 AM | |
345 | Feb 06, 2023 10:44 AM | |
326 | Feb 01, 2023 03:32 PM | |
346 | Jan 26, 2023 08:52 AM | |
692 | Jan 11, 2023 08:32 AM |
Activity Feed
- Got a Kudo for New SBOM Management in Flexera One. Mar 09, 2023 01:01 PM
- Got a Kudo for Re: New SBOM Management in Flexera One. Mar 09, 2023 10:01 AM
- Got a Kudo for New SBOM Management in Flexera One. Mar 09, 2023 09:37 AM
- Got a Kudo for Re: Requesting Additions to the Package Feed Module. Mar 02, 2023 08:49 AM
- Got a Kudo for Re: Requesting Additions to the Package Feed Module. Mar 02, 2023 08:49 AM
- Posted Re: Requesting Additions to the Package Feed Module on AdminStudio Blog. Mar 02, 2023 08:48 AM
- Got a Kudo for Requesting Additions to the Package Feed Module. Mar 01, 2023 11:00 PM
- Posted New Vulnerabilities Menu in IT Flexera One on Flexera One Blog. Mar 01, 2023 03:38 PM
- Got a Kudo for New SBOM Management in Flexera One. Feb 28, 2023 09:46 PM
- Got a Kudo for Re: New SBOM Management in Flexera One. Feb 28, 2023 08:08 PM
- Posted Re: New SBOM Management in Flexera One on Flexera One Blog. Feb 28, 2023 08:00 PM
- Got a Kudo for Re: Package Feed Module - PostgreSQL ODBC (x64) v13.02.0000 source binaries. Feb 28, 2023 07:14 PM
- Posted Re: Package Feed Module - PostgreSQL ODBC (x64) v13.02.0000 source binaries on AdminStudio Forum. Feb 28, 2023 02:21 PM
- Posted New SBOM Management in Flexera One on Flexera One Blog. Feb 28, 2023 10:47 AM
- Got a Kudo for Still Using SVM's Older Web UI?. Feb 21, 2023 04:23 AM
- Got a Kudo for Still Using SVM's Older Web UI?. Feb 15, 2023 07:58 AM
- Posted Still Using SVM's Older Web UI? on Software Vulnerability Management Blog. Feb 15, 2023 07:52 AM
- Got a Kudo for The Critical and Evolving Demands of Software Vulnerability Management. Feb 07, 2023 09:27 AM
- Got a Kudo for The Critical and Evolving Demands of Software Vulnerability Management. Feb 06, 2023 07:09 PM
- Got a Kudo for The Critical and Evolving Demands of Software Vulnerability Management. Feb 06, 2023 11:54 AM