Software Asset Management (SAM)

75% of all SAM projects are over budget and do not meet their business goals, according to a well know IT consultancy. Why is this happening? We believe that the approach many projects take is the reason for these failures. Many SAM projects start by using existing IT operations tools, such as Microsoft's SCCM, BMC's ADDM, IBM's BigFix for their SAM discovery data. These tools were not designed for SAM and do not automatically have the data required for successful SAM projects. The SAM project is then faced with the need for customized discovery, data consolidation, and normalization. All requiring much time, money and outside experts.

We at Belarc strongly believe that our products can help automate your SAM process with world-class software and hardware discovery, normalization and license optimization all designed to work together as an integrated system. Click on the link to see our short presentation: Discovery - the basis for successful SAM

These are the main tasks that organizations must perform to implement SAM. Unlike other SAM tools, Belarc's approach is to offer an integrated and automated solution with all of these steps, so that the process can be rapidly implemented and continuously updated.

  • Discovery. This involves the discovery of two things. First is the installation and usage (they are not the same thing) of software on host systems such as desktops, tablets, mobiles, and physical and virtual servers; and second the discovery of the entitlements or purchases of this software.

    Unlike other vendors who largely rely on IT operations tools such as Microsoft’s SCCM, BMC’s ADDM, etc. for discovery data, Belarc uses it’s own world-class discovery. This is important because the IT operations tools do not offer discovery for important aspects of SAM such as expensive CAD and GIS software (Autodesk, Solidworks, ESRI, etc.); discovery of accurate usage of applications such as Visio, Project, O365, Adobe CC, which can either be harvested or stopped in the case of SaaS software; discovery of server software from IBM and Oracle, and discovery of the usage on the options and management packs of this software. This means that other SLM tools rely on running custom scripts to try and do this discovery, resulting in a time consuming, inaccurate and manual process.

  • Normalization. This means creating consistent names or identification for the discovery data, both the installed or used and the entitlement or purchase data.

    Belarc automatically normalizes it’s own discovery data with no manual steps involved. Other SLM tools try to match the discovery data from multiple operations tools to a software catalog. This approach requires that the software catalog is up to date with newly released software and custom built software, something that is hardly practical. The result is much manual effort by the end user, SLM vendor or consultants to keep the software catalog continuously updated.


  • License position. This task involves calculating the licenses required based on the installed or usage data and the software vendor’s licensing rules and metrics, and then comparing that to the end-user’s entitlements or purchases.

    Sometimes the license type (Server/CAL or CPU, for example) or whether a license is even required (in the case of bundled software or fail-over instances) can be automatically discovered and Belarc uses this information to automatically apply the correct licensing rules and metrics to these instances. Other SLM products require the end user to always manually apply the correct license type to each instance of the product.


  • License optimization. This step involves comparing the end-user’s current entitlements and licensing rules to alternative licensing rules typically from the same vendor and looking for cost advantages. For example comparing Server/CAL licenses to Processor or CPU licenses; comparing renewing a ULA (Unlimited License Agreement) or certifying and going off the ULA. Considering other vendor’s products is not usually part of the license optimization step, but it certainly should be.

    Belarc’s SAM tool is built on a full featured business intelligence tool and allows our end users complete ability to customize and do what-if analysis on the data.


These points are seen in the following flow charts. The first chart shows the current "patchwork quilt" of products and consultants that are required by most SAM tools. Because these tools are reliant on operations tools for their discovery data they are often lacking the data necessary for SLM and require much time and effort to run custom scripts. Normalization is also a problem because it requires that the software catalog or signatures are always up to date, which is often not the case.

The second chart shows when the software discovery data is not sufficient and the SAM team needs to go back to the operations group to ask for custom scripts. That will take weeks or months and may not offer the correct data. The software publishers are always creating new versions so that the custom discovery will need to be continuously updated. This lack of accurate discovery data is a major reason for the delay and cost overruns of SAM projects today.

The third chart shows Belarc's fully integrated (Discovery, Normalization, License Position and License Optimization) approach, which allows for easy implementation and minimal on-going maintenance costs.

Patchwork quilt of products and consultants

Software Discovery Loop results in delayed and over budget SAM projects

Cyber Security

US DoD Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification (CMMC) is a DoD requirement that applies to all organizations in the defense supply chain. The CMMC-AB (CMMC Accreditation Body) is the neutral, accredited, third party that is responsible to certify Assessors and maintain the CMMC standards. The DoD provided the CMMC-AB with version 1.02 of the CMMC model along with other materials.

Belarc's system can be used by Assessors and Organizations Seeking Certification (OSCs) to meet many of the CMMC Model v1.02 controls. For more information.

Create secure Work From Home (WFH) environments

Enabling Work From Home (WFH) is happening in all organizations today. We need to be sure that those WFH computers are not creating security risks when they VPN into our corporate or government networks. ​This is equally true for company or government issued computers and personal ones.

The best way to accomplish this is to follow the Center for Internet Security's (CIS) 5 Basic Controls and the recent NIST Security for Enterprise Telework recommendations.

Belarc's BelManage system allows organizations to accomplish this with an automated and cost effective system that can be deployed on-premises, on our customer's cloud, or via Belarc SaaS.

For more information: https://www.belarc.com/WorkFromHome

Ransomware - how to stop it.

Many cyber attacks today, such as the WannaCry ransomware, are not stopped by traditional cyber security tools such as anti-virus, firewalls or intrusion detection and prevention systems. The solution to stopping today’s attacks is to go back to the basics of cyber security and implement standard security controls and monitor them on a continuous basis. BelManage and BelSecure support the Center for Internet Security's (CIS) Top 5 Controls, with the following:

  • Hardware - Identify authorized and un-authorized hardware.
  • Software - Identify authorized and un-authorized software.
  • Vulnerabilities - Continuously monitor all systems for operating system and application vulnerabilities.
  • User Privileges - Control and monitor the use of Administrator Privileges for both Local and Domain accounts.
  • Secure Configurations - Implement and monitor the use of secure configurations on all devices.

In addition Belarc's system automatically monitors the following Controls:

  • Drive Encryption - Monitor all drives and determine if encryption has been fully, partially or not enabled.
  • USB Storage Device usage - Identify all used USB storage devices and compare serial numbers to a list of approved devices.
  • Anti-virus Status - Identify virus definition date, whether realtime file scanning is on.
  • OS Update Agent - Identify how the machines are getting their security updates.

To learn more, please request our white papers, “Securing the Enterprise - Cyber Security Myths and Reality”, "Ransomware - how to stop it" and “Mapping the NIST security controls” by sending an email to: whitepapers@belarc.com

CIS CyberSecurity Quarterly newsletter with Belarc authored article on Ransomware and how to stop it.

Configuration Management

Automatically track detailed software, hardware and security configurations

Reduce your IT operating costs by identifying older versions or unused applications; improve your cyber security resilience; plan and automate an operating system migration. You can accomplish this and more with an automated, enterprise wide repository of detailed software, hardware and security configurations.