Today marks the release of SVM 2019 R3 (for cloud, the on-prem edition will be updated next week) which has some new capabilities I think you’ll really appreciate! It includes the new Vendor Patch Module, documented APIs, as well as agent and smart group enhancements. The Vendor Patch Module is a new optional feature of SVM 2019 that provides over a thousand out-of-the-box patches as well as details to help you easily create over a thousand others. API Support is now documented allowing you to integrate SVM 2019 with other systems and processes as well as to pull data for the creation of custom reports.  A signed version of the SVM agent is now available. The standard agent downloads are still available which inject a token to match the agent to your account. This is simple to use but breaks our ability to sign the agent. For those that wish to use a signed version of the agent, a separate download is now provided for which you can specify your account token via an INI file or registry entry (see documentation for details). CVSS scores have been added as available criteria when creating new Product or Advisory based smart groups. This way, you can focus on specific ranges of products and advisories based on criticality. You’ll also notice the SVM login screen looks different—this was introduced for some consistency between products. For more details on SVM 2019 R3, please see the release notes. For more details on the Vendor Patch Module, see this blog post.  ... View more

As you see what this is and what’s gone into it, I think you’ll quickly appreciate that this is the result of a very large effort by a lot of people. It took a very long time to bring it to you—I am appropriately excited to finally unveil it to you! SVM takes software patch management far beyond that of a simple patch catalog. It provides integrated vulnerability research by our Secunia Research team, assesses where vulnerable software is found and provides you with easy-to-leverage insights for prioritizing remediation efforts. It also provides patches so you can more quickly remediate popular applications by publishing updates via WSUS or SCCM. Our patches are wrapped in scripts that provide consistency and customization options. They can also handle edge cases where the vendor update may not behave as expected. To offer such patches, many criteria needed to be met, including the need for the set up to be freely distributable, silently installable and to behave as reliably as expected. Additionally, SVM is all about addressing software vulnerabilities, so we only created patches when a known security vulnerability would be addressed. Organizations spend way too much time creating deployment packages to update software, and see a patch catalog as a way to offset some percentage of that effort. SVM offers far more patch management capabilities than any patch catalog ever could. However, choosing SVM for all its insights and capabilities should not mean compromising on accessing a large number of time-saving patches. Today, with the release of the Vendor Patch Module, SVM can now provide over a thousand patches out of the box, as well as details on more than a thousand others to help you create even more patches faster. With awareness of so many vulnerabilities (thanks to Software Vulnerability Manager) and so many patches at your disposal (thanks to the Vendor Patch Module) you are likely to quickly appreciate the need for intelligent prioritization. Some environment-specific testing is still required, and so you must resist just publishing huge numbers of patches, and prioritize appropriately to patch responsibly. SVM helps you to prioritize by prevalence (how many affected devices are out there), by criticality (the seriousness of a vulnerability), by affected assets (it is common to prioritize some groups of devices over others), and finally, by our new threat score. A threat score is a 0-99 value illustrating the likelihood the vulnerability is being exploited. Threat Intelligence introduces a new level of insight in prioritization. Most exploited vulnerabilities see a CVSS score between 4 and 7 which would make them outside a typical prioritization that focused on criticality alone. In fact, if you look at the top 20 biggest software vendors, they only represent about 20% of last year's exploited vulnerabilities. SVM with the Threat Intelligence Module and the new Vendor Patch Module work great together by helping you to better prioritize the many patches now at your disposal. And to that end, there is a promotion on now for the first 100 customers who purchase the Vendor Patch Module: We will provide a free year of the Threat Intelligence Module. Contact your customer support manager or sales representative today to take advantage or contact us here . Resources Webinar Registration Datasheet List of Patches Included Documentation ... View more

UPDATE 8/17/2019: The move to AWS is complete! As a result of this move, we have changed the SSL certificates of   https://csi7.secunia.com. The certificate chain is different and the Certificate revocation list (CRL) distribution points have changed as well with the new certificates. If you with to whitelist the URLs explicitly on your proxy and firewall, then we recommend the list documented here. UPDATE 8/1/2019: We are planning to move from our Copenhagen-based data center to Amazon Web Services (AWS) in Ireland for increased security, performance and stability. We remain on schedule and will make this change on August 16th. The URL is not changing, so this should not impact most users. However, if you are using a static IP address to reference this server, or to whitelist access to the server, it is important that you update such to refer to the server by name instead. We are moving to Dynamic DNS for increased reliability going forward which necessitates the need to use names instead of IP addresses from this point forward. On August 17th you are encouraged to refresh any IP/Name DNS cache entries you may have on your end to expire any stale DNS pointers. Scheduled Times PDT: August 16th 03:00 pm - August 18 10:00 am UTC: August 16th 22:00 pm - August 18 17:00 pm AEST: August 17th 8:00 am - August 19th 3:00 am For up to the minute status of availability, click here.    Original Message: Some good news for our SVM Cloud customers: we are planning to move from our Copenhagen-based data center to Amazon Web Services (AWS) in Ireland for increased security, performance and stability. Our tentative plan is to make this move between August 16 - 18 and may result in a temporary outage while necessary updates are propagated.  We will communicate again closer to the actual move with more details and optional measures you may wish to take, but you should not need to take any action (the URL used to log in will not change). If you have any questions or concerns, please contact support or reply here.  ... View more