FISMA News

New Aberdeen Research Backs Shavlik's Approach to Managing Vulnerabilities & Threats to IT Infrastructure

Shavlik Technologies, the market leader in delivering software solutions that rapidly accelerate and continuously improve security and compliance readiness, today announced it is making a new research report on Vulnerability and Threat Management developed by the Aberdeen Group available for its customers, partners and organizations seeking detailed insight into “best of breed” solutions for their own IT organization and corporate enterprise.  The report’s conclusions mirror the experience of Shavlik customers who effectively manage and resolve vulnerability and threats on Internet-facing corporate networks using the Shavlik Security Suite.

The new report, from Aberdeen, a Harte-Hanks Company (NYSE:HHS), is titled “Vulnerability Management: Assess, Prioritize, Remediate, Repeat.” The report documents companies who gain a 91 percent return on investment by using best-in-class technology and practices to manage computer vulnerabilities. While keeping up with vulnerabilities and threats typically accounts for more than 15 percent of an organization’s IT budget, the top performers in the Aberdeen report are managing vulnerabilities more effectively and at a lower total cost. These organizations recognize that increased investment in automating and simplifying the vulnerability management lifecycle represents a significant opportunity to reduce costs associated with this essential function.

“The Aberdeen report confirms what Shavlik’s customers already know – that critical tasks such as vulnerability assessment, patch management, and configuration management continue to be complex and time-consuming. Essentially, if security management is too difficult and resource intensive, it doesn’t get done and therefore  the organization is ultimately putting their network at risk Leading organizations understand that there is value in investing in technologies to automate  these complicated and resource intensive tasks,” said Mark Shavlik, president and CEO, Shavlik Technologies.  Our customers continue to validate that the Shavlik Security Suite provides a single, easy to manage solution for automating the vulnerability management lifecycle, resulting in stronger security, higher service levels, and on demand proof of policy compliance." 

“The explosive growth in the number of threats and vulnerabilities to Internet-facing networks, computers, and application software simultaneously demonstrates two things: the extreme cleverness and resourcefulness, and also the unfortunate greed and depravity, of human nature,” said Derek Brink, CISSP, vice president & research fellow, IT Security, Aberdeen. “Companies should accept that vulnerability management is a never-ending process, and that the cycle of “assess,” “prioritize,” “remediate” must be continuously repeated. Through better allocation of limited IT resources and risk management, Best-in-Class performance in vulnerability management frees up limited IT resources to invest in projects more directly tied to the "rewarded risks" of innovation and strategic growth.”

According to the report, by automating and streamlining the elements of the vulnerability management lifecycle companies minimize their total costs, allowing Best-in-Class organizations to successfully transform a necessary evil into a positive ROI:

·  Track only threats and vulnerabilities relevant to the organization's IT assets.

·  Don’t treat all threats the same.  Prioritize based on the level of risk and the business value of the IT assets in question.

·  Automating deployment of software patches or configuration updates is important.

·  Compensating controls can be used where no patches or updates are available.

A complimentary copy of this report is made available in part by Shavlik Technologies. To obtain a complimentary copy of the report, visit:  http://www.aberdeen.com/link/sponsor.asp?spid=30410945&cid=5231.

Shavlik’s Security Suite
The Shavlik Security Suite provides a sustainable solution for generating and distributing approved system baseline configurations and security policies, and then document full compliance with those policies.  The Shavlik Security Suite can be deployed in a matter of hours, and provide almost immediate reporting on an organization’s current compliance status.  Shavlik’s Security Suite drives a higher state of security and compliance readiness through the continuous identification and remediation of system security gaps, and deliver on-going security management that evolves and grows as customers’ needs grow.

Two components of the Shavlik Security Suite, NetChk Protect for vulnerability management, and NetChk Compliance for security configuration management, are SCAP and FDCC compliant and validated for standards based security automation.

About Shavlik Technologies
Shavlik Technologies, LLC delivers enterprise IT organizations robust software solutions that rapidly accelerate and continuously improve security and compliance readiness by simplifying IT operations, and identifying and reliably closing system security gaps. Shavlik’s solutions provide Rapid Readiness so IT organizations realize continuous security and compliance readiness in a fraction of the time, cost and IT resources required by alternative approaches.

With more than 10,000 customers worldwide, Shavlik enables enterprises to simplify complex IT security and compliance management, providing trustworthy solutions that free up critical IT resources to focus on innovations that drive business growth while lowering costs.  Shavlik also licenses its technology to more than 20 leading security and technology companies such as BMC, Juniper, Sophos, Symantec and VMware. For more information, visit Shavlik Technologies at www.shavlik.com.

Share or bookmarklet this web page at: