Shavlik NetChk Protect 6.1
July 07, 2008
£2,468 for 100 workstations (exc VAT)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy deployment, main components don't require an agent, strong patch management and deployment features, detailed reporting
- Weaknesses: Spyware scans are lengthy and can consume host resources
- Verdict: Excellent patch scanning and deployment facilities plus solid centralised management, but more work is needed on the spyware components
At first glance, NetChk Protect looks to offer a strange brew of features as it combines patch management with anti-spyware, but Shavlik groups them neatly together under its active vulnerability management umbrella. The idea is that you keep all your legitimate applications fully up to date with the latest security patches while keeping dangerous applications off the network.
The best of the new features is support for custom patch deployment. This uses a custom patch file editor to download and apply essential updates to non-Microsoft and legacy applications. A new machine-centric view of systems being protected displays trees with domains at the top and each system underneath shows the list of discovered applications and their patch status.
Unlike many management products, Shavlik tries to avoid agents where possible and can remotely scan systems and deploy patches without them, but includes agents to support scenarios such as remote sites with low internet bandwidth links and mobile workers that are frequently away from the network.
For testing we loaded the core product on a Boston Supermicro dual 3GHz Xeon 5160 system running Windows Server 2008 Enterprise - a simple process that took less than 30 minutes to complete. You can start assessing your security posture straight away as you can select immediate scans of local and remote systems from the intuitive main console and opt to check for patches or spyware. If you have firewall software running on local LAN systems you'll need to do some work opening up ports, but Shavlik does provide a comprehensive list.
The results from our test patch scans were particularly good. One target systems was running an unpatched version of Windows Server 2003 R1 and NetChk came back with a list of more than 60 required patches. Patch scans rarely took more than a minute for each test system. The results are initially provided as an executive summary with plenty of charts, but you can drill down into each report to find out a wealth of information about the patch status of individual systems.
One issue we had was the number of applications supported by NetChk. One client was loaded with a wide range of common apps, but the patch scan missed quite a few. We were somewhat perplexed to see the patch status for Adobe Acrobat and Reader displayed, but not for Photoshop or Elements. We also noticed that NetChk was unable to correctly identify Windows Server 2008.
Patch deployment is swift as you can select individual patches or all of them and either send them to the selected systems immediately or at a specific time. Deployment templates can be used to determine functions such as the type of installation, when the client reboots, plus pre- and post-install tasks.
We found spyware scans were a lot slower and required more host resources. We created a group of four machines and a general spyware scan on all of them took more than 16 minutes. We also noticed that CPU utilisation on some of the less well-specified clients during the scan could be as little as 50 per cent. You can limit the amount of CPU resources the scan is allowed, but this will make the scan take even longer. The results do go some way to make up for this as the reports are just as detailed as the patch scans.
To remediate you must deploy agents, and for this you need to set up a distribution server. This didn't take long and we could then push agents out to selected clients and groups from the central console. Agents are controlled with policies that determine whether they can scan for patches and spyware and take remedial action. For the latter you can also set real-time protection, where you decide what actions on the client are to be blocked, prompted for or allowed.
NetChk Protect delivers a vulnerability management solution that's swift to deploy and easy to use. The patch scanning and remediation facilities are easily its strongest features as the spyware scans require a lot of resources in order to offer valuable protection to client systems.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Report: Mirai 'is just the tip of the iceberg'
- Data centres are on the move - where will they end up?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- 400% increase in POS malware variants across US Thanksgiving weekend
- Only 25% of businesses can effectively detect and respond to data breaches
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears