SAM & SVM
Software Asset Management & Software Vulnerability Management (SAM & SVM)
For a long period of time SAM and SVM were working in silos with almost no communication and/or no information sharing.
This used to work. SVM were primarily focusing on datacenter, and traditional scanner tools were doing the job. On the Desktop side, Security team were mainly relaying on Antivirus and Patch Tuesday to keep systems safe and up-to-date.
So what changed… Cloud Computing and Wannacry
Cloud Computing is a disruptive technology that impacts security solutions. Instances are spin up-and-down in minutes, the physical data centers are no longer under customers control, and scanners are only able to capture a fraction of the running environment.
On the Desktop side, it has been an intense year for cyber attacks and ransomware. Wannacry triggered everyone to realize that desktops are not up-to-date, and this impact was worldwide across 150 countries. Security can no longer rely on Windows Updates. They need to get insight on what software are running and where.
Come into play the SAM technology
SAM contains key and valuable data for keeping secure the IT environment. You cannot protect your environment if you don't know what is running in your environment “Know what you are made of”.
SAM provides the Know, but still has flaws that Security cannot work around:
- SAM is not real time
- SAM is not detailed enough (e.g.: Oracle JRE 7 has different vulnerabilities depending on the installed update)
- SAM does not provide remediation patches required for Automation
fatstacks reconciles SAM & SVM
fatstacks collects, and analyzes data from any commercial software discovery tool and log management data source (e.g.: Splunk, Microsoft SCCM, AWS SSM, HPUD, ServiceNow Discovery) and generates the list of installed software, along with known vulnerabilities, and available patches.
- Capture versions at a detailed level needed to identify known vulnerabilities
- Roll-up at Minor and Major Versions for License Compliance
- Identify software that reaches and/or passes end-of-life
- Provide the list of available patches when it exists