Shavlik Technologies

Shavlik Technologies was a privately held company founded in 1993 by Mark Shavlik, who was one of the original developers of Windows NT in the late 1980s and early 1990s at Microsoft.

The company provided software and services for network vulnerability assessment and for managing network security patches. Mark Shavlik left his role as CEO when Shavlik Technologies was acquired by VMware in May 2011, then held the position of Vice President and General Manager at VMware until March 2013. Today Mark Shavlik is the CEO of security automation product creator Senserva.

In April 2013, LANDESK purchased the Shavlik business unit and all rights to the Shavlik products from VMware. During the same period, LANDESK announced a partnership that made VMware an Alliance Partner.

In 2017 LANDESK merged with HEAT Software creating a new IT Software company called Ivanti. Today, while the Shavlik name has been retired, the same Shavlik products are vital to the Ivanti security portfolio.

History
Prior to the acceptance of Windows NT as a legitimate, enterprise operating system in the late 1990s, most enterprise software was written for Unix or some other mainframe operating system. Shavlik's roots were in providing consulting services to help organizations make the leap to Microsoft OS's and contributed to them delivering products on NT. Shavlik later extended its services business into software security consulting, primarily with businesses in highly regulated industries such as banking and healthcare. The services centered on providing a Certified Information Systems Security Professional (CISSP) to perform security audits and penetration testing.

In the early 2000s the failure to keep software up-to-date by applying patches was a common flag on audits. One of the central challenges in addressing the problem was that companies did not have an easy way to determine which machines were out of date and they did not have a methodology to deploy updates. During this era, Microsoft wrestled with addressing this issue internally. They wanted a tool to detect which NT servers in a large NT server environment were missing patches so "hot fixes" (see Hotfix) could be installed on those machines. However, because these NT servers were critical to operations, Microsoft required that this process be completed without installing any extra software, such as an agent, on the servers.

In an effort to address the "hot fix"issue, Shavlik built the first agentless patch scanner for Windows NT. The product was named HFNetChk (the acronym designating HotFix Network Check). The HFNetChk release was followed by another partnership wherein Shavlik helped build the Microsoft Baseline Security Analyzer (MBSA). This tool did minimal patch scanning along with some basic OS configuration checks. It was delivered by Microsoft as part of the Windows 2000 Server Toolkit.

HFNetChk Pro 3.0, which was never released externally, introduced the ability to not only scan for missing patches but also to deploy those patches. This eliminated the need for an IT administrator to apply patches manually.

In 2003, Shavlik brought HFNetChk to market for the first time. Version 4 featured a Visual Basic "web friendly" user interface. Previous versions of HFNetChk were operated via a command line interface.

Patch Management
In January 2003, the SQL slammer worm exploited a vulnerability in SQL Server that allowed a denial of service and slowed traffic on many internet hosts to a crawl. The worm went viral affecting 75,000 systems in the first ten minutes. Microsoft had made a patch available six months prior indicating that a failure to patch led to the widespread, security breach, not the vulnerability itself.

Shavlik's HFNetChk was the first product in the market that could scan for and deploy missing patches on Windows machines. In the aftermath of the SQL Slammer worm and after a series of other highly publicized exploits hit in 2003/2004, Shavlik made the decision to move away from consulting and to fully invest in software development for patch management products.

Shavlik Protect
Shavlik added standalone and integrated anti-virus capabilities to version 5 of HFNetChk and changed the product name to HFNetChk Protect, eventually dropping HFNetChk.

During the Version 6 timeframe, Protect introduced the capability to patch offline virtual machines and VM templates. This project was the first in a series of partnerships Shavlik entered into with VMware, and the capability meant that Protect could agentlessly patch machines in both physical and virtual environments. With Version 7 and its various point releases, a new user interface was introduced as well as physical and virtual asset inventory. Agent support was integrated into Protect and was no longer offered as a separately licensed product. Shavlik also shifted more of its detection logic out of Protect and into the content. Version 8 of Protect fixed many stability issues. Due to a number of customer complaints, Shavlik focused on making the product more stable. Version 9 introduced hypervisor patching for VMware implementations as well as the ability to patch off-network machines via the cloud.

Microsoft Collaboration
Shavlik's technological advancements have been significant enough to attract attention from Microsoft, resulting in cooperative efforts between the two companies and the development of the Microsoft Baseline Security Analyzer (MBSA), which is based on Shavlik's HFNetChk (the acronym designating HotFix Network Checker) released in 2001. This technology has evolved, but is still the core technology in the current product offerings and has been licensed by multiple OEM partners to provide patch management capabilities to a variety of IT management solutions with a combined install base of millions of users across the globe.

In the late 2000s, the industry saw applications being exploited by hackers shift from Microsoft OS and other Microsoft applications to third-party applications like Java, Adobe, music players, and non-Microsoft internet browsers. During this time, products like Microsoft System Center Configuration Manager (SCCM) provided Windows patch capabilities via the Windows Server Update Services (WSUS); however, it didn't (and still doesn't) patch third-party products. According to Global Analyst Firm Gartner, this left administrators with limited choices: don't patch third-party products leaving the network at risk, author and test a custom patch each time a third-party product requires an update, or deploy the patches manually to each affected machine.

In April 2010, Shavlik released SCUPdates – a catalog of patch content that automated the process of building third-party patches and delivering them to Windows clients via an integration with Microsoft System Center Updates Publisher (SCUP) and SCCM. In tandem with the initial SCUPdates release, Microsoft and Shavlik also announced Shavlik's inclusion into the Microsoft System Center Alliance.

Patch Management to the Cloud
In 2010 Shavlik released IT.Shavlik which provided a web-based front-end to the traditional Shavlik toolkit of asset inventory, patch scanning, and patch deployment. This Software as a Service (SaaS) application simplified the workflow for inventory and systems patching than was possible with the on-premises, Protect solution.


 * Microsoft referred to SaaS as "software plus services" for a few years.

In early 2009, Shavlik formed an OEM partnership with VMware to build a cloud-based application designed to help IT administrators in smaller businesses deploy a virtual environment. VMware Go (vGo) was intended to be an "onramp to virtualization," serving smaller customers until they were ready to upgrade to the more sophisticated vCenter suite. vGo was originally brought to market as a free-use cloud-based product.

VMware and Shavlik invested heavily in vGo, and the product was expanded to include asset inventory, patch scanning, and an IT advisor recommendation engine. Later in attempts to monetize vGo's services, a paid version called VMware Go Pro introduced patch deployment. This led to the migration of users from IT.Shavlik to VMware Go.

Acquisition History
VMware's interest in VMware Go as well as the virtual infrastructure patching capabilities within Protect led to its acquisition of Shavlik Technologies in May 2011. The terms of the acquisition were not publicly disclosed.

In January 2013, VMware announced its intent to "sharpen its focus" on the software-defined data center and hybrid cloud services. As part of this realignment, VMware sought to sell off products that weren't contributing to its core business such as its SlideRocket presentation software and other "non-key cloud and virtualization technologies." The Shavlik product line found itself on that list.

In April 2013, LANDesk Software purchased the Shavlik business unit and all rights to the Shavlik products from VMware. At the same time LANDesk announced a partnership which added VMware to LANDesk's list of Alliance Partners. Shavlik's move to LANDesk triggered new investment in Shavlik Patch for Microsoft System Center (formerly SCUPdates) as well as other products that enhance the experience for companies using SCCM.

In early 2017, Clearlake Capital acquired LANDesk and Shavlik, along with Heat Software, Appsense and Wavelink; the combined company uses a new corporate name and product brand, Ivanti.