Helping Organizations Stay Ahead of Security Breaches and Challenges
SITUATION/CHALLENGE - The technology industry, particularly the computer security system industry, is constantly changing, forcing technology providers to not only look ahead and continuously introduce updated and improved technology, but also to react to the changes in the market on a regular basis. These challenges present themselves on several levels including daily security threats from computer exploits to company networks, as well asMicrosoft and other OS activity, including new patches and product updates.
It is impossible to predict the next Code Red, Blaster or other computer exploit lurking on the horizon, and Shavlik Technologies must be ready to react at any time.
Of growing importance, when businesses face internal or external IT compliance audits, lack of information and absence of a plan lead to fear and uncertainty in all levels of the organization. In preparing for the audit, executive members of the organization ask questions that IT administrators dread having to answer, such as:
• How secure is the network?
• Is our sensitive information protected from unauthorized access?
• How will the organization’s controls hold up to scrutiny?
• Are all of our machine settings within the stated security policy?
• How will we find time to prepare for the audit?
These questions are born out of a high level of uncertainty regarding the true status of the network, not because IT administrators aren’t performing their duties. IT administrators just do not know for certain the true state of the organization’s security posture throughout the network, and they lack the time and technology required to review every configuration of every system on the network.
SOLUTION - Mark Shavlik’s contributions to solving these security issues reads like “The History of Enterprise Network Security” encompassing patch management, compliance management and network security assessment. Mark is a founder of the patch management industry as he teamed with Microsoft in 1999 to create the patch engine for Microsoft Base Security Analyzer (MBSA). This technology is still used by an installed base of millions of users across the globe.
At first Mark’s personal goal was to direct his own career and be independent. For the first three years after founding Shavlik Technologies in 1993, rapid growth was not the intention. At the end of the three years, there were four full-time employees, including Mark, one part-time employee and a few subcontractors.
In short order Mark created a security consulting business that brought attention to the importance of securing businesses through a third-party analysis of current corporate security policies and procedures and devising plans and solutions to help companies protect themselves from computer exploits. One of the primary vulnerabilities Shavlik continuously found were security patches. Soon, Shavlik developed “Hot Fix Network Checker” patch manager for Microsoft’s products. This manager, called HFNetChk, is the engine used by the Microsoft Baseline Security Analyzer (MBSA). Shavlik then launched its own flagship product, Shavlik HFNetChkPro™, to provide patch management for general release. Analyst and IT Administrators soon began referring to patch management as a separate IT function within the computer security arena. Today, patch management is considered one of the best lines of defense to keep network systems from being attacked or exploited by malicious software.
Shavlik Technologies was founded as a network security company several years before delivering its first off-the-shelf software solution. So Shavlik security experts designed network security into its products from the ground up. This gives us certain advantages over competing solutions that were forced to add security features its products after the fact.
Today Shavlik is the market leader in the simplification of complex enterprise network configuration, compliance and security. The company’s solutions support an organization's need for Active Vulnerability Management - the automated and continual process for preventing, detecting, and removing critical security threats from corporate networks while maintaining policy-driven security configurations. Shavlik Technologies has earned unparalleled industry stature as the de facto industry standard for patch management solutions and has been ranked #1 in that market by IDC. Shavlik's products have won multiple awards from leading industry trade journals including Info Security Products Guide.
With more than 10,000 customers worldwide, Shavlik is trusted to provide the most up-to-date security patch data and the most comprehensive discovery capability to maintain a customer's overall network security integrity.
Shavlik also licenses its technology to more than 20 leading security and high tech companies such as Dell, BMC, Symantec, VMware, Juniper and Sophos.
Info Security Products Guide
CONCLUSION - Shavlik delivers to its customers easy-to-implement, easy-to–use technology that reduces the time and expense for customers to achieve compliance. Many of Shavlik’s customers include banks, hospitals, hospitality companies, governments, and universities that are under increasing regulatory pressure to safeguard private customer, employee and student data. And these customers must prove on an ongoing basis that this data is protected.
Shavlik’s Security Suite simplifies risk and compliance management by ensuring that companies can accurately assess, and then automatically remediate, monitor and report on their enterprise network state. Today, Shavlik’s solutions are trusted by over 1,000 financial services companies, over 500 health organizations, over 560 educational institutions, and over 800 government agencies.
Shavlik receives customer feedback on a regular basis, validating that our solutions are meeting their risk and compliance management needs:
“We brought in the Shavlik solution to better meet our internal service level targets. A few of our business units were not hitting our required 95% compliant requirements, and Shavlik brought them back.”
“Shavlik’s solution has provided us with a push-button audit capability, greatly increasing operational efficiencies.”
“Shavlik’s assessment capability is the most accurate on the market – we use it to catch errors in our other tools. Shavlik is always right.”
“It's obvious that Shavlik developers have used their products and taken feedback from people who have used them.”
Mark Shavlik founded Shavlik Technologies in 1993 to offer a unique, market-driven approach to security application design and development. He was a senior developer for Microsoft Corporation, and one of the founding members of the Microsoft Windows NT® team. Originally from Wisconsin, he decided to return to the Midwest and launch his own business after five years with Microsoft. Minnesota – and St. Paul in particular – impressed Mark and his wife, Rebecca, as a good place to raise a family and a good market for the expertise Mark had gained while working at Microsoft.
Mark has over 20 years experience in successfully identifying market needs and building, marketing and selling innovative products and solutions, including tenure as a senior systems designer and Windows NT kernel development project leader in the Microsoft Systems group, and as an original member of the Windows NT development team under David Cutler. At Microsoft, Mark also managed Microsoft OEM relationships with Compaq, IBM and Zenith. Mark received his Bachelor of Science degree in Computer Science from the University of Wisconsin and is a Certified Information Systems Security Professional (CISSP).
Mark considers Minnesota to be one of the country’s best-kept secrets because of its quality workforce, environment and atmosphere. He is deeply committed to the success of the technology industry in Minnesota, and his goal is to continue to bring more jobs and revenue into the state by supporting organizations and businesses that support Minnesota. Shavlik continuously finds ways to develop new business relationships and strengthen existing relationships to help advance technology in Minnesota. Some examples of these relationships include:
Century College – Serves on the technical advisory board, he also works with students to enhance their skill sets for Quality Analysis and has developed a beta program in which the college and its students are beta testers of developing Shavlik products, offering students a hands-on approach to prepare them for careers in technology.
Involvement in MHTA, ISSA, NetSuds – Mark supports the efforts of these Minnesota technology organizations through encouragement of company-wide membership and conference attendance.
Involvement in Minnesota trade shows – Shavlik Technologies attends tradeshows in Minnesota such as the Minnesota Government IT Symposium.
CISSP Training –Shavlik Technologies opens its doors to host CISSP study groups. This includes supporting his team as presenters and organizers of these events.
2665 Long Lake Road
Roseville, MN 55113