Ivanti Blog: Posts by

Security Update for Ivanti Connect Secure and Policy Secure

Wed, 03 Apr 2024 16:04:55 Z

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. We continue to invest significant resources to ensure that all our solutions continue to meet our own high standards and industry best practices. To this end, we are making important security enhancements, outlined here, that better enable us to anticipate, prevent and protect against future threats. We remain committed to communicating openly with customers, consistent with our commitment to security and responsible disclosure.

This commitment includes enhancements to our vulnerability management program to better and more quickly identify and address potential issues in collaboration with the broader security ecosystem.

As part of this effort, vulnerabilities were discovered in our Ivanti Connect Secure and Policy Secure products. We are reporting the vulnerabilities as CVE-2024-21894, CVE-2024-22052, CVE-2024-22053 and CVE-2024-22023. A patch is now available for all supported versions of Ivanti Connect Secure and Policy Secure. There is also an updated external ICT available for these updates.

It is important for customers to know:

We have no evidence of these vulnerabilities being exploited in the wild.
These vulnerabilities do not impact any other Ivanti products or solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the vulnerability can be found in this Security Advisory.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

We would also like to thank n3k from TIANGONG Team of Legendsec at QI-ANXIN Group for their contributions.

How to Avoid These Two Common Monthly Patching Problems

Tue, 25 Jul 2023 14:02:27 Z

It’s here — that time to patch your endpoints. Maybe it’s something you enjoy, but my guess is probably not. Patching can be a brutal task, and with many organizations still doing it manually, they’re spending more time and resources on patching than anyone really wants to think about.

Now, given the fact that you are going to spend all that time and resources on patching, you want to make sure it goes smoothly. No one wants to expend all that energy on patch management, only to find themselves in a tangled web of confusion and failures.

So, let’s make sure you don’t fall into these top two most common monthly patch problems:

Do your patches work?
Have you tested the patches in your environment?

Patch problem #1: Do your patches work?

It’s not uncommon for security patches and updates to simply fail. Sometimes, it’s because of a unique environmental issue. Other times, the patch itself is just bad.

It’s a good thing you decided to check that patch before deploying it blindly, isn’t it? But now that it’s failing, what can you do about that? Well, it depends.

Solution 1: Contact your third-party patch management company

If you use a third-party patching company to manage your patch updates, then they’re the first ones you’ll want to reach out to.

Although companies who manage third-party patching vigorously test the content they push out to their customers, they can’t test every use case scenario. You might have an edge-case set up — or your endpoint is handling the patch differently than the third-party patch company expected.

Whatever the reason, your vendor should always be your first action. It’s not only important to report the failure so you can get it fixed, but it’s helpful to that third-party patching company, too.

You might have found a systemic issue. You’re now the hero that alerted the company about a bigger issue they can rally around and fix quickly!

Maybe it's not systemic, but it’s enough of a common problem that you’ve now helped that company be better prepared for future calls from other customers. Not to mention, you’ve now given them a potential new use case scenario that can be added into their default testing protocols!

Solution 2: Check with your broader online community for possible patch problems

But what if you’re not using a third-party patching company? Let’s say that your organization manually sifts through these patches.

There are some great online resources to see if other organizations are having the same issues, too, including:

PatchManagement.org, “the industry’s first mailing list dedicated to the discussion of patch management.”
Various Reddit and Mastodon communities, such as r/sysadmin, infosec.exchange or any vendor-specific community.
Ivanti’s Patch Tuesday resources, designed to discuss what patches are being released and what can be anticipated from them.

Regardless of which avenue you decide to take, there are many options to pick from when it comes to identifying what went wrong with the failed patch.

Patch problem #2: Have you tested the patches in your environment?

Alright, you’ve decided to test every patch that comes through — excellent! You’re in the clear, right?

Nope!

You also can’t forget to test the patches you’re going to push out on pilot devices from across your organization.

Why, you may ask? It’s just a simple Chrome update after all. But is it really?

Introducing a new patch to your systems is no different than introducing a new pet into your home. Even if you have had a pet before and are confident you know how to take care of it, each will have its own reactions to rooms or people that your previous pet didn’t have.

Similarly, each patch has its own nuance of changes and updates. These can often contradict what your systems or programs are designed to do, breaking the environment or the patch’s efficacy, even if it passed your earlier testing.

Software companies don’t patch products with your systems in mind, after all. They focus on updating and patching their own applications, and they can’t focus on all use case scenarios.

Resolving the domino effect of patch problems

Having a dedicated pilot group of endpoints to test these updates on can ensure you aren't breaking systems, programs or even processes your company depends on. The domino effect of one small patch update can be detrimental to a company’s operations.

For example, in early April, Chrome rolled out a patch to address some bugs. But it also introduced new bugs, one of them affecting the printing capability out of Chrome.

What if your organization works in a print-heavy environment, where being able to print through Chrome is a must-have option for your operations?

In this way, testing out all patches — even small insignificant ones — can help you avoid catastrophe.

Remember, when something goes wrong, errors ripple through the initially impacted department or user. Most users and organizations don’t think about the downstream impacts a small patch can take if it’s not fully tested. After all, it’s often IT who cleans up the effects of a failure or outage.

So, when it’s time to patch, we want to set ourselves up for success. To do that, we find a solid variety of endpoints to test our patches on — to ensure we’re not setting up an avoidable downstream impact – and we're also ready with our community resources in case the patches end up failing.

You can also check out:

The Ultimate Guide to Risk-Based Patch Management for more on pilot group creation, prioritized patch management and other patching fundamentals.
The Security Insights podcast, which talks about the importance of asset visibility before simply rolling out a new patch.
The Patch Tuesday series, which provides all of our previous patching recommendations and warnings. Don’t miss the next one, taking place on the Wednesday immediately following Patch Tuesday every month!

Sometimes, the best patch management strategy is just simple good ol’ preparation. Good luck!

How to Start a Knowledge Base: Simple Yet Surefire Approach

Tue, 13 Jun 2023 18:36:14 Z

Early in my career, I made the jump from defense contractor to customer support agent for an up-and-coming IT Service Management solution provider. Being new to the team and industry, I felt completely out of place. After the initial product training, I was pointed to a lab computer and told to start diagnosing a set of customer issues. I felt completely lost.

Over time, with significant amounts of studying and leaning on my peers, I figured things out and eventually became one of the go-to analysts. The challenge with this method was that this vast empirical knowledge was locked in each analyst’s brain. When we lost an employee, we also lost their extensive expertise. Eventually, a knowledge base initiative was started.

Why investing time and effort in a knowledge base setup is a good idea

While there are some obvious reasons to have a knowledge base, like:

Speeding up the resolution time of customer issues.
Maintaining employee productivity and satisfaction at work.
Increasing analyst time-to-effectiveness.
Delivering consistent solutions.

There are a few not-so-obvious reasons to maintain it, such as:

Eliminating tribal knowledge

This is knowledge that's held privately by individuals with the intention of increasing their value, yet makes the organization vulnerable.

Improving the perception of your organization and products

Providing responsive, accurate resolutions can eventually lead to product satisfaction and customer retention.

Reducing IT support costs

If the knowledge base is tailored properly and made available to self-service users, whether through a web portal or a virtual assistant (chat bot), then issues may be resolved, without even requiring a call to the service deck.

This is sometimes called Level 0 support. Also, with analysts closing issues faster, their productivity increases, often eliminating the need for added headcount.

Where to start with setting up a knowledge base

Most modern service management solutions include an integrated, yet unpopulated, knowledge base repository that's ready to receive your valued input.

Even though there are many great knowledge base vendors out there, they may not be able to integrate with your service management environment. Also, while not a knowledge base solution, SharePoint offers a knowledge template that can get you started.

In addition to standalone knowledge base solutions, you may wish to consider populating your knowledge databases with packaged knowledge. These knowledge packs, offered by various companies, focus on topics like Windows, Office 365, Adobe, macOS and others. These concentrated, ready-to-use knowledge packs are highly valuable, assisting young IT support organizations with helping customers and quickly resolving issues.

While many organizations can utilize pre-packaged knowledge, most organizations also support unique solutions that require specialized knowledge. For an established organization, that's been providing support for quite some time, they'll already have valuable information in the form of past support tickets that can be quickly put into a knowledge base.

If the organization is new or a new solution has recently been released, engineering teams will be heavily relied on for initial support knowledge.

Nearly all modern IT Service Management solutions will have the functionality to initiate new knowledge articles directly from resolved and closed incidents. For example, Ivanti Neurons for Service Management has an action link ‘button’ that seamlessly moves key incident data into a new knowledge base template.

It also includes workflows to vet, test and refine articles before publishing. The challenge is that ticket resolution data is often not written in a repeatable step-by-step, easy-to-understand format.

Motivating busy support teams to convert and document past incidents into decent articles and to store undocumented data in a searchable repository is the challenge.

How to motivate your teams

The organization mentioned at the beginning of this blog had a wonderfully effective method of extracting information from analysts’ brains. It used the carrot and stick approach.

First, the stick. As part of everyone’s yearly goals, each support analyst was required to produce a set number of original knowledge articles per month. The target was typically 5–10 per month, which wasn't unreasonable based on our call volume. Not achieving the target number impacted one’s annual review. To ensure superior quality articles were being submitted, articles were first reviewed for duplication.

Next, articles were reviewed for accuracy by distributing them to other team members for technical review. Lastly, they received a final review before being made available to the targeted audience, whether it be analysts only or both analysts and customers.

Next, the carrot. Articles were tracked for usage and analysts were rewarded by the number of times an article was used to successfully resolve an issue. A decent IT service management solution with an integrated knowledge base should support this level of reporting.

Based on monthly usage, analysts whose articles were used the most during the month to resolve incidents received a substantial prize at the end of the year – some gifts were worth several thousand dollars.

Throughout the year, campaigns were created to motivate and remind the teams of the requirements and the rewards. The result was the creation of a sizable, growing and highly valuable repository of product-specific articles in a brief period.

However you go about motivating your teams to create knowledge content, it'll take a concerted effort and constant reinforcement. The rewards for your efforts will be worth it.

If you’d like to experience all the benefits a modern service management provider can offer, watch the full demo.

Ivanti Makes Key Connections at MWC 2023

Thu, 09 Mar 2023 17:35:35 Z

Ivanti made a splash at MWC 2023! Billed as “the largest and most influential connectivity event, where technology, community and commerce converge,” MWC 2023 took place in Barcelona and featured a whopping 85,000 attendees, including executives from top global companies, international governments and – of course – trailblazing tech businesses like Ivanti.

MWC is hosted by GSMA, an industry organization representing mobile network operators. Given Ivanti’s leading position in the mobile device space – with capabilities in mapping, managing and securing devices from cloud to edge – this was a prime opportunity for us to share what we’ve been working on.

The highlights are almost too numerous to recap, but we wanted to share a snapshot of how Ivanti made the most of MWC this year.

We kicked off the event with a welcome dinner for 30 attendees, including executives from several mobile tech companies. The dinner was hosted by Ivanti’s Günter Mayer, Vice President Carrier International and Apple GTM.

In total, the Ivanti team held more than 40 meetings with key executives from the mobile carrier ecosystem. This included meetings with Deutsche Telekom, Orange, BT, Swisscom, FreeMove Alliance, Vodafone, Swisscom, Telefonica, Google, Qualcomm, Nvidia, Everphone, EBF, Sector 27, S2E and many more, including key customers.

Ivanti held two broadcast interviews. One featured Chief Product Officer Srinivas Mukkamala and Global Vice President of Sales Engineering David Shepherd (who also participated in a panel discussion), and the other again featuring Srinivas along with Sally Fuller from BT.

Srinivas and Sally announced Ivanti’s partnership with BT’s EE group, which means that Ivanti’s technology will be offered to SMEs across the United Kingdom under the title “SME Secure UEM,” featuring Ivanti branding. With Ivanti SME Secure UEM, BTs customers can simplify their inventory, configure and manage mobile devices at ease and create profiles and enforce restrictions through security policies.

Ivanti’s Sal Viveros, head of Global Corporate Communications, met with top social media influencers and hosted briefings with Forrester and IDC to share Ivanti’s latest developments. This is all on top of top-tier media interviews that are sure to generate positive buzz in the days and weeks to come.

We know that the conversations we have at MWC make a difference, because this year we were able to announce a major partnership that was formed as a result of last year’s activity. This partnership, with Deutsche Telekom, includes a new joint solution.

We’re thrilled with the experience we had at MWC this year and look forward to the conversations and partnerships that will grow from our efforts there.

Take Care of Your Team: Improve Your DEX to Combat Digital Burnouts and Work-Related Stress

Thu, 08 Dec 2022 20:00:01 Z

The rapid digitalization of work environments means employees are obliged to work faster and better. Achieving this means businesses are dependent on having happy, healthy, productive teams.

With 69% of global knowledge workers now working remotely, it appears hybrid working is working. A recent survey of over 10,000 employees by Ivanti shows that 42% have a better work-life balance and 33% are more productive.

Having the right IT tools is essential for employees to work effectively in a digital environment. According to the Ivanti survey, 65% of employees and 71% of IT professionals said that they could be more productive if they had different tools.

It is the responsibility of the organization to ensure employees have the right equipment, training and support to be able to do their jobs.

When organizations deliver a positive digital employee experience (DEX), business outcomes are met. The survey found that good DEX improves employee satisfaction, increases productivity – on average job satisfaction boosts productivity by 31% – creates better collaboration and improves employee well-being.

The dark side of a negative DEX

However, when DEX is negative, productivity, morale and retention suffer. Nearly half (49%) of the workers surveyed by Ivanti consider the digital tools and environment provided by their organization frustrating. And, even more alarming, a quarter consider a lack of suitable tech to be a contributing reason for quitting their jobs.

Additionally, the omnipresence of devices and uninterrupted access to the Internet often make it difficult for employees to switch off. This has led to an increase in digital burnout.

Digital burnout occurs due to spending large amounts of time on digital devices. The demand to be permanently online is associated with high levels of tension, perceived expectations and discomfort – all of which can lead to work-related stress.

Evidence suggests that individuals experience stress when they find themselves unable to accomplish what is expected of them using technologies within a particular environmental context. In fact, the definition of work-related stress is “the imbalance between external demands and individuals’ capabilities and resources (tools) to meet those demands.”

According to the Health and Safety Executive website, work-related stress is a huge cost for organizations, causing the loss of over 15 million days of work, and costing UK organizations over £5 billion annually.

This is not just a UK phenomenon. The American Institute of Stress reports 83% of US workers suffer from work-related stress, which is a contributing factor to mental health conditions like depression and anxiety. Research in 2020/21 by the Health and Safety Executive found that work-related stress, depression or anxiety accounted for 50% of all work-related ill health.

Why organizations need to act on improving DEX

These facts highlight that it’s in the organizations’ best interests to protect their employees from work-related stress, not only for financial reasons, but morally and legally too.

The good news is, by taking the right steps to support employees and provide the right tools, organizations can significantly reduce the risks of work-related stress and digital burnout. It is vital for organizations to understand the factors that are affecting digital well-being and the steps that can be taken to maximize the well-being of remote employees.

It is important for organizations to realize that employee well-being and DEX are not mutually exclusive. Every time an employee uses tech, that is DEX in action, and whether that experience is positive or negative influences the employee’s well-being. Initiatives that improve DEX will help prevent stress, digital burnout and increase staff retention.

“Technostress,” defined by Craig Brod as “ineffective coping with technology that results in distress,” can increase as complex technologies are integrated. Research shows that technostress affects job satisfaction, organizational commitment and employee outcomes such as absenteeism and staff turnover.

How to deter digital burnouts

However, digital burnout is decreased by interventions that optimize technology, reduce documentation and task time and improve processes to enhance workflows. This means with proper use, adequate training and peer-to-peer support, work-related technostress can be reduced.

Organizations should aim to be proactive, instead of reactive, when preventing work-related stress and digital burnout. This largely relies upon supporting employees to be the best they can be, by providing them with the necessary tools.

With poor DEX cited as one of the main causes of resignation, organizations need to take a good, honest look at their DEX, to see where improvements can be made. Senior leaders must act now to ensure employee well-being and the digital employee experience are being prioritized.

How do you get started on the road to a great DEX? Check out our eBook to learn more.

How to Balance Security With DEX for a Critical Advantage

Mon, 31 Oct 2022 13:35:41 Z

Raise your hand if you enjoy being kicked out of the application you were working on for an unexpected security patch!

No one? We can wait …

Really, no one?

Okay, we figured. And we’re not surprised. Jamie Whalen, host of the Everywhere Workplace Podcast, recently sat down with Steve Brasen, Research Director for Enterprise Management Associates, to talk about the perceived conflict between Digital Employee Experience (DEX) and security.

Too often, people place DEX and security on opposite sides of the proverbial boxing ring. That’s understandable, but it’s also an outdated approach that misses a significant opportunity. Blending security and DEX can provide a major competitive advantage. They’re both critical – and even better together.

DEX

Remote workers have made their preferences clear, they want to work from the location of their choice. Bye-bye perimeters. Bye-bye cubicles. Many of them would even forego a promotion in favor of the opportunity to work from anywhere. They want seamless access, unwavering connectivity and the right tools to do their jobs well.

Addressing these needs is a significant part of ensuring a strong DEX, and we know that DEX is key to ensuring loyalty, productivity, engagement and employee satisfaction.

Security

Do you believe security is set up in direct opposition to that wish list for remote workers? Think again. Security wants the same thing that other remote workers want, for everybody to be able to do their jobs easily and securely.

The problem: some of the measures to achieve top-tier security can thwart seamless access unless the proper approach is deployed.

Why? The most successful security measures are things like “high-friction password management,” which, by their very definition, are as prohibitively difficult as possible to navigate. That’s great for security. Not so great for remote workers trying to get their work done.

This perception that security and employee experience are at odds ramped up during the pandemic, when so many businesses made an abrupt (and often not-so-thoroughly planned) shift to remote work. Security teams have been playing catch-up.

These teams are understaffed and overwhelmed – doing their best to prioritize and manage vulnerabilities, but it occasionally happens at the expense of access, leaving remote workers frustrated.

Remote control

Here’s a secret that shouldn’t be a secret at all: DEX and security aren’t at odds. In fact, good DEX improves security.

Why? Because a positive DEX generates compliance – and compliance comes naturally when security protocols are infused intelligently and seamlessly into the digital experience.

The trick, then, is getting that infusion correct.

When security protocols are developed and implemented outside the scope of a positive DEX, remote workers end up constantly trying to navigate security controls that are essential for the enterprise but can be incredibly cumbersome for them as users.

When there are many hurdles to jump through, employees are less productive at best – and inclined to seek workarounds to do their jobs without constant interruptions or long wait times for ticketing responses.

“When we’ve conducted surveys, we’ve found that the biggest challenge users have is actually trying to work with the security controls and not impacting their workforce products,” says Brasen.

This lack of internal compliance isn’t usually malicious; it’s seen as practical. Unfortunately, the risks are high.

Lack of compliance is the last thing security needs. When employees are outside a perimeter, working on various devices on various operating systems all over the world, security teams face a Sisyphean task.

“Take a scenario where a home worker is accessing business resources, using a VPN (virtual private network). They may also be using cloud hosted services, separate from the business," Brasen explains.

"And they submit a ticket to support saying that they're having a slowdown in application performance. Where does the IT administrator even start? Is the problem with the employee’s device? Or does the problem arise from the employee’s home WiFi? Or is the issue with the VPN or the cloud-hosted environment?”

The price of misalignment

Misalignment between security and DEX causes many headaches.

Lack of compliance clearly leads to massive vulnerabilities for the enterprise. While employee frustration is another major factor, there’s even more to consider. Steve Brasen notes that there’s a significant productivity loss associated with security barriers and systemic reboots. Lost work is a major problem and interrupted momentum is also costly.

These interruptions add up – with security teams spread thin and scrambling to react to a meteoric rise in security threats (especially ransomware), patches, slowdowns and disruptive reboots can feel constant.

How to move forward on the same team

The good news – security and DEX misalignment are not inevitable. Here’s how to move forward on the same team:

Track and manage DEX: you can’t improve what you haven’t measured. Technology can play a huge role in reducing the impact that security protocols have on employees.

For starters, it’s essential to track and manage DEX by truly understanding how users experience digital products and security protocols, and what kind of impact those elements have on the user.

Focus on experience: you’ve heard about SLA (Service-Level Agreements), but how about XLA? XLA is an Experience-Level Agreement. Service is focused on a process, but XLA takes outcomes and experiences into account.

No matter how strong your SLAs are, if the outcomes and value aren’t where it should be, the process should be reconsidered.

Embrace automation: automate, automate, automate. “Automated remediation should be implemented wherever possible to rapidly resolve issues before they impact user productivity,” says Brasen.

Automated remediation enables proactive management of digital experiences, which is significantly less disruptive to users than traditional reactive management.

Use intelligent security controls: rather than trying to control every threat all the time, use risk-based intelligence to focus on the most relevant and critical threats. This not only funnels your security resources to the right place, but also means security isn’t causing unnecessary disruptions to users for non-critical threats.

Again, security teams and remote workers want the same thing – for everyone to be able to securely and easily do their jobs. Automation, risk-based intelligence, and a focus on DEX can alleviate burdens on security, IT and the rest of your remote workforce.

Want to learn more about the importance of investing in DEX? Check out the full report and listen to the entire podcast episode.

At Opposite Sides of the Digital Divide: An Interview with Ira Wolfe

Thu, 01 Sep 2022 23:51:44 Z

In the late twentieth century, the concept of the digital divide entered our consciousness. At the time, the term referred to people who didn’t have access to a telephone. That is, the Haves in society had telephones. The Have-Nots didn’t. In the early part of the twenty-first century, the definition of the digital divide expanded to include people who didn’t have access to the internet, particularly those who had no access to broadband.

Those were the days.

The digital divide: not just for students anymore

Then, the 2020 pandemic struck. Many who, before, had landed squarely in the Haves category suddenly found themselves in the position of the Have-Nots. The subtleties of the digital divide made themselves known. This time around, employers stood on one side of the divide. Employees, who had been forced to become remote workers, stood on the other side of it.

It’s something that Ira Wolfe, President and Chief Googlization Officer at Poise for the Future Company, sees every day. During an interview with Jamie Whalen for the first edition of the Everywhere Workplace Podcast, Wolfe highlighted one of the fundamental problems facing the digital workforce today.

“Well,” Wolfe says, “Only 25% of […] the C-suite really identified workplace culture as a priority. So, if they’re not recognizing culture as a priority and employee experience is really the measure of that […], that’s a problem.”

Remote workers and the digital divide in the workplace

And technology stood at the center of that problem for the remote workers during the pandemic. It caught many, if not most, employees off-guard. They expected employees to work from home but didn’t provide them with the equipment to do it.

Or if they did (or do) provide employees with equipment, it’s not based on how it allows remote workers to do their job effectively and efficiently.

“They’re selecting technology because it’s gonna save money,” Wolfe says.

Employees aren’t having it. Right now, one out of four — 26% — of digital employees are willing to quit their jobs because of a bad digital experience.

Wolfe says, “You can’t afford to even lose one out of 10, but one out of four is pretty crazy.”

For those who don’t have the numbers handy, a recent Gallup article highlighted the cost of replacing an employee.

It’s two-and-a-half times the cost of the employee’s yearly salary. That means replacing a $50,000-a-year employee could cost at least $125,000 and maybe more. Some industry experts think the estimated cost to replace an employee is too low.

In all fairness, Wolfe admits that both employers and employees were completely caught off guard by the pandemic. But it’s unwise to think that the issue with the digital divide as it’s now manifesting is going to go away. It isn’t.

How to manage remote workers?

The implications are broad. Although the sudden switch from in-house employee to remote employee was jarring, many people found that they liked the situation once they got used to it. With gas at $5 or $6 a gallon, not having to commute and not having to be stuck in traffic (or at work) made people more willing to put up with a little bit of inconvenience.

But that willingness ends when employers tell employees that they have to buy their own equipment to do their work. Oh, and they have to figure out all the tech stuff related to their job on their own.

Employees are tired of being gaslighted when they bring a work problem to the attention of company bosses and nothing gets done about it. They know they can go someplace else to work if things don’t improve with their jobs.

Not only do they know that. They’re willing to do it now, and it’s not just with their current employers. All-around user experience is important for recruiting the right employees, too.

In other words, an employee isn’t just going to quit a job with a bad digital work environment. They won’t work for a new company with similar issues, either.

Wolfe explains it this way: “When I first went to somebody’s website, was I able to find the job? Was I able to apply easily? If it’s too difficult for me to log on to apply for a job, then I’m not gonna do it because I have a million other choices.”

Takeaways from the pandemic and the remote worker situation

Employees having options isn’t the only thing now facing modern employers. The labor shortage is expected to continue for the foreseeable future. While there may be a record number of new hires, problems exist in the workforce that aren’t so easily fixed.

For one thing, the pandemic drove many working adults over 55 into early retirement — about 3 million of them to be exact, according to a US Chamber of Commerce report.

A lack of childcare options and the number of people who started their own businesses as a result of pandemic-forced unemployment also contribute to the worker shortage — and to employers’ problems finding new employees to replace the ones who quit.

What is certain is that the old paradigm won’t work with employees any longer.

When Time to ROI Matters

Thu, 11 Aug 2022 20:43:15 Z

It is often the case with innovation that the return on investment is unpredictable or too long to justify an investment. In a recent study by MHI and Deloitte, "Supply Chain Disruption Fuels Investments in Technology," supply chain industry leaders identify the lack of a clear business case as the number one barrier to adopting innovations.

Across all eleven innovative technologies the study examined, the responses were the same.

Industry leaders are looking for solutions that deliver immediate benefit to the business, are easy to verify and are simple to deploy — without replacing entire infrastructures and workflows.

For over 30 years, Ivanti Wavelink has provided customers with precisely that: a way to leverage existing infrastructure to drive operational gains, first with terminal emulation, then with web and voice technologies designed to support mobile workers.

Now, Ivanti Wavelink is doing the same with our latest platform – Velocity – providing a seamless way to connect the next generation of innovative peripherals and solutions to existing infrastructure.

What is Ivanti Velocity?

Ivanti Velocity is the industrial browser at the center of Ivanti’s mobility enterprise application platform. Velocity supports Windows, Android and iOS operating systems. Over 35 mobile device manufacturers have validated the platform on more than 150 different devices.

Ivanti Velocity builds on 30 years of mobile development history, providing best-in-class telnet and web application rendering and a feature-rich solution of unique capabilities explicitly designed to address the varying business needs of front-line and mobile workers.

Velocity's unique capabilities

These unique capabilities were created to increase user productivity by reducing or eliminating time-consuming distractions and data entry errors.

Preserving existing enterprise systems

Velocity interfaces with your existing host and web-based applications. Add mobility without changing your WMS, ERP or other enterprise applications, extending the life and value of these powerful business systems.

Deploying across devices and OS

Running Windows 10 on a forklift-mounted tablet? No problem! With Velocity, your apps can be deployed across different devices, optimized to fit different device screens and keyboard configurations. The same applications will run across Android, Windows 10 and iOS devices.

Running multiple sessions

You can run multiple sessions in Velocity with a single tap. Workers multitask, and so can your mobile app. You can even multitask between TE and web sessions.

Kiosk mode

Unlike consumers, mobile workers require dedicated tools to perform their jobs. Unfiltered access to internet sites, games and other distractions reduces productivity and increases error rates, so Velocity supports a locked-down kiosk mode.

In kiosk mode, the mobile application consumes the entire display window and prevents users from entering alternate URLs or accessing restricted device-level applications such as games and settings.

Address bar control

Velocity can hide the address bar to provide more application display area.

Taskbar control

You can hide applications from the taskbar or add other frequently used applications.

Custom keyboards

Consumer browsers offer very little when it comes to keyboard data entry. With Velocity, you can design your keyboard layouts to fit mobile workers. These keyboards can also be unique for each page if desired.

Need larger keys for gloved workers? Does your application require special function keys, or do some fields require a small set of alternatives? No matter what your keyboard needs, Velocity makes it possible.

Workflow modifications

Making even minor changes to your enterprise applications can be risky and time-consuming, but it’s often necessary to continue to improve productivity and reduce supply chain errors.

With Velocity, you can make mobile device-level changes to any workflow without enterprise application modifications, so that you can quickly improve workflows with little to no risk.

Barcode reader control

Velocity has supported barcode readers from the beginning. Whether your mobile device has an integrated scanner, imager or camera, Velocity allows you to exercise these devices at the l hardware level.

You can improve barcode performance and reduce errors by turning on only the required symbology at the prompt level. You can also require UPC barcodes to be scanned for item numbers and Code I 2 of 5 for locations, reducing the likelihood of missed reads or scanning the wrong barcode.

Data parsing

Do your part numbers include additional information? Do you use lot numbers or serial numbers? The barcodes we use often contain more information than we need.

Velocity resolves this common problem by allowing you to parse or format scan- and keyboard-entered data before submitting it to the server, so there’s no need to make host application changes or build custom mobile applications.

How wearable computing enhances productivity

Mobile computing is a journey; with each technological advancement, opportunities are created to enhance mobile worker productivity and accuracy. One such opportunity is in wearable computing, a subset of mobile computing.

Adding the latest wearable peripherals to existing enterprise applications is what Velocity is all about.

Imagine the time savings from not having to look away from the task at hand to be instructed on the following action.

One example of adding wearable peripherals to existing infrastructure is how Six15’s ST1 head-up display (HUD) uses the Ivanti platform for plug-and-play vision picking. Together, Velocity and Six15 drive a 15-25% increase in pick rates, 90% faster onboarding of new employees and greater employee satisfaction – all with an ROI in months.

Plug and play with Six15's ST1 head-up display and Ivanti Velocity

Six15 makes industrial peripheral HUDs for mobile computers by Zebra, Unitech, Lexicon, Honeywell, Samsung, Panasonic and others. Any customer using Velocity can add vision picking to their existing operation in a few days and see step gains almost instantly.

To set up vision picking, all you need is the log file from the Velocity app or the Velocity console project file and a brief description of the workflow. Based on the workflow, you can display relevant screens in the HUD, so that essential information appears in the worker’s field of view.

View from Six15's ST1 head-up display running on Ivanti Velocity

The elegance of the Ivanti approach guarantees that the underlying data is secure, leaving the business process untouched.

A cost-effective solution to achieve your ROI goals

With over 12 million Ivanti Velocity users worldwide, chances are high that you are already using Velocity or a prior iteration – making integrating wearable technologies easy.

Combine the Six15 HUD with Ivanti Velocity to achieve your expected ROI in weeks. Six15's proven integration and deployment method does in one to two weeks what historically took several months.

Whether your business manages the flow of goods, creates hands-free mobile workflows or improves existing business processes, wearable technologies are a cost-effective way to improve mobile worker productivity and increase bottom-line profits, helping you gain a quick return on your investment.

Ivanti Sessions You Shouldn’t Miss at Gartner Security & Risk Management Summit 2022

Thu, 02 Jun 2022 13:36:00 Z

Ivanti will be exhibiting at Gartner Security & Risk Management Summit 2022 from June 7-10 in National Harbor, MD. We are excited to offer attendees a slate of exciting presentations directly in our booth (#733) at the event.

These sessions offer event attendees the opportunity to learn about the state of the cybersecurity landscape, Ivanti’s product portfolio and more from Ivanti’s thought leaders and product experts.

Be sure to add these sessions to your itinerary!

Garnter Summit 2022: Ivanti sessions for Wednesday, June 8

Time	Topic	Presenter
10:00 AM	Evolve to Risk-Based Vulnerability Management With Ivanti	Robert Waters Sr. Product Marketing Manager, Endpoint Security
12:00 PM	Ivanti On-Premises Security Offerings: Endpoint Manager + Security Controls	Steve Feldstein Sr. Product Marketing Manager, UEM
2:00 PM	Addressing Competing Mandates and Mission Goals: IT Modernization, CDM, Zero Trust, EO 14028, DHS BOD 22-01 & OMB 22-09	Bill Harrod Federal / Public Sector CTO
4:00 PM	Take Control of Your Everywhere Workplace With Ivanti Neurons for Unified Endpoint Management (UEM)	Charlie Rasch Sr. Technical Marketing Engineer
6:00 PM	Business Needs Are Changing. Is it Time to Review Your Remote Access Strategy?	Paul Dahn Systems Engineer

Garnter Summit 2022: Ivanti sessions for Thursday, June 9

Time	Topic	Presenter
10:00 AM	Vulnerability Remediation: Compliance Through Patch Management and Configuration Healing	Michael Mitchell Vice President, Americas Sales Engineering
11:30 AM	Ops vs. Security: Is it Security or Reliability That Matters Most?	Chris Goettl VP of Product Management, Security Products
1:00 PM	We Have Trust Issues. You Should, Too.	Rob Lesieur Product Marketing Director, Network Security
2:30 PM	The Zero Trust Approach to Modern Endpoing Management	Farhan Saifudin Principal Solutions Architect – Federal

What's New in Neurons for Secure Access 22.1.3?

Fri, 29 Apr 2022 19:57:50 Z

We are proud to announce the release of version 22.1.3 of Neurons for Secure Access. New for this version, we have added the following features.

Configuration authoring

Centrally create and store common configurations for your Ivanti Connect Secure gateways. Configurations stored in nSA allow you to easily “lift and shift” common configurations from one gateway to another.

Multi-node configuration templates

Create and manage configuration templates for common shared features, assign configuration templates to multiple gateways simultaneously and reconcile configurations between nSA and assigned gateways.

Gateway lifecycle management improvements

Track gateway upgrades easily with new four-stage upgrade progress tracking, and deploy upgrades to multiple nodes and/or clusters simultaneously through the new version management page.

Neurons for Secure Access 22.1.3 FAQs

Where can I find the release notes and nSA documentation?

All Neurons for Secure Access documentation can be found in nSA after signing in by clicking on Help > Go to nSA Documentation.

Does the deployment of configuration templates to gateways initiate service restarts?

None of the current common feature configurations cause service restarts when applied to gateways.

Is it possible to override applied configuration templates?

Deployed templates on gateways can be edited locally by admin users. The reconciliation button from the configuration template page will revert the configuration to the template stored in nSA.

Is it possible to apply multiple configuration templates to a single gateway?

No, gateways can only have one configuration template applied at one time. To apply a different gateway configuration, you will first need to de-select it from the old template, then add the gateway to the new template.

NOTE: Configurations created on gateways by nSA are not deleted when the gateway is removed from the configuration template. This is by design, as nSA will not delete configurations and can only reconcile active configuration templates.

What are the minimum gateway versions required for the gateway to be eligible for multi-node/cluster upgrade?

ISA/ISA-V Series – 21.12R1-145 and higher
PSA/PSA-V Series – 9.1R13.1-16857 and higher

NOTE: Gateways below the required minimum versions can still be upgraded individually from the gateway overview page.

Ivanti Workspace Control 2022.2 – 10.9.0.0 Is Now Available!

Tue, 26 Apr 2022 01:03:29 Z

We have just released Workspace Control 2022.2 (10.9.0.0), which contains one major new feature, several compatibility updates and bug fixes.

We’ve also included several workflow improvements based on ideas submitted via the Ivanti Community.

New features

Audit trail – versioning

While adding details to the audit trail, our engineers added another great feature: an export button. Using the export button allows the administrator to create a building block of the configuration as it was available before the object was changed. This way, any changed object can be reverted to its previous state, even if the object was deleted. For the past several years, the audit trail has already stored the XML data from before and after the change. This means that we have a full version history of configuration objects, and you can now export any previous version to a new building block.

User Voice — Ivanti Ideas

We are continuing to review and respond to your feature enhancement requests. Thank you for continuing to submit these requests and for voting on the requests that others have previously submitted!

These ideas and votes act as input to our roadmap. In addition to including requests that received a lot of votes, we also try to include some quick wins.

Please refer to the release notes for details on all of the User Voice feature requests and other feature enhancements that are included in this service update. The following are a couple of the more noteworthy additions:

Audit trail — details

Until this version, the audit trail never showed the exact changes applied to an object in the Workspace Control console. An enhancement was made by adding a “Show details” button to the audit properties.

When clicking the “Show details” button, a new form appears, and the changes are visible. Workspace Control compares the old XML data with the new XML data. Changed data shows up in blue, deleted data in red, and configuration data that was added shows in green.

Diagnostics — logoff events

When troubleshooting issues in a user session, the user event log is the common first place to start. This log only shows what happened during the logon of the session. Starting with the 10.9.0.0 release, logoff events are also shown in the user event log.

Enhancements and improvements

Security — authorized owners

In our January release, we added authorized owners to our application security portfolio.

The feature is based on NTFS ownership and enables administrators to allow applications to be started only if the configured NTFS owner matches the file owner of the executable. A vanilla Windows OS can now be quickly secured by simply enabling authorized owner security, because any executable shipped with the operating system installation will be owned by one of the owners listed below:

SYSTEM
BUILTIN\Administrators
%ComputerName%\Administrator
NT Service\TrustedInstaller

There are, however, some exceptions. Applications like Microsoft Teams that install as the logged-on user will not match the authorized owners rules. The teams.exe NTFS file owner will be the logged-on user and therefore will be blocked when the user tries to start the application.

With our April 2022.2 release, it is now possible to overrule the feature with basic application security. This means that, for example, Microsoft Teams or OneDrive can be started even though the NTFS ownership doesn’t match the authorized owners rule list. Also, allowed processes can be blocked now by adding an application security rule. We will adjust this feature in an upcoming release by implementing the customer feedback we receive.

More information is available in the administration guide.

Export to CSV

Over the past several releases, we have standardized the export functionality and, as a result, it is easier to create reports based on logging data or to create documentation based on list views. In this release we added export functions to the following nodes:

Diagnostics > Logon Performance
Administration > Relay Servers

Export to TXT

Maintenance tasks have been enhanced with export options. This allows the results presented in the Workspace Control console to be extracted and used for further analysis. Data from the following two maintenance tasks can now be exported:

Search for non-existing users
Verify SIDs for groups and users

Compatibility updates

Drive and port mappings — Fast Connect

Issues have been reported in Windows 10 and Server 2022 where the feature “Fast Connect” might not always work as expected. In multitenant environments, the incorrect user account might be used to map a drive, which then could end up in locked user accounts. This can be solved by applying the following registry change.

Key	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\RES\Workspace Manager
Value	AddDeferFlagsDuringFastConnect
Type	REG_SZ
Data	Yes

Tracing – default name

After installing Ivanti Workspace Control, the default trace file name was still RESTracelog. The default name for a clean installation of the 10.8.0.0 version of Workspace Control will be IWCTracelog.

Operating system support

For several years, since Workspace Control version 10.4, Microsoft Windows Server 2012, Windows 7 and Windows 8.0 were supported only as best effort. Since Workspace Control 2022 version 10.8.0.0, the specified operating systems are no longer supported, and with Workspace Control 2022.2 version 10.9.0.0 the installation or upgrade of Workspace Control on machines running these operating systems will not be possible anymore.

Integrations – VMware DEM Flex configuration INI files

We implemented the import functionality of Flex Framework Configuration INI files many years ago in the product. Lately, we have seen several VMware Dynamic Environment Manager (DEM) customers moving back to Ivanti Workspace Control. To serve these customers better we optimized the code to be fully compatible with the import of Flex configuration files generated by the VMware DEM Application Profiler. Flex configuration files can now be converted into user settings in just a few clicks.

More information is available in the administration guide.

Integrations – Ivanti Neurons for Edge Intelligence

Since version 10.5.0.0, the Workspace Control console was capable of showing an integrated overview of Ivanti Neurons for Edge Intelligence. This functionality is still available, but the integration will be removed with the release of 10.9.0.0. Ivanti Neurons for Edge Intelligence and our other Ivanti Neurons offerings will still be available as a separate standalone Ivanti product. Please visit our demo videos page for more information.

Integrations – Remote Assistance

Prior to this release, starting Remote Assistance for a session running on Windows Server 2019 and higher would present the administrator with a user selection box. Microsoft now allows the passthrough of the session information. Ivanti Workspace Control 2022.2 now integrates with this new functionality and seamlessly connects to the selected session.

Remote Workplace = Higher Risk for Data. Here’s What to Do.

Mon, 18 Apr 2022 20:39:31 Z

The world is getting used to the idea of a permanent shift to remote and hybrid work. The Everywhere Workplace means your employees are, well, everywhere: some might be in the office, while others come and go, others work from home, and still others are part of the rising trend of digital nomads.

It’s a good thing that we’re growing comfortable with the idea of employees being everywhere.

But there’s a catch: that means our data is everywhere, too.

There are three key areas of data across the enterprise:

Data in use is active data that is constantly changing.
Data in motion is data that is moving across the network.
Data at rest is inactive data.

Historically, data in use was passively stored on-site. The Everywhere Workplace has pushed data distribution to a new level. Data is no longer being passively stored but is instead actively moving through a complex IT infrastructure. Enterprises are struggling with the complexity of managing vast amounts of highly distributed data – and that’s on top of current supply chain disruptions plus a rampant increase in data breaches and cybercrimes. This adds up to a serious privacy and security problem. Plus, new regulations have emerged, both in the US and globally, as governments act to increase security awareness and best practices.

It's no wonder that IT leaders are feeling tremendous pressure. It is becoming increasingly difficult to ensure that data in use is safe. Enterprise security is dependent on the actions and trustworthiness of end users, who are no longer protected behind perimeters.

What can be done? Here are key practices to implement right now to protect enterprise data in the Everywhere Workplace:

Track and report data access to detect suspicious activity and potential threats. Ensure that those who have access to the data actually need access, and track who, where, why and when access is granted.
Establish authentication measures including user authentication, strong identity management, and well-maintained permissions for profiles across the organization.
Ensure that highly secure data never leaves its location, whether on-premises or in the cloud, no matter who is asking.
Deploy endpoint management to ensure that every device, everywhere, is mapped and regulated at all times. This also means locking down the endpoint OS and keeping it and all applications updated.
Invest in a patching solution that offers a clear understanding of what is being patched, along with testing and management that includes rollback.

All of this can be accomplished while preserving the user experience and avoiding inhibiting productivity. After all, nothing inhibits productivity quite like the downtime and issues associated with a breach. Security of data in use is about risk mitigation. In today’s Everywhere Workplace, the risk level is extremely high. It’s imperative that enterprises implement effective processes and technology solutions to reduce the risk to an acceptable level.

Critical – and Tapped Out. Just-Released Survey Reveals How IT Departments are Really Feeling in this New Landscape

Mon, 20 Dec 2021 13:00:00 Z

This gives new meaning to the term “wired and tired.” A brand-new survey from Ivanti finds that IT professionals have never been considered more critical to a company’s operations and success, and yet in spite of – or perhaps because of – that pressure, they’re facing a mountain of obstacles and unrelenting fatigue.

Double Whammy

As we all know by now, the pandemic rapidly accelerated digital transformation in businesses around the globe. This abrupt shift condensed years of IT logistics into a matter of months – or even weeks. And that’s not even the half of it. IT departments were tasked with not only managing a lightning-speed shift to overall operations, they also had to help support the widespread shift to remote work. Suddenly, HR and finance and every other team interacting with sensitive information was doing so not from behind a LAN and firewall but from couches all over the world.

Meanwhile, the labor shortage hit IT hard. That has meant that not only is IT being asked to do much more, they’re being asked to do it with fewer resources.

What does that mean for IT departments, and the business landscape as a whole? The survey results speak for themselves.

According to the survey, the top two challenges organizations face today are keeping up with digital transformation (32%) and keeping talent in technical roles (26%).

And while IT departments are receiving a lot of theoretical support, with 61% of respondents reporting that IT is viewed as critical to an organization’s growth and business strategy, 72% of respondents reported losing team members, with 41% of respondents citing a high workload as the reason for this extreme attrition rate.

Other reasons included:

Unrealistic expectations placed on the team (34%)
Lack of executive support (32%)
Remote work was not a possibility (28%)
Executive hesitancy to adopt automation (26%)
Lack of critical technology to effectively do their job (24%)

Translation: IT departments are being asked to do more than ever, but it’s harder than ever to get their jobs done. That, of course, is a brutal combination.

The Solution

What can help IT get on top of their workload and propel the business forward despite losing team members? In a word, automation. In the survey, two-thirds of decision makers (67%) reported that they accelerated their plans or increased adoption of automated IT service offerings due to the pandemic. And yet, only 1% of decision makers have actually completed their adoption of automated services.

That leaves 99% of organizations rutted in manual IT operations more than 18 months into the pandemic. And it’s not for lack of results when organizations do automate. The majority of respondents reported that automating IT services saves the IT department between one and eight hours for every single service request. For organizations with more than 50% of their IT services automated, the time saved per service request leaps to an eye-popping 16+ hours per service request. You don’t need to be a statistician to see how that would add up.

Of course, simply identifying automation as the solution isn’t enough. You have to get there. That’s where a cloud-to-edge, comprehensive, hyperautomation platform like Ivanti comes in. The workloads and pressure are only going to increase, and companies that will thrive in – not just survive – this new digital business landscape are going to be those who embrace the shift and make the investment in automation sooner rather than later.

Ivanti surveyed 250 enterprise IT professionals across North America, APAC and EMEA from August to October 2021. For more on the survey, click here.

Be the Bike: An ENVISION Mindset

Tue, 30 Nov 2021 20:15:47 Z

Ivanti is a dynamic company that thrives on team selling and continuous innovation on our platform, services and offerings.

Because every customer engagement or selling motion involves a variety of teams contributing their part, we need to always explore deeper ways to help the orchestration process while focusing on liberating everyone’s potential and expertise as we maximize our own. Our Digital Strategy and Innovation team through our ENVISION program’s best work is done when we bring cross-functional groups together and work through the stories that speak to our customers' deepest needs, both logically and emotionally.

Our group blends together strategy, design, IT architecture and innovation with sales acumen to deliver industry-leading solutions and stories that our customers don’t see from any other vendor or partner. We take what, in another company, would be a blend of many different teams creating a fancy Powerpoint presentation and blow it out into a fully-functioning experiences. Our team’s work aims to engage, provoke, inspire, and drive confidence in our customers to budget to accelerate their digital transformation journeys. While we win business for the company, we we don’t do it alone. Much like how Steve Jobs said that the consumer needs to be shown what they can’t live without, our team shows our customers what they can’t afford to do without, and how to succeed. It’s an exciting place to be!

We achieve this by executing a concept we call “be the bike” which we use as a reminder to keep our hearts and minds open to working together in a unified effort across all stakeholders. The phrase came about from this image:

This is how things appear when we're not looking for opportunities to partner together: A disjointed array of shapes that mean nothing.

But with a change of perspective, it's possible to see a new way of seeing "the same old thing" as we've never seen it before.

Much more satisfying. Much more rewarding. More possibility, more diversity and inclusion opportunities.

Be the Bike spirit is completely us, our ENVISION program and how we do the best work of our careers.

It is one of the leading personality traits of our team as we bring amazing future state visions, strategies and value propositions to life for our customers to solve some of the most complex challenges facing their businesses today.

We don’t have all the answers but being inclusive, empathetic and open to candor and feedback, we will create a better together differentiator for Ivanti and our customers.

Product Newsletter November 2021

Mon, 29 Nov 2021 20:22:07 Z

Product updates and releases covered in this newsletter:

Ivanti Neurons for ITSM and Ivanti Neurons for ITAM
Ivanti Neurons for Governance, Risk & Compliance (GRC)
Ivanti Voice
Ivanti Neurons Hyperautomation Platform

Ivanti Neurons for ITSM & Ivanti Neurons for ITAM

It’s time to get ready for the upcoming Ivanti Neurons for ITSM and Ivanti Neurons for ITAM 2021.4 release with cloud deployments scheduled to begin rolling out in early December. This new release delivers several enhancements such as visual warnings when another analyst is editing the same record for Incidents, Service Requests, or other Business Objects. You’ll also want to see the new accessibility enhancements in the UI and barcode reader functionality to improve the user experience. And do check out the governance and compliance improvements with new auditing, logging and reporting capabilities for data access events.

Learn more about the new release by viewing the “What’s New” session for Ivanti Neurons for ITSM and Ivanti Neurons for ITAM. You’ll also get an early peak at what’s coming in 2022, including Ivanti Neurons based automatic ticket classification as well as further Ivanti Neurons integrations. Stay on top of the 2021.4 release dates and other updates by checking the Ivanti Community and the Cloud Change Calendar. When available, you’ll be able to download the 2021.4 release for on-premises deployment from the Ivanti Community here.

Find more Service and Asset Management documentation in the Product Documentation section of the Ivanti website.

Ivanti Neurons for Governance, Risk & Compliance (GRC)

An effective GRC solution should not only help you manage your regulatory and contractual compliance, but actually assist you in aligning your cybersecurity budget with the real risks your organization faces. Join us on December 2^nd to hear from leading GRC experts on how you can manage risk proactively to minimize chances of security breaches, attacks and data theft.

Reserve Your Spot

Ivanti Voice

Ivanti Voice release 2021.3 is now available. Ivanti Voice integrates existing phone infrastructure with your Ivanti Neurons for ITSM environment for intelligent call routing, integrated voice response, voice self-service, screen pops, and call management functionality. Ivanti Voice helps your team increase first call resolution rates and realize better call handling to further improve customer satisfaction.

The 2021.3 release includes several quality improvements, along with important security fixes as well as customer-requested features such as the ability to hit ‘enter’ after typing the number into the integrated toolbar, validation of licenses upon import and more.

Learn more about this new release and other updates by checking the Ivanti Community.

Ivanti Neurons Hyperautomation Platform

Ivanti Neurons augments IT teams to proactively detect and resolve issues and security vulnerabilities to provide better employee experiences and business outcomes. The latest Ivanti Neurons 2021.4 release provides capabilities to further improve operational excellence, security, and the employee experience such as:

Find everything with minimal footprint
Discover and inventory Chrome OS devices
Improve visibility into Edge and Firefox Browsers
Enhanced security with Qualys integration
Proactively manage service disruptions

If you have not already, please check out the Momentum Webinar to learn more about the new capabilities.

A New Era of Software Asset Management

Thu, 18 Nov 2021 13:00:00 Z

Do you remember when all applications were on-premises applications? Do you remember quarterly BSA (The Software Alliance) audits and press releases that identified companies for being out of compliance? Do you remember when big software manufactures were in the news because they were auditing school districts for software compliance? Have you read about any of this recently? Probably not.

The software landscape for most companies has changed drastically in the past 5 years. Five to ten years ago approximately 70-80% of all applications installed were on-premises applications. Today, you can flip that upside down and 70% of all applications are SaaS based. As a result, the licensing models have also changed. Previously, on-premises applications were predominately licensed per computer. Yes, there were other licensing models such as concurrent and named user but for the most part it was all about what was installed on a computer. Today, SaaS applications are mostly subscription and are based on the number of users consuming licenses.

Sometimes, a user is limited to a specific number of devices with which they can use the software. TV streaming services such as Netflix that only allow you to watch on a specific number of devices follow such a model. In addition, in the SaaS world compliance is typically not an issue because most SaaS applications prevent you from using more licenses than you have purchased. Compliance is built into the application. However, there can still be compliance issues when users share accounts across organizations. For example, imagine you have 100 users in the US using a set of credentials during working hours and then use those same 100 credentials for users in Japan during their working hours. That would be a compliance issue!

The changes in software delivery and licensing models have also changed how we think about Software Asset Management (SAM). In the old days it was all about compliance. Sure, we cared about usage data associated to those on-premises applications, but the primary reason people used SAM tools was to ensure they were safe or could pass the dreaded software audit. Customers would shake in their boots if a major software manufacturer called them to initiate an audit. Compliance is still important if you have on-premises applications, especially expensive data center applications such as Microsoft SQL Server and Oracle Database licenses. However, the true value of SAM today is monitoring the usage of your SaaS-based applications to ensure you are not overspending.

Often when companies are buying subscription licenses for a SaaS based products, they must make an educated guess as to the number of users that will be consuming that application. In most instances customers buy too many licenses! This is sometimes driven by price discounts applied only to larger numbers of licenses bought together. It’s easy to be lured in by the seemingly attractive pricing only to buy more licenses than you need. Over time, customers need a method to track the true consumption of these licenses.

This is where new SAM tools come into play that allow a customer to track SaaS application usage consumption. The ability to compare your total number of subscriptions to what is being consumed is critical. Let’s imagine you are buying a CRM SaaS application and the subscription is $100 a month per user. You acquire 500 subscriptions, which is an annual cost of $600,000. Is that a good deal? It’s hard to say. Now imagine that you have a tool that tracks the usage of this SaaS application and after a year you notice that you are only using 390 licenses. You realize that you could be saving $132,000 a year for just one of your SaaS applications! If you don’t have a SAM tool that can track this sort of usage, you might well be leaving a lot of money on the table.

At Ivanti we have the answer for the new era of Software Asset Management. Ivanti Neurons for Spend Intelligence provides exactly this kind of capability. Schedule a demo to learn how Ivanti can help you avoid leaving software license money on the table.

Also, check out our recent webinar, produced in partnership with ITAM Review, in which we explore this new era of software asset management and how a solution like Ivanti Neurons for Spend Intelligence can make all the difference in understanding and optimizing your software assets.

Remote Work is Here to Stay. Learn How Ivanti Can Help Take the Pain Out of It.

Wed, 03 Nov 2021 22:18:05 Z

The Reality of Today’s Threat Landscape

Today many enterprise businesses suffer from security attacks but don’t understand how to protect their applications from being exposed. The most common attacks today are simple to execute such as a SQL injection, network Distributed Denial of Service (DDoS), Cross Side Scripting (XSS) and more. These are common attacks that can be mitigated by setting up a security framework to protect enterprise assets. Having the right security measures in place can frustrate bad actors and force them to attack elsewhere.

With the threat of attacks rising and the threat landscape evolving, security admins are putting multiple security products in their network. This is a common strategy especially when enterprises come together through mergers and acquisitions. Many enterprise organizations will work with multiple security vendors, consequently, applications across company segments can be exploited as security rules may vary.

With the pandemic still affecting our daily lives, many employees continue to work remotely outside of their usual offices. Remote work has had the unintended consequence of negatively affecting security due to a more relaxed view from employees of its importance. Now, users have the freedom to navigate to any website without the constraints of built-in security solutions, or the feeling of having someone looking over their shoulder in the office.

Remote work has many advantages, but the risk of cyberattacks needs to be considered carefully. Understanding the security risk of remote working can be alarming both for security administrators and users alike.

What Can Security Admins Do?

There are many different security platforms available in the market and the Ivanti Virtual Application Delivery Controller (vADC) offers a gamut of security features to protect users regardless if they are onsite, hybrid or remote. The vADC solution offers features such as Web Application Firewall, DNS Application Firewall, DDoS, reverse proxy and more. Our Ivanti Web Application Firewall offers a significant advantage amongst other vendors as it offers a complete solution to web application deployment. The Web Application Firewall runs on top of the vADC solution with Traffic Manager and Services Director/Analytics. These three components create a comprehensive approach to Web Application deployments.

Web Application Firewall (WAF) Security from the vADC platform is a perfect combination to protect against cyberattacks. With Ivanti’s WAF solutions, security admins have the ability to protect user data stored within a compromised application. With WAF part of the Ivanti security portfolio, it provides a seamless combination to protect application from unwanted attacks.

Well known attacks like a DDoS or a simple dictionary database attack can exploit and destroy data. Consequently, SQL injection attacks have become a common attack over years as shared practices are followed by many developers. Because developers tend to follow the same procedures throughout the development lifecycle, mistakes can be missed and exploited by threat actors.

Ivanti WAF offers compressive protection against many types of application attacks and threats. It is easy to deploy and is a very reliable solution for enterprise application deployments. Ivanti WAF delivers scalable application security for well-known apps and custom third-party applications. The Ivanti WAF solution also offers the protection of the Top 10 OWASP Security Vulnerability and common application attacks such Cross Site Scripting (XSS), Sensitive data exposure (CC Credit or SS exposure), components to known vulnerabilities attacks and more.

Learn more about Ivanti Virtual Application Delivery Controller and Ivanti Web Application Firewall here.

Co-Existence: Using Legacy VPN with Neurons for Zero Trust Access through the Neurons for Secure Access Platform

Fri, 29 Oct 2021 18:35:19 Z

There are three aspects of co-existence to discuss. The gateway deployment co-existence, the end user workflow co-existence, and the administrative management co-existence. We will walk through all three of these aspects.

The use cases for nZTA are fairly complete. nZTA will meet the needs of most users for resource access. It permits automatic split-tunneling access to many different hosted or cloud-based resources. Not just HTTP(s) based apps, but also different common protocols, like RDP and Terminal Services. If needed, it can give access to subnets or common networks. And all access is permitted, or denied, on granular, real-time posture assessment. That said, there are edge cases, sometimes vital ones, which nZTA has issues meeting. And this is where ICS comes into play, with gateway deployment co-existence.

The most common use case for ICS, which nZTA does not meet, is the basic “Contractor” access. This assumes that the admin is not able (or willing) to install a connection client on the contractor’s device. Since nZTA requires the end user have a certificate installed on the device, to complete a mTLS handshake before connecting to any gateway for resource access, this limits the ability to deploy nZTA where the user must access via a clientless access method.

In the above diagram, the Secure Application Access is only permitted after an mTLS handshake occurs. This ensures that nZTA Gateways remain hidden from general public access, even though they exist on the public internet. They act as a default deny firewall, only permitting communications from an end user who can complete the mTLS handshake. This use case, of course, cannot be done via a clientless connection. So, for this use case, the admin may need to stand up an ICS gateway next to an nZTA gateway to permit this type of access.

The second common use case is during a transition between ICS to nZTA. This requires the end user workflow co-existence. The admin may not want to transition 100% of users to 100% of nZTA access overnight. They may look to isolate some resources or users and bring them into the nZTA deployment slowly. This requires that not only can the Ivanti client make connections to both nZTA and ICS gateways, but it also requires these connections are able to co-exists at the same time, actively. Meaning that a user can connect to both types of deployments at the same time and access resources through both deployments at the same time, without taking any action on the user side. This ensures that an nZTA deployment can be brought online at the speed defined by the admin, with full flexibility in how and when the transition happens.

Lastly, the administrative co-existence. Using the Neurons for Secure Access (nSA) platform, the administrator can bring ICS appliances into their deployment alongside the nZTA deployment. nSA provides the same aspects of gateway visibility and management that nZTA provides, from the same administrative interface. This allows the full deployment to be managed from a single point, regardless of which kind of appliances are being deployed, or where they are being deployed.

Employee Center Stage: Liam Ryan, Ivanti’s New Vice President of Sales, APAC

Thu, 28 Oct 2021 13:01:01 Z

I am thrilled to announce Ivanti’s new Vice President of Sales in the APAC region, Liam Ryan. Liam brings a wealth of experience to Team Ivanti with over 20 years working in various positions in the IT industry. Liam was previously the Vice President of Ecosystem for Infor Global Solutions in Asia Pacific and India. Sydney, Australia is Liam’s Everywhere Workplace where he enjoys playing golf, football and listening to live music.

I am so excited to welcome Liam to the Ivanti team!

What is Liam’s vision as VP of Sales in APAC? Let’s find out.

Tell us about your past roles and experience.

Liam: Most recently, I ran the Ecosystem business at Infor across the Pacific, South East Asia, India, Greater China and Japan Asia Pacific regions, driving a very successful alliance and channel partner strategy and growth business. Prior to Infor I headed up my own business, selling and implementing financial software applications to various sectors.

Over the course of my career, I have worked in executive leadership positions in the IT industry, but also periods of my career have been as a user, in implementation services, as a channel partner, presales (solutions consulting) and sales. This broad and diversified experience gives me deep insight into how together, as “One Ivanti”, we will collaborate to create superior value for the company, our customers and our people.

What is a typical day for a VP of Sales?

Liam: Ideally? Lots of face time with our people - customers, partners and the Ivanti team. With Covid and the ongoing lock downs across most of APAC, this has been challenging these last eighteen months. But the great news is that the borders are now opening, and I very much look forward to meeting each of you over the coming months.

What excites you most about joining Ivanti as the new VP of Sales in APAC?

Liam: I am so excited to join Ivanti. The opportunity to grow our revenues, grow market share with net new customers, and add superior value to our customers is what exhilarates me. I look forward to working with each of you on our vision to deliver on our core values – to lock arms, fight the good fight, be champions for our customers and deliver outcomes.

How should our sales and marketing functions work together?

Liam: The key to winning will be to create our shared path to success for APAC. Sales and marketing are co-dependent areas of the business and need to be perfectly aligned on our strategy and go to market plans. We will be a team, working together with open doors, aligning, sharing knowledge and ideas to succeed and celebrate success together.

What is your idea of a winning environment and how do you create one?

Liam: The absolute aim for the APAC region is to work as “One Ivanti”. Our key is to have strong working relationships, built on mutual benefit, collaboration, and transparency.

Together we will build our strategy, we will build our organization, develop capabilities and plans. Together we will execute and be accountable to drive enterprise value, deliver on our growth projections and ensure success for our customers.

How do you overcome fear, uncertainty and doubt in prospects?

Liam: We need to focus our time on understanding our prospects. We must ask questions and learn what is important to them and what they are looking to achieve. In order to deliver success to our customers our value proposition must be aligned to their priorities and perspectives. We need to clearly articulate a value case that sees Ivanti solving their issues, improving their business landscape and delivering strong outcomes.