IT Visibility users will notice a new root-level menu item, “Vulnerabilities,” is now available. This is the first of multiple planned steps to ease access to Flexera’s rich software vulnerability research content. Software Vulnerability Research (SVR) provides rapid awareness of new software vulnerabilities associated with desired software vendors and titles. Our rich security advisories provide valuable details to help you understand, prioritize, and remediate software security updates. In addition to accessing this data within SVR, we are planning to provide this research data via a Software Vulnerability Enrichment Pack soon, which will add software vulnerability references to further enrich your software inventory in IT Visibility. Watch this space for updates. Below is a quick review of some of the ways you can (and will soon) be able to leverage Flexera’s software vulnerability research data. Software Vulnerability Research Flexera’s Secunia Research team has been authoring valuable software vulnerability advisories for decades covering a wide range of platforms. SVR is a SaaS based solution aimed at helping ensure prompt, appropriate awareness of software vulnerabilities. One can create a ticket (internally or in an external ITSM solution like ServiceNow or Remedy) or send an email or text message to the appropriate personnel based on a manually defined “watch list.” In the future, we intend to offer the ability to create a watch list based on your IT Visibility inventory. Click here to learn more about SVR. Software Vulnerability Enrichment Pack Within IT Visibility, it will be possible to enjoy these valuable software vulnerability insights in conjunction with existing inventory data, end-of-life dates, and business service context. Because the level of version granularity associated with inventory data is not always sufficient to definitively declare an installed version secure or insecure, matched items are to be considered potentially vulnerable and worthy of further investigation. Watch for the Software Vulnerability Enrichment Pack, coming soon. Software Vulnerability Manager For those looking to assess, prioritize, and remediate software vulnerabilities in their environment, Flexera offers Software Vulnerability Manager (SVM). This solution can definitively identify specific vulnerable versions of software on your endpoints and provide the data necessary to prioritize those in need of attention. SVM can then automatically (or manually) remediate vulnerable software by publishing vendor patches to established endpoint management solutions like Intune, ConfigMan, Workspace One, BigFix, and others. Click here to learn more about SVM. ... View more

Flexera One users will notice the availability of a new root-level menu item, “SBOM Management.” This is the first of multiple planned steps to integrate Revenera’s SBOM capabilities with Flexera One. Why the Software Supply Chain Matters There’s more to modern software than meets the eye. A single software application includes various parts from multiple developers and components from third-party providers—all delivered via different systems from both inside and outside a software vendor’s organization. Net—the software applications you use throughout your enterprise are complex. Vulnerabilities—like Log4j—do happen. Quickly knowing where you might have an issue is critical to ensuring a high level of data security.   SBOM Insights ingests data from a wide range of sources and then unifies all internal and external SBOMs into a single, actionable view.     SBOM Insights for Inventory Management With SBOM Insights, you not only have the ability to identify and record all third-party IP through a complete and accurate SBOM, but to collect your SBOM parts from multiple sources—in various industry formats—in the cloud. This method of cloud inventory management provides full visibility to all third-party components to designated users within your organization. Building software? SBOM Insights creates transparency into the complete makeup of not just the software you use, but also what you build for both your customers and downstream supply chain partners at any time. SBOM Insights creates an active repository—with actionable data—of what’s in ALL your applications. With everything coming from your enterprise catalogued, when the next high-profile vulnerability hits, you have the unified data at your fingertips to quickly uncover your exposure and expediently fix problems in all of the software components coming from inside and outside your organization. Revenera SBOM Insights gives you the ability to manage security and legal risk by maintaining an actionable SBOM in the cloud. Have questions? Reach out to @alexrybak or @kemorton for more. ... View more

The Patch Publisher has come a long way since its initial release and today provides a superior user experience for patching operations. If you have not tried it, we encourage you to do so as we begin plans to retire the older web based admin console.  For those that have not yet made the move to our new web admin console and Patch Publisher interfaces, it is worth noting that with the latest Windows update, the IE browser now redirects to open Edge. SVM customers that wish to use the old web UI should do so using IE Mode, which enables the use of ActiveX.  Edge (Version 110.0.1587.41)  allows switching specific websites to IE mode from Windows Settings, as shown below.   Also See   Flexera SVM and Microsoft Internet Explorer EoSL - Community FAQ Regarding the new SVM User Interface (admin console) ... View more

Not keeping up with patches that are known to negatively impact security risk is nothing short of irresponsible. But learning of impactful vulnerabilities that affect you and being able to patch those in true need of updates is not as easy as it may sound. In a reactive mode driven by the news of the day, this is a losing battle. Log4J and Spring4Shell made plenty of noise in 2022, and 2023 shows no signs of letting up with these old vulnerabilities still associated with patches being released today. Hitting the news just now is yet another old patch that’s been available since early 2021 but is somehow still the vulnerability behind a wave of ransomware attacks affecting ESX Server. Organizations that initially strove to keep everything patched and up to date in order to minimize such risks quickly learn that because of the necessary preparation, testing, and deployment for patches to be deployed safely, the volume of patches being released is too great. Proper software vulnerability management means constantly reviewing what is impacting your environment and responding surgically only to those that actually require attention. In a world where serious vulnerabilities are announced with disturbing frequency, it is important to invest in a solution that is keeping up with not only the threat landscape but also delivering enhancements that serve to help you be more productive in your efforts to stay secure. 2022 was a big year for Flexera’s Software Vulnerability Management solutions. Chief among the big investments customers witnessed in SVM was the evolution of our user experience via an overhaul of our web-based admin interface and the introduction of a new Patch Publisher tool. There were 17 releases throughout the year between SVR, SVM Cloud, and SVM On-prem. Check out just some of the key enhancements below, with links to individual release announcements. As 2022 began, SVM had just reacted quickly to the threat to Log4j by introducing a targeted awareness report that could help identify where it may be hiding on scanned endpoints. Details. An ability to ignore but log specific paths provided customers the ability to control the focus of scans, but not at the expense of being aware of what vulnerable software exists. Details. The new web-based user interface introduced presented not just a facelift but multi-browser support (and an end to the ActiveX dependency of the previous console) by moving restrictive operations like creating and publishing patches to a new Patch Publisher tool.  New UI Details. Patch Publisher Details. While nothing can beat the certainty of a file signature-based scan for vulnerable software, we responded to customer feedback to introduce an alternative, inventory-based assessment to provide a heat map of possible concerns affecting systems not traditionally scanned. Details. We iterated on the new Patch Publisher throughout the year, adding more and more power in a long list of ways, including criteria-driven publishing automation, proxy support, BigFix publishing support, integration with AdminStudio, the ability to publish patches to more than one deployment system simultaneously (eg. InTune and ConfigMgr), and much more. The ability to automatically delete hosts for which the last scanned/check-in time was greater than a specified number of days. The ability to configure scanning of cloud-stored files on Windows and Mac systems to optionally prevent the downloading of cloud-hosted files such as those managed by OneDrive. Keep up with regular updates to SVM and SVR by subscribing to our release blog. ... View more

The first SVR update of the year 2023 is live now; it's a day late to be called our "January" release, but we are planning another update in February, so forgive the one-day discrepancy 😉 Major improvements to the software suggestion process and some minor product enhancements have been introduced with this update. Add Multiple Email Addresses While Suggesting Software You can now add multiple email addresses when suggesting software to be added to SVR. You may optionally include additional team members in the request when suggesting software. Upon completion of your request, an email confirmation will be sent to all email addresses specified, which can improve internal communications by reducing time spent alerting other stakeholders as to the status of software suggestion requests. Updated Process for Software Suggestions In our ongoing efforts to improve response times and increase the value of your investment, we have implemented a new backend process for managing incoming software suggestions. This is part of the continuous improvements we have been making to the software suggestion functionality over the last couple of quarters. The new process significantly improves the way we track the software suggestions thus helping us manage the requests more efficiently. Building on this work, we are to expose estimated response times based on actual activity and backlog load to set realistic expectations for software suggestions in the future. As a reminder, software suggestion guidelines may be found here. Improved Advisory Search A problem addressing searches with several keywords has been addressed. While searching Secunia Advisories using a long text as a keyword would sometimes not returned any results due to backend timeouts. This issue has been resolved with this release. To see the full release notes, click here. ... View more

While we just had a major release of AdminStudio 2022 one month ago today, the team has been hard at work to squeeze in a few new updates before we close out the year. Today AdminStudio has released a service pack  for that R2 release that adds the following improvements: Support for IAM Authentication for FNMS Integration Support for Windows 11 - 22H2 and Windows 10 - 22H2 PowerShell Cmdlets / REST API Enhancement IAM Authentication A new authentication method (IAM) has been introduced to support FNMS/ITAM integrations. Documented here, this update is important to those integrating with FNMS because the AGW authentication gateway will be retired by the end of January 2023. This integration allows for the automated collection of Flexera Identifiers in the FNMS Application Recognition Library (ARL). If you have FNMS or Flexera ITAM and were unaware of this integration, read more here in the AdminStudio documentation. Support for Windows 11 - 22H2 and Windows 10 - 22H2 Always working to keep up with the latest Windows releases, this new update to AdminStudio allows you to test the compatibility of your applications against the latest Windows Operating Systems: Windows 11 22H2 and Windows 10 22H2. PowerShell Cmdlets / REST API Enhancement Two new Cmdlet and Rest API enhancements have been introduced to better leverage the AdminStudio backlog capability. Get-ASGetBacklogRequests and New-ASPackageRequest. Get-ASGetBacklogRequests – Running this returns a list of the package requests present in the AdminStudio backlog so you can display such as part of a custom integration. New-ASPackageRequest – To help you avoid duplicate requests being added to the AdminStudio backlog, a warning message will be returned when a duplicate request is attempted.   For complete release notes, click here. ... View more

A new Patch Publisher Connections view has been added  In an additional move to minimize situations where users must jump between our new web-based admin console and the Patch Publisher, we have introduced a new space where you can view and delete all Patch Publisher and related connections. Find it as a new tab under Patching > Patch Publisher Connections. It is also possible to delete independent connections of the selected Patch Publisher.   An enhanced status column is visible in Software Suggestions  Providing improved communications regarding Software Suggestion requests, the Status column now displays the current status of your software suggestion requests as tracked by our internal processing process.    Full release notes: Software Vulnerability Manager (Cloud Edition) Release Notes (flexera.com)   Note: This update includes other security and backend updates. SVM Patch Publisher was updated to version 7.6, which includes a fix for an issue where a download link may have been presented incorrectly in the SPS wizard (when the view was customized to group products where the patched version and architecture are identical). Additionally, have updated the architecture diagram in the documentation to better reflect recent changes to the solution.  ... View more

  In case you've missed it, we meet every other month for a roundtable discussion on topics surrounding application packaging and deployment. We've covered a variety of topics over the last couple of years and, while it may be good to revisit some of them, we'd love to hear any ideas you may have for future topics. What would you like to hear more about? Please be as specific as possible and ask as many questions as you can think of to drive a content-rich discussion on things you care about. Sign up today and check the box to be reminded of future sessions when you do! ... View more