Software Asset Management (SAM)

75% of all SAM projects are over budget and do not meet their business goals, according to a well know IT consultancy. Why is this happening? We believe that the approach many projects take is the reason for these failures. Many SAM projects start by using existing IT operations tools, such as Microsoft's SCCM, BMC's ADDM, IBM's BigFix for their SAM discovery data. These tools were not designed for SAM and do not automatically have the data required for successful SAM projects. The SAM project is then faced with the need for customized discovery, data consolidation, and normalization. All requiring much time, money and outside experts.

We at Belarc strongly believe that our products can help automate your SAM process with world-class software and hardware discovery, normalization and license optimization all designed to work together as an integrated system. Click on the link to see our short presentation: Discovery - the basis for successful SAM

These are the main tasks that organizations must perform to implement SAM. Unlike other SAM tools, Belarc's approach is to offer an integrated and automated solution with all of these steps, so that the process can be rapidly implemented and continuously updated.

  • Discovery. This involves the discovery of two things. First is the installation and usage (they are not the same thing) of software on host systems such as desktops, tablets, mobiles, and physical and virtual servers; and second the discovery of the entitlements or purchases of this software.

    Unlike other vendors who largely rely on IT operations tools such as Microsoft’s SCCM, BMC’s ADDM, etc. for discovery data, Belarc uses it’s own world-class discovery. This is important because the IT operations tools do not offer discovery for important aspects of SAM such as expensive CAD and GIS software (Autodesk, Solidworks, ESRI, etc.); discovery of accurate usage of applications such as Visio, Project, O365, Adobe CC, which can either be harvested or stopped in the case of SaaS software; discovery of server software from IBM and Oracle, and discovery of the usage on the options and management packs of this software. This means that other SLM tools rely on running custom scripts to try and do this discovery, resulting in a time consuming, inaccurate and manual process.

  • Normalization. This means creating consistent names or identification for the discovery data, both the installed or used and the entitlement or purchase data.

    Belarc automatically normalizes it’s own discovery data with no manual steps involved. Other SLM tools try to match the discovery data from multiple operations tools to a software catalog. This approach requires that the software catalog is up to date with newly released software and custom built software, something that is hardly practical. The result is much manual effort by the end user, SLM vendor or consultants to keep the software catalog continuously updated.

  • License position. This task involves calculating the licenses required based on the installed or usage data and the software vendor’s licensing rules and metrics, and then comparing that to the end-user’s entitlements or purchases.

    Sometimes the license type (Server/CAL or CPU, for example) or whether a license is even required (in the case of bundled software or fail-over instances) can be automatically discovered and Belarc uses this information to automatically apply the correct licensing rules and metrics to these instances. Other SLM products require the end user to always manually apply the correct license type to each instance of the product.

  • License optimization. This step involves comparing the end-user’s current entitlements and licensing rules to alternative licensing rules typically from the same vendor and looking for cost advantages. For example comparing Server/CAL licenses to Processor or CPU licenses; comparing renewing a ULA (Unlimited License Agreement) or certifying and going off the ULA. Considering other vendor’s products is not usually part of the license optimization step, but it certainly should be.

    Belarc’s SAM tool is built on a full featured business intelligence tool and allows our end users complete ability to customize and do what-if analysis on the data.

These points are seen in the following flow charts. The first chart shows the current "patchwork quilt" of products and consultants that are required by most SAM tools. Because these tools are reliant on operations tools for their discovery data they are often lacking the data necessary for SLM and require much time and effort to run custom scripts. Normalization is also a problem because it requires that the software catalog or signatures are always up to date, which is often not the case.

The second chart shows Belarc's fully integrated (Discovery, Normalization, License Position and License Optimization) approach, which allows for easy implementation and minimal on-going maintenance costs.

Patchwork quilt of products and consultants

Cyber Security

Many cyber attacks today, such as the WannaCry ransomware, are not stopped by traditional cyber security tools such as anti-virus, firewalls or intrusion detection and prevention systems. The solution to stopping today’s attacks is to go back to the basics of cyber security and implement standard security controls and monitor them on a continuous basis. BelManage and BelSecure support the Center for Internet Security's (CIS) Top 5 Controls, with the following:

  • Complete listing of all hardware including desktops, laptops, servers, virtual machines, tablets and phones. Configuration details include make, model, serial number, BIOS or UEFI, operating system, group policies applied, USB storage device usage, encryption status, and more. (CIS Control #1)
  • Complete listing of all installed software including versions and last time used. Ability to automatically compare installed software with standard images or approved software. Flags unused software as candidates to be removed. (CIS Control #2)
  • Automatic vulnerability assessment based on published vulnerabilities from Microsoft, Adobe, Oracle Java and Apple. (CIS Control #3)
  • Detailed information on both local and domain user logins by host and privileges, and the ability to automatically track user account changes such as elevated privileges. (CIS Control #4)
  • Comparison of configurations to the US Government Configuration Baselines (USGCB). (CIS Control #5)

To learn more, please request our white papers, “Securing the Enterprise - Cyber Security Myths and Reality”, "Ransomware - how to stop it" and “Mapping the NIST security controls” by sending an email to:

Configuration Management

Automatically track detailed software, hardware and security configurations

Reduce your IT operating costs by identifying older versions or unused applications; improve your cyber security resilience; plan and automate an operating system migration. You can accomplish this and more with an automated, enterprise wide repository of detailed software, hardware and security configurations.