Simplify and Automate Configuration Management and Compliance Auditing

Managing thousands of configuration settings manually or with semi-automated processes is impractical and consumes more IT- budget and staff- by generating more calls to the help desk that require IT staff to remove malware and bring systems back into conformance.

Configuration management is critical to perform but doing it more efficiently and effectively allows businesses to reduce spend (less time, less money, less IT staff) while measurably improving their level of security and their conformance with internal policies and external regulations.

With Shavlik NetChk Configure you can effectively control and manage highly distributed systems that are operating in mission-critical environments and manage both physical systems and virtual machines, eliminating pain points of using multiple tools as you migrate from physical to virtual worlds.

Gartner estimates that 65% of successful attacks exploit configuration mistakes.

Reduce Time to Value from Months to Minutes

NetChk Configure is designed to make it faster and easier for businesses to begin managing their configurations by providing a fast on-ramp so even resource-starved businesses can get up and running quickly and immediately start to realize the benefits. NetChk Configure provides the most direct route to achieving, proving, and sustaining conformance with internal mandates or external regulations. In a matter of hours, not days or weeks, you’ll have a solution in place and operational to find and fix gaps in your security and compliance status.

The Shavlik NetChk Configure Value

• Spend Less: Time, Money, and IT staff
• Reduce Downtime: Mis-configured systems are more likely to generate help desk calls/cost
• Increase Visibility: Identify and contain configuration drift
• Prove it: You cannot effectively manage or justify a program unless you are measuring it
• Reduce Audit Prep: Know where you stand before the Auditors show up. Get a clear and direct mapping of configuration settings to internal policy or regulatory frameworks

Prove You Are In Compliance

It is easy to create reports about your security posture that map back to internal policies and external regulations, thus demonstrating to auditors that you are in compliance. Reports are available daily, weekly, and monthly on the degree of compliance policies and standards.

“We no longer have to pull operational resources to gather data for upcoming audits. Shavlik’s solution has provided us with push-button audit preparation.”
Director of Information Security,
Global E-Commerce Solutions Provider

Protect More. Save Time. Spend Less

Shavlik’s best-in-class capabilities are bundled in an easy-to-use, centralized console to simplify and automate the top IT management challenges faced by today’s IT environments. Enterprise IT capabilities without the enterprise cost or complexity.

• Ease of Use: Go from install to scanning in 30 minutes or less. Offers a robust user experience, all from a single console.
• Automated policy baseline development and enforcement: Shavlik NetChk Configure uses policies to define the products and the configuration settings checks to evaluate during a particular scan. There are three predefined baseline policies. In addition, you can create your own custom policies that define the specific configuration checks required by your organization.
• Manage Migration from Physical to Virtual Machines: Shavlik NetChk Configure offers a tight coupling with VMware’s vSphere or Virtual infrastructure to more closely manage virtual machines hosted on ESX or ESXi servers to contain configuration drift and to quickly distinguish physical versus virtual machines.

• Policy Cloning & Distribution: Offers advanced "Gold Standard" scanning automation that saves time and increases accuracy. You quickly and easily clone a new policy using the configuration checks configured on a machine that represents your organization’s gold standard. This enables you to leverage existing, approved system configurations. It also makes it very easy to create a security IT infrastructure that can be measured against a pre-defined industry configuration baseline.
• Policy Mapping and Regulatory Audit: Addresses current regulations like PCI, SOX, GLBA, HIPAA, FDCC and FISMA that place new demands on information security. Audit systems using the links between best practices content and auditing standards such as ISO 27002 and NIST 800-53. Use these standards to develop powerful security standards to drive an overall security policy.
• Downloadable PCI DSS Template: NetChk Configure and the downloadable PCI DSS template work together to assist retailers and financial institutions to comply with industry regulations. We gather the proof points for many of the 12 PCI DSS requirements including performing age checking.

• Shares: A share is any resource that can be accessed by other users or computers on a network. Shavlik NetChk Configure can scan for and collect information about shares it identifies on scanned machines.
• Group Membership: Shavlik NetChk Configure can scan for and collect information about groups it identifies on scanned machines. A group is typically granted certain privileges on a machine. By extension, the members of a group are afforded the same privileges granted to the group. Understanding who is a member of a group can help you limit the number of people able to perform certain functionality.
• Audit-Ready Reporting: Easily create a variety of "audit ready" reports that will demonstrate that the proper configuration controls are in place and operational. These reports can also provide alignment between the various regulations (PCI, SOX, HIPAA, etc.) and the requirements of either internal or external auditors who utilize industry standard policy frameworks to measure compliance and prove "due care" has been taken.
• Scheduled scanning and policy enforcement: You can use the Schedule feature to specify when and how often a scan should be run. You can regularly run scans at a specific time using a specified recurrence pattern. For example, using this option, a scan could be run every night at midnight, or every Saturday at 9 PM, or on the first day of every month at 11 PM, or at any other user selected time and interval.
  
  In addition, by enabling the Auto Enforce option you can automatically enforce the policy by correcting any discrepancies found on the scanned machines. The enforcement is performed immediately after the scan.
• Exporting and importing policies: Allows you to export an existing policy to an XML file. This makes the policy available to be imported by other installations of Shavlik NetChk Configure.
• Custom Check Wizard: Enables you to expand upon the numerous out-of-box checks by creating your own custom compliance checks. This allows you to track items that are unique to your organization. The custom checks are added to a custom policy and referenced whenever that policy is used in a compliance scan.

All products created by Shavlik Technologies are built upon the following product principles. There are a number of examples of each principle evident in Shavlik NetChk Configure.

• Simplicity: If a product is difficult to use, chances are it won’t get used, no matter how many bells and whistles it may have. Our interface takes the complexity out of managing security.
• Easy to deploy and manage, meaning your less technical staff can be utilized to manage the product
• Centralized management interface that simplifies and automates configuration management
• Operationalizes security, freeing up critical IT staff
• Direct route to compliance
• Fully automates the vulnerability lifecycle
• Facilitates gains in operational efficiency and delivers cost savings by simplifying complex network security
• Thoroughness: A product is worthless if you can’t trust it to produce accurate results. Shavlik Technologies is the leader in accuracy, depth, and breadth of status on patches, configurations and unapproved software.
• Best in class scanning
• Used to audit other solutions for mistakes
• Validates that policy settings, distributed through GPO or other, were actually implemented
• Built-in support for industry standard frameworks
• Architectural Flexibility: When working with rapidly changing technologies, flexibility is key. You don’t want a product that is locked in and that can’t adapt to changes. Shavlik NetChk Configure is extremely flexible because it:
  • Provides multiple deployment options
  • Is non-intrusive
  • Contains the industry’s most flexible and granular remediation options
  • Works with multiple products: Windows 2000 Professional Gold or later, Windows XP Professional SP1 or later, Windows 2000 Server Gold or later,
    Windows Server 2003 Family, Windows Server 2008 Gold or later and Vista SP1
  • Works with multiple machine types: servers, desktops, laptops, virtual machines
  • Uses XML-based files that are constantly being updated to reflect ever-changing software environments.
  • Supports open standards such as Security Content Automation Protocol (SCAP)
• Scalability: You want a product that is able to grow with your company. Shavlik NetChk Configure has the ability to accommodate ever increasing numbers of machines and software products. Here’s why:
  • Distributed architecture
  • Centralized management
  • Can manage thousands of machines from a single console
• Time-to-Value: You want to be able to immediately begin using your investment. With its easy to use and intuitive interface, Shavlik NetChk Configure has you scanning, assessing, and remediating your network in no time. Because there are very few setup tasks needed before using the product, the “time-to-value” payoff with Shavlik NetChk Configure is extremely high.

NetChk Configure 4

Console

Processor:

• Minimum: 500 MHz CPU
• Recommended: 2.0 GHz CPU (multi-processor machine if more than 1000 seat license)

Memory:

• Minimum: 256 MB of RAM
• Recommended: 2 GB of RAM (4 GB if more than 1000 seat license)

Video:

• 1024 x 768 screen resolution or higher (1280 x 1024 or higher recommended)

Disk Space:

• 60 MB for application

Operating System (any of the following):

Minimum:

• Windows XP Professional, SP3 or later (SP2 or later if using 64-bit version)
• Windows Vista, SP2 or later, Business, Enterprise, or Ultimate Edition
• Windows 7, Professional, Enterprise, or Ultimate Edition

Recommended:

• Windows Server 2003 Family, SP2 or later
• Windows Server 2008 Family, excluding Server Core
• Windows Server 2008 Family R2, excluding Server Core
  
  Note: Shavlik NetChk Configure supports 32- and 64-bit versions of the listed operating systems for both console and target systems.
  

Database:

• Use of SQL Server database ( SQL Server 2005, SQL Server 2005 Express Edition, SQL Server 2008, or SQL Server 2008 Express Edition) is required. If you do not have a SQL Server database, the option to install SQL Server 2008 Express Edition will be provided during the prerequisite software installation process.
• Size: 1.5 GB

Prerequisite Software:

• Internet Explorer 6.0 or later
• Windows Installer 4.5 (only required if installing SQL Express 2008 during the installation)
• Use of Microsoft SQL Server 2005, SQL Server 2005 Express Edition, SQL Server 2008, or SQL Server 2008 Express
• SQL Server Management Objects (SMO)
• SQL Native Client or SQL 2008 Native Client (if using SQL Server 2008)
• Microsoft .NET Framework 3.5, SP1 or later
• IIS common files (for IIS-related checks)
• Shavlik NetChk Protect (if you want to use patch and spyware policy checks)

System Configuration:

• Workstation Service
• Server Service
• Remote Registry Service
• Simple File Sharing disabled
• An administrative share is required (will be temporarily added if missing)
• When scanning the console machine, Windows Management Instrumentation (WMI) service must be running and the protocol allowed to the machine (in Windows Firewall, on Windows XP/Windows 2003 machines this is called Remote Administration, and on Windows Vista/Windows Server 2008 machines this is called Windows Management Instrumentation (WMI)/Remote Administration)

Clients

Browser:

• Internet Explorer 4.0 or later

Disk Space:

• A minimal amount needed for log files

Operating Systems (any of the following):

• Windows NT Workstation 4.0 SP6a or later
• Windows NT Server 4.0 SP6a or later
• Windows NT Server 4.0, Enterprise Edition SP6a or later
• Windows NT Server 4.0, Terminal Server Edition SP6a or later
• Windows 2000 Professional
• Windows 2000 Server
• Windows 2000 Advanced Server
• Windows 2000 Datacenter Server
• Windows 2000 Small Business Server
• Windows XP Professional
• Windows XP Tablet PC Edition
• Windows Server 2003, Enterprise Edition
• Windows Server 2003, Standard Edition
• Windows Server 2003, Web Edition
• Windows Server 2003 for Small Business Server
• Windows Server 2003, Datacenter Edition
• Windows Vista, Home Basic Edition
• Windows Vista, Home Premium Edition
• Windows Vista, Business Edition
• Windows Vista, Enterprise Edition
• Windows Vista, Ultimate Edition
• Windows 7, Professional Edition
• Windows 7, Enterprise Edition
• Windows 7, Ultimate Edition
• Windows Server 2008, Standard
• Windows Server 2008, Enterprise
• Windows Server 2008, Datacenter
• Windows Server 2008, Standard - Core
• Windows Server 2008, Enterprise - Core
• Windows Server 2008, Datacenter – Core
• Windows Server 2008 R2, Standard
• Windows Server 2008 R2, Enterprise
• Windows Server 2008 R2, Datacenter
• Windows Server 2008 R2, Standard - Core
• Windows Server 2008 R2, Enterprise - Core
• Windows Server 2008 R2, Datacenter – Core
  
  Note: Shavlik NetChk Configure supports 32- and 64-bit versions of the listed operating systems for both console and client systems.

Virtual Machines (online virtual images created by any of the following):

• VMware ESX Server 3.0 or later
• VMware VirtualCenter 2.0 or later
• VMware Server
• VMware Workstation 4.0 or later
• VMware Player

System Configuration:

• Workstation Service
• Server Service
• Remote Registry Service
• Simple File Sharing disabled
• File Sharing must be installed (default admin shares used)
• NetBIOS (tcp139) or Direct Host (tcp445) ports must be accessible
• Windows Management Instrumentation (WMI) service must be running and the protocol allowed to the machine (in Windows Firewall, on Windows XP/Windows 2003 machines this is called Remote Administration, and on Windows Vista/Windows Server 2008 machines this is called Windows Management Instrumentation (WMI)/Remote Administration)
• In order to perform SQL Server checks on client machines, the credentials associated with the scan must have access to your SQL Server