Simplify and Automate Configuration Management and Compliance Auditing

Shavlik NetChk Configure is a powerful configuration management solution that simplifies and automates the critical to perform tasks of auditing configurations. It enables you to keep up with changes brought by dynamic networks, meet your compliance objectives, lower your costs, and reduce your risk of exposure. With Shavlik NetChk Configure you can effectively control and manage highly distributed systems that are operating in mission-critical environments.

Multi-Use Tool

Shavlik NetChk Configure provides management and control over configuration settings, as well as compliance auditing for Microsoft-based machines. It enables you to understand, check, assess, audit, and enforce configuration checks on the machines in your networks. It is also an excellent tool for streamlining your understanding of conformance with internal policies and regulatory compliance requirements.

Fastest Time to Value

Shavlik NetChk Configure provides the most direct route to achieving, proving, and sustaining conformance with internal mandates or external regulations. In a matter of hours, not days or weeks, you’ll have a solution in place and operational to find and fix gaps in your security and compliance status.

Simplify Configuration Management

Shavlik NetChk Configure is a cost-effective method for taking control of your configuration settings and improving your security posture. By taking the complexity out of the security configuration task, it provides the fastest route to improved security and compliance readiness. Operational efficiencies are improved so you can do more with fewer resources and free up IT resources to do things that drive business growth.

Automatically Enforce Corporate Policies

Shavlik NetChk Configure detects systems that have drifted out of compliance with your corporate policy, and then quickly and automatically enforces the existing policies by returning the affected systems to their desired state. It does this through continuous assessment, remediation, and management of all physical and virtual machines.

Prove You Are In Compliance

It is easy to create reports about your security posture that map back to internal policies and external regulations, thus demonstrating to auditors that you are in compliance. Reports are available daily, weekly, and monthly on the degree of compliance policies and standards.

Shavlik NetChk Configure contains a large number of product features. In addition to reviewing the following list, you can also see several of the product features in action by viewing the product tutorials available by clicking here.

• Ease of Use: Go from install to scanning in 30 minutes or less, leveraging Shavlik’s easy to use, industry-standard user interface. Offers a robust user experience, all from a single console.
• Automated policy baseline development and enforcement: Shavlik NetChk Configure uses policies to define the products and the configuration settings checks to evaluate during a particular scan. There are three predefined baseline policies. In addition, you can create your own custom policies that define the specific configuration checks required by your organization.
• SCAP Processor support: Allows for interaction with the Shavlik NetChk SCAP Processor, a conversion tool that enables you to convert Security Content Automation Protocol (SCAP) profiles into policies that can be imported into Shavlik NetChk Configure. The policies can then be used to perform compliance scans of machines in your network.

• Policy Cloning & Distribution: Offers advanced "Gold Standard" scanning automation that saves time and increases accuracy. You quickly and easily clone a new policy using the configuration checks configured on a machine that represents your organization’s gold standard. This enables you to leverage existing, approved system configurations. It also makes it very easy to create a security IT infrastructure that can be measured against a pre-defined industry configuration baseline.
• Policy Mapping and Regulatory Audit: Addresses current regulations like PCI, SOX, GLBA, HIPAA, FDCC and FISMA that place new demands on information security. Audit systems using the links between best practices content and auditing standards such as ISO 27002 and NIST 800-53. Use these standards to develop powerful security standards to drive an overall security policy.
• Policy Dashboard: Gives you the ability to quickly determine the compliance status of the machines in your organization. It does so by providing summary information in an easy-to-read graphical display.

• Audit-Ready Reporting: Easily create a variety of "audit ready" reports that will demonstrate that the proper configuration controls are in place and operational. These reports can also provide alignment between the various regulations (PCI, SOX, HIPAA, etc.) and the requirements of either internal or external auditors who utilize industry standard policy frameworks to measure compliance and prove "due care" has been taken.
• Scheduled scanning and policy enforcement: You can use the Schedule feature to specify when and how often a scan should be run. You can regularly run scans at a specific time using a specified recurrence pattern. For example, using this option, a scan could be run every night at midnight, or every Saturday at 9 PM, or on the first day of every month at 11 PM, or at any other user selected time and interval.
  
  In addition, by enabling the Auto Enforce option you can automatically enforce the policy by correcting any discrepancies found on the scanned machines. The enforcement is performed immediately after the scan.
• Extremely flexible and robust scanning options: Provides users with both simple and flexible scanning options. The home page provides a simple 1 – 2 – 3 step process to begin a scan. Or, you can begin scans from within a machine group or within a policy. Scans can also be performed by domain, organizational unit, machine name, IP address or IP range.
• Exporting and importing policies: Allows you to export an existing policy to an XML file. This makes the policy available to be imported by other installations of Shavlik NetChk Configure.
• Custom Check Wizard: Enables you to expand upon the numerous out-of-box checks by creating your own custom compliance checks. This allows you to track items that are unique to your organization. The custom checks are added to a custom policy and referenced whenever that policy is used in a compliance scan.
• Change management: Provides the mechanisms needed to track changes you make to your policies and track policy enforcements you perform on the machines in your organization.
• Machine Groups: Shavlik NetChk Configure uses machine groups to keep track of the machines that are included in a particular scan. There are several predefined machine groups (My Machine, My Domain, My Test Machines, and Entire Network). In addition, you can also create your own unique machine groups.

All products created by Shavlik Technologies are built upon the following product principles. There are a number of examples of each principle evident in Shavlik NetChk Configure.

• Simplicity: If a product is difficult to use, chances are it won’t get used, no matter how many bells and whistles it may have. Our interface takes the complexity out of managing security.
• Easy to deploy and manage, meaning your less technical staff can be utilized to manage the product
• Operationalizes security, freeing up critical IT staff
• Direct route to compliance
• Fully automates the vulnerability lifecycle
• Facilitates gains in operational efficiency and delivers cost savings by simplifying complex network security
• Thoroughness: A product is worthless if you can’t trust it to produce accurate results. Shavlik Technologies is the leader in accuracy, depth, and breadth of status on patches, configurations and unapproved software.
• Best in class scanning
• Used to audit other solutions for mistakes
• Validates that policy settings, distributed through GPO or other, were actually implemented
• Built-in support for industry standard frameworks
• Architectural Flexibility: When working with rapidly changing technologies, flexibility is key. You don’t want a product that is locked in and that can’t adapt to changes. Shavlik NetChk Configure is extremely flexible because it:
  • Provides multiple deployment options
  • Is non-intrusive
  • Contains the industry’s most flexible and granular remediation options
  • Works with multiple products: Windows 2000 Professional Gold or later, Windows XP Professional SP1 or later, Windows 2000 Server Gold or later,
    Windows Server 2003 Family, Windows Server 2008 Gold or later and Vista SP1
  • Works with multiple machine types: servers, desktops, laptops, virtual machines
  • Uses XML-based files that are constantly being updated to reflect ever-changing software environments.
  • Supports open standards such as Security Content Automation Protocol (SCAP)
• Scalability: You want a product that is able to grow with your company. Shavlik NetChk Configure has the ability to accommodate ever increasing numbers of machines and software products. Here’s why:
  • Distributed architecture
  • Centralized management
  • Can manage thousands of machines from a single console
• Time-to-Value: You want to be able to immediately begin using your investment. With its easy to use and intuitive interface, Shavlik NetChk Configure has you scanning, assessing, and remediating your network in no time. Because there are very few setup tasks needed before using the product, the “time-to-value” payoff with Shavlik NetChk Configure is extremely high.

Configure 4

Console

Processor:

• 500 MHz or faster CPU

Memory:

• Minimum: 256 meg RAM
• Recommended: 512 meg RAM or higher

Video:

• 1024 x 768 screen resolution or higher (1280 x 1024 or higher recommended)

Disk Space:

• 60 meg for application

Operating System (any of the following):

• Windows Server 2008 Gold or later
• Windows Server 2003 Family
• Vista, Business, Enterprise, and Ultimate Editions, Gold or later
• Windows XP Professional SP1 or later
• Windows 2000 Server Gold or later
• Windows 2000 Professional Gold or later

Architectures

• 32-bit: All operating systems listed above are supported
• 64-bit: All operating systems listed above are supported

Prerequisite Software:

• Internet Explorer 5.5 or later
• Windows Installer 3.1
• Microsoft Data Access Controls (MDAC) 2.8 or later
• MSXML 6.0 or later
• JET 4.0 SP8 or later (migration to SQL Server 2005 or SQL Server 2008 is possible after installation)
• Microsoft .NET Framework 2.0
• Visual C++ 2008 Redistributable Package
• IIS common files (for IIS-related checks)
• Shavlik NetChk Protect 5.x or later (if you want to use patch or spyware/threat policy checks)

System Configuration

• Workstation Service
• Server Service
• Remote Registry Service
• Simple File Sharing disabled
• An administrative share is required (will be temporarily added if missing)

Clients

Browser:

• Internet Explorer 4.0 or later

Disk Space:

• A minimal amount needed for log files

Operating Systems:

• Windows Server 2008, Standard, Data Center, Web, and Enterprise Editions, Gold or later
• Windows Server 2003, Standard and Enterprise Editions, Gold or later
• Windows Vista, Business, Enterprise, and Ultimate Editions, Gold or later
• Windows XP Professional Gold or later
• Windows 2000 Server Gold or later
• Windows 2000 Professional Gold or later

Architectures

• 32-bit: All operating systems listed above are supported
• 64-bit: All operating systems listed above are supported

System Configuration

• Workstation Service
• Server Service
• Remote Registry Service
• Simple File Sharing disabled
• File Sharing must be installed (default admin shares used)
• NetBIOS (tcp139) or Direct Host (tcp445) ports must be accessible