Shavlik

Shavlik Technologies was a privately held company founded in 1993 by Mark Shavlik, who was one of the original developers of Windows NT in the late 1980s and early 1990s at Microsoft.InformationWeek
Five Questions For Mark Shavlik, CEO of Shavlik Technologies

The company provided software and services for network vulnerability assessment and for managing network security patches. Mark Shavlik left his role as CEO when Shavlik Technologies was acquired by VMware in May 2011, then held the position of Vice President and General Manager at VMware until March 2013.

In April 2013, LANDESK purchased the Shavlik business unit and all rights to the Shavlik products from VMware. During the same period, LANDESK announced a partnership that made VMware an Alliance Partner.LANDesk Acquires Shavlik from VMware
Official Announcement

In 2017 LANDESK merged with HEAT Software creating a new IT Software company called Ivanti. Today, while the Shavlik name has been retired, the same Shavlik products are vital to the Ivanti security portfolio.

History

Prior to the acceptance of Windows NT as a legitimate, enterprise operating system in the late 1990s, most enterprise software was written for Unix or some other mainframe operating system. Shavlik's roots were in providing consulting services to help organizations make the leap to Microsoft OS's and contributed to them delivering products on NT. Shavlik later extended its services business into software security consulting, primarily with businesses in highly regulated industries such as banking and healthcare. The services centered on providing a Certified Information Systems Security Professional (CISSP) to perform security audits and penetration testing.

In the early 2000s the failure to keep software up-to-date by applying patches was a common flag on audits. One of the central challenges in addressing the problem was that companies did not have an easy way to determine which machines were out of date and they did not have a methodology to deploy updates. During this era, Microsoft wrestled with addressing this issue internally. They wanted a tool to detect which NT servers in a large NT server environment were missing patches so "hot fixes" (see Hotfix) could be installed on those machines. However, because these NT servers were critical to operations, Microsoft required that this process be completed without installing any extra software, such as an agent, on the servers.

In an effort to address the "hot fix"issue, Shavlik built the first agentless patch scanner for Windows NT.HFNetChk: Microsoft's New Hotfix Tool
News Coverage The product was named HFNetChk (the acronym designating HotFix Network Check). The HFNetChk release was followed by another partnership wherein Shavlik helped build the Microsoft Baseline Security Analyzer (MBSA). This tool did minimal patch scanning along with some basic OS configuration checks. It was delivered by Microsoft as part of the Windows 2000 Server Toolkit.

HFNetChk Pro 3.0, which was never released externally, introduced the ability to not only scan for missing patches but also to deploy those patches. This eliminated the need for an IT administrator to apply patches manually.

In 2003, Shavlik brought HFNetChk to market for the first time. Version 4 featured a Visual Basic "web friendly" user interface. Previous versions of HFNetChk were operated via a command line interface.

Patch Management

In January 2003, the SQL slammer worm exploited a vulnerability in SQL Server that allowed a denial of service and slowed traffic on many internet hosts to a crawl. The worm went viral affecting 75,000 systems in the first ten minutes. Microsoft had made a patch available six months prior indicating that a failure to patch led to the widespread, security breach, not the vulnerability itself.SQL Slammer: Hot it Works and How to Prevent It
News Coverage

Shavlik's HFNetChk was the first product in the market that could scan for and deploy missing patches on Windows machines. In the aftermath of the SQL Slammer worm and after a series of other highly publicized exploits hit in 2003/2004, Shavlik made the decision to move away from consulting and to fully invest in software development for patch management products.

Shavlik Protect

Shavlik added standalone and integrated anti-virus capabilities to version 5 of HFNetChk and changed the product name to HFNetChk Protect, eventually dropping HFNetChk.Shavlik Products Page
Company Website

During the Version 6 timeframe, Protect introduced the capability to patch offline virtual machines and VM templates. This project was the first in a series of partnerships Shavlik entered into with VMware, and the capability meant that Protect could agentlessly patch machines in both physical and virtual environments.
With Version 7 and its various point releases, a new user interface was introduced as well as physical and virtual asset inventory. Agent support was integrated into Protect and was no longer offered as a separately licensed product. Shavlik also shifted more of its detection logic out of Protect and into the content.

Version 8 of Protect fixed many stability issues. Due to a number of customer complaints, Shavlik focused on making the product more stable. Version 9 introduced hypervisor patching for VMware implementations as well as the ability to patch off-network machines via the cloud.

Microsoft Collaboration

Shavlik's technological advancements have been significant enough to attract attention from Microsoft, resulting in cooperative efforts between the two companies and the development of the Microsoft Baseline Security Analyzer (MBSA), which is based on Shavlik's HFNetChk (the acronym designating HotFix Network Checker) released in 2001.ServerWatch
Windows Patch Management, Shavlik Technologies This technology has evolved, but is still the core technology in the current product offerings and has been licensed by multiple OEM partners to provide patch management capabilities to a variety of IT management solutions with a combined install base of millions of users across the globe.
Helping Organizations Stay Ahead of Security Breaches and Challenges

In the late 2000s, the industry saw applications being exploited by hackers shift from Microsoft OS and other Microsoft applications to third-party applications like Java, Adobe, music players, and non-Microsoft internet browsers. During this time, products like Microsoft System Center Configuration Manager (SCCM) provided Windows patch capabilities via the Windows Server Update Services (WSUS); however, it didn't (and still doesn't) patch third-party products. According to Global Analyst Firm Gartner, this left administrators with limited choices: don't patch third-party products leaving the network at risk, author and test a custom patch each time a third-party product requires an update, or deploy the patches manually to each affected machine.Gartner Blog Post, May 6, 2013
Patch Management Not a Solved Problem

In April 2010, Shavlik released SCUPdates – a catalog of patch content that automated the process of building third-party patches and delivering them to Windows clients via an integration with Microsoft System Center Updates Publisher (SCUP) and SCCM. In tandem with the initial SCUPdates release, Microsoft and Shavlik also announced Shavlik's inclusion into the Microsoft System Center Alliance.
Shavlik Technologies Joins Microsoft System Center Alliance

Patch Management to the Cloud

In 2010 Shavlik released IT.Shavlik which provided a web-based front-end to the traditional Shavlik toolkit of asset inventory, patch scanning, and patch deployment. This Software as a Service (SaaS) application simplified the workflow for inventory and systems patching than was possible with the on-premises, Protect solution.

In early 2009, Shavlik formed an OEM partnership with VMware to build a cloud-based application designed to help IT administrators in smaller businesses deploy a virtual environment. VMware Go (vGo) was intended to be an "onramp to virtualization," serving smaller customers until they were ready to upgrade to the more sophisticated vCenter suite. vGo was originally brought to market as a free-use cloud-based product.

VMware and Shavlik invested heavily in vGo, and the product was expanded to include asset inventory, patch scanning, and an IT advisor recommendation engine. Later in attempts to monetize vGo's services, a paid version called VMware Go Pro introduced patch deployment. This led to the migration of users from IT.Shavlik to VMware Go.

Acquisition History

VMware's interest in vGo as well as the virtual infrastructure patching capabilities within Protect led to its acquisition of Shavlik Technologies in May 2011. The terms of the acquisition were not publicly disclosed.VMware to Acquire Shavlik Technologies, May 16, 2011
Official VMware Release

In January 2013, VMware announced its intent to "sharpen its focus" on the software-defined data center and hybrid cloud services.
News Coverage As part of this realignment, VMware sought to sell off products that weren't contributing to its core business such as its SlideRocket presentation software and other "non-key cloud and virtualization technologies."VMware Announces Mass Layoffs After Positive Earnings Report
News Coverage The Shavlik product line found itself on that list.

In April 2013, LANDesk Software purchased the Shavlik business unit and all rights to the Shavlik products from VMware. At the same time LANDesk announced a partnership which added VMware to LANDesk's list of Alliance Partners.LANDesk Acquires Shavlik from VMware, April 9, 2013
Official LANDesk Release Shavlik's move to LANDesk triggered new investment in Shavlik Patch for Microsoft System Center (formerly SCUPdates) as well as other products that enhance the experience for companies using SCCM.

In early 2017, Clearlake Capital Group acquired LANDesk and Shavlik, along with Heat Software, Appsense and Wavelink; the combined company uses a new corporate name and product brand, Ivanti.Shavlik is now Ivanti, March 28, 2017
Press Release reported in ITWebRealize value in minutes, not months
ivanti company page

References

Further reading

Battening the patches: Shavlik Technologies of Roseville has built a niche as one of the nation's leading testers and managers of computer security...
Star Tribune, Minneapolis, MN, February 15, 2009
Microsoft Patch Tuesday Brings Four Fixes For Eight Flaws
Information Week: February 10, 2009
Relying on Microsoft's WSUS patch management is 'almost negligent'
SC Magazine: February 6, 2009
Shavlik Technologies Optimizer Series Doing Its Part for the Economy!
Business Wire: February 5, 2009
Microsoft Plans To Fix UAC Security in Windows 7 RC
Redmond Magazine: February 5, 2009
Shavlik Technologies Named Finalist for Two Prestigious SC Magazine Awards
Reuters: January 7, 2009
LANDesk Acquires VMware Protect Product Family
LANDesk: April 9, 2013


Shavlik Moves In With Severnside Housing

External links

*{{Official website, http://www.shavlik.com

Computer security software companies
Companies based in Minnesota
Software companies established in 1993