Senserva Blog

What Happens When a Tester Meets Senserva Trustworthy AI

clay@senserva.com (Clay Babcock) — Tue, 21 Apr 2026 14:47:57 GMT

We've been running Siemserva through beta testing with a group of IT pros over the past several weeks. Most of the feedback has been what you'd expect - performance notes, UI suggestions, questions about specific findings. Useful stuff. Normal stuff.

Microsoft's UTCM APIs: A Massive Win for Configuration Drift Management, And Why Senserva's Already Ahead

rod@cdmediainc.com (Rod Trent) — Thu, 29 Jan 2026 16:51:22 GMT

Hey folks, Rod Trent from Microsoft here - guest-blogging again!

The Revolution Starts Today: Siemserva is Here

clay@senserva.com (Clay Babcock) — Mon, 26 Jan 2026 16:46:38 GMT

Today we're launching something that changes the game. Not with hype, not with buzzwords, but with something the security industry desperately needs: a tool you'll actually want to use.

Siemserva is live. Right now. $99 for a limited time.

Security Shouldn't Require a PhD

Here's the truth nobody wants to say out loud: the security industry builds for the Fortune 500 and ignores everyone else.

They build products that require armies of analysts, unlimited budgets, and weeks of training. Then they wonder why 80% of organizations struggle with basic security hygiene.

We built Siemserva for that 80%. For the IT managers wearing twelve hats. For the small MSPs serving Main Street businesses. For the federal contractors who need SCuBA compliance but don't have a compliance team. For everyone who cares about security but doesn't have unlimited resources.

And here's what shocked even us during development: we made it fun.

Five Minutes to Your First Security Assessment

No weeks of configuration. No training courses. No consultant fees.

You download Siemserva, it connects to your Microsoft 365 tenants, click one button, and go make coffee. By the time you're back, you have a comprehensive security assessment of your entire environment.

Entra ID. Exchange Online. SharePoint. Teams. OneDrive. Intune. Every security setting that actually matters, checked against real baselines, explained in plain English.

Our beta testers told us they finished their first scan and immediately wanted to show someone. Not because they had to. Because it was genuinely satisfying to finally understand where they stood.

Security software that makes you look good to your boss AND that you actually enjoy using? That's the revolution.

But Here's the Real Breakthrough

Most security tools stop at "here's what's broken." Cool, thanks. Now what?

Siemserva tells you exactly how to fix it. Step-by-step remediation instructions. Links to Microsoft documentation. Licensing requirements. Cost estimates. Everything you need to actually address the findings.

But we didn't stop there.

Every finding automatically maps to compliance framework controls. CISA SCuBA. Microsoft Cloud Security Benchmark. Your auditor asks "Do we meet SCuBA control MS.AAD.1.1?" You don't panic and start researching. You open Siemserva and show them.

That's the difference between security theater and actual security.

Audit Prep in Minutes, Not Weeks

Let's talk about compliance for a second. We all know the drill:

- Auditor sends framework requirements
- You spend weeks mapping your security posture to their controls
- You manually gather evidence for each control
- You pray nothing changed since you started the process
- Repeat every quarter forever

Siemserva generates that documentation automatically. Every finding is already mapped to relevant controls with justification. Audit prep goes from weeks to minutes. You export the report, hand it to your auditor, and get back to actual work.

Why $99? Why Now?

The normal price is $1,000 , lifetime updates. That's already a steal for what you get.

But for launch, we're doing $99. Yes, really.

Why? Because we need to prove something.

We need to prove that security tools can be accessible. That they can be enjoyable. That the 80% deserve the same level of protection as the Fortune 500. And we need you to be part of that proof.

When you use Siemserva and it actually works, you'll tell your colleagues. Your IT friends. Your industry contacts. You'll show them your dashboard. You'll brag about your security scores improving.

That word of mouth is worth more than any marketing campaign.

So grab the $99 pricing while it lasts. Once we hit our adoption targets, it goes to $1,000 and stays there.

Built by People Who Get It

Founder Mark Shavlik isn't new to this. He built Shavlik Technologies, pioneered patch management, and sold to VMware. He's spent years watching the same pattern repeat: vendors build for the biggest companies first, then wonder why everyone else struggles.

Senserva exists because Mark got tired of watching good organizations fail because the tools weren't built for them.

We're a Microsoft Intelligent Security Association (MISA) member with three official Microsoft endorsements. We have patents on our technology. We've shipped security products to millions of endpoints.

But here's what Mark is most proud of: people actually like using Siemserva. After 30 years of building security software that people had to use, he finally built something people want to use.

That's the real breakthrough.

What Happens Next

This isn't just a product launch. It's a statement.

The 80% have been told to "make do" with tools built for someone else for too long. To hire experts they can't afford. To accept complexity they don't have time to manage. To hope they don't get breached before they figure it out.

That era ends today.

Siemserva is live on the Microsoft marketplace. Windows desktop app available now. Web interface, macOS, Linux, and mobile apps coming in 2H 2026. MITRE ATT&CK framework mapping also coming later this year.

But you don't need to wait for future features. What's available today will transform how you handle Microsoft 365 security. I'm not exaggerating. Try it and you'll see.

Five minutes to your first assessment. Plain English explanations. Framework controls intelligence. Remediation guidance. $99.

The revolution isn't coming. It's here.

Stop Configuration Drift Before It Costs You: Meet Senserva Drift Manager

rod@cdmediainc.com (Rod Trent) — Thu, 18 Dec 2025 21:42:20 GMT

A Note from Clay:

We're excited to welcome back Rod Trent as a guest contributor to the Senserva blog. For those who don't know Rod, he's a Senior Program Manager for Cybersecurity and AI at Microsoft, works on Copilot for Security, and co-hosts the Microsoft Security Insights Show. He also wrote "Must Learn KQL" and several other books on Microsoft security. Rod brings a valuable third-party perspective on configuration drift and what we're doing with Drift Manager. It's helpful to have someone who lives and breathes Microsoft security products take a fresh look at our approach and explain why this stuff matters in practical terms. We asked him to dig into the problem space, and we think his analysis will resonate with you. Look for more from Rod as we explore how organizations can better manage security in Microsoft environments. Take it away Rod!

Picture this: You've got your Microsoft 365 or Entra ID environment dialed in perfectly—everything locked down for security and compliance. Then, seemingly out of nowhere, an admin makes a quick change, someone shares a file they shouldn't, or Microsoft pushes an update that shifts things just a bit. Next thing you know, you're vulnerable, and you might not even realize it until it's too late. Reports show that misconfigurations play a role in over 80% of data breaches, and a lot of that comes down to configuration drift. The gradual shift away from your intended setup.

Everyone's Deploying AI, Nobody's Validating Security

clay@senserva.com (Clay Babcock) — Wed, 17 Dec 2025 15:45:42 GMT

It seems we’ve being talking a lot about AI recently, and there’s a good reason for it. And it’s not what you might think.

Teaching AI to Know When It Doesn't Know

clay@senserva.com (Clay Babcock) — Mon, 08 Dec 2025 17:50:14 GMT

We've been thinking a lot about trust lately. Not the "do you trust this vendor" kind of trust, but the deeper question: when should you trust AI to make decisions on its own, and when should it ask for help?

Senserva Achieves Microsoft Sentinel Integration Approval: Completing the Three-Legged Stool

clay@senserva.com (Clay Babcock) — Wed, 03 Dec 2025 20:25:18 GMT

Entra ID. Intune. Sentinel. The Three Pillars of Microsoft Security, Now Fully Integrated with Drift Manager

Why MSPs Across 4 APAC Countries Are Racing to Solve the Configuration Drift Crisis

clay@senserva.com (Clay Babcock) — Fri, 21 Nov 2025 21:28:22 GMT

Last week's webinar with Crayon proved something we've been seeing for months: the Asia Pacific region isn't just interested in configuration drift management anymore. They're urgently deploying it.

Looking back: Mark Shavlik's Microsoft Journey

Mark Shavlik — Thu, 13 Nov 2025 20:28:34 GMT

Real Talk from the Channel: Gino Barletta on the Misconfiguration Crisis

clay@senserva.com (Clay Babcock) — Tue, 11 Nov 2025 16:14:30 GMT

You know what's rare in this industry? Finding a partner who doesn't just sell your product, but actually thinks about the problems it solves. Someone who reads the same security articles you do and immediately connects the dots to real customer pain.

The Partnership Model That's Changing How Security Innovation Goes Global

clay@senserva.com (Clay Babcock) — Fri, 31 Oct 2025 17:05:47 GMT

Here's something I've been thinking about lately: we talk a lot about security innovation, but not nearly enough about how that innovation actually reaches the organizations that need it most.

Webinar Recap: MSPs Say Configuration Optimization Is Vital Technology

clay@senserva.com (Clay Babcock) — Mon, 20 Oct 2025 21:02:52 GMT

Last week's webinar with our partners at Crayon was something special. Honestly? The response blew us away.

When $2.6 Billion Goes Up in Smoke: The Cyberattack No One Saw Coming

clay@senserva.com (Clay Babcock) — Thu, 02 Oct 2025 20:57:12 GMT

How configuration drift and insurance validation failures turned a preventable problem into a government bailout

Why Senserva’s Azure Lighthouse Approach Is a Security Game-Changer

rod@cdmediainc.com (Rod Trent) — Mon, 29 Sep 2025 20:39:10 GMT

Why Senserva’s Azure Lighthouse Approach Is a Security Game-Changer

Behind the Scenes: How the Senserva Insurance Compliance Inquisitor Actually Works

clay@senserva.com (Clay Babcock) — Wed, 17 Sep 2025 19:05:16 GMT

Since announcing our Insurance Compliance Inquisitor program, I've been getting detailed questions about our process. People want to understand exactly how we validate cyber insurance compliance and what their involvement looks like. Here's the complete breakdown of our three-phase methodology.

The Challenge We're Solving

Before diving into process details, it's important to understand what we're addressing. When organizations apply for cyber insurance, they disclose security controls they have in place - MFA deployment, backup procedures, patch management, security training, and more. The problem? Most answer based on what they intend to implement rather than what they can prove they continuously maintain.

During claim investigations, insurers conduct forensic audits of actual implementations. One gap between disclosed and actual controls can trigger denial clauses that void the entire policy. That's exactly what happened to Cottage Health - $4.1 million out of pocket because they couldn't prove continuous compliance with disclosed security controls.

Our Inquisitor process conducts the same forensic validation that insurers perform during claims, but proactively when gaps can still be fixed.

Phase 1: Discovery and Consultation

Preparation Requirements: The preparation is straightforward - we need your current cyber insurance policy documents and a basic overview of your IT environment. Most organizations already have this information readily available.

The Consultation Process: This is an interactive session involving your key stakeholders (typically IT leadership, risk management, and executive team) along with our technical experts. We're not conducting an interrogation - we're having a structured conversation to understand your business.

What We Document:

Business model and critical processes
IT infrastructure and security architecture
Current security tool deployments and configurations
Risk tolerance and compliance requirements
Historical security incidents and lessons learned

What We Review:

Your complete cyber insurance policy language
Application materials and technical questionnaires
Previous security assessments or audit reports
Incident response and business continuity plans

Your Time Investment: 2-3 hours for the core team, minimal follow-up.

Outcome: Comprehensive understanding of your environment and policy requirements, with clear expectations set for the technical analysis phase.

Phase 2: Technical Analysis

The Heavy Lifting Phase: This is where our technical team does the detailed work while your operations continue normally. Most of this happens without any impact on your day-to-day activities.

AI-Powered Policy Parsing: Our algorithms analyze your insurance policy documents to extract specific technical requirements, identify exclusion clauses that could void coverage, and create structured requirement matrices for validation. This automated analysis catches nuances in policy language that manual review might miss.

Automated Security Discovery: We deploy our assessment tools to inventory your security infrastructure, validate configurations against policy requirements, and identify any gaps between disclosed and actual implementations. This process is designed to be non-intrusive and occurs during business hours with minimal network impact.

Manual Validation: Our experts conduct targeted verification of critical controls that require human judgment - testing backup recovery procedures, validating security training effectiveness, analyzing vulnerability management processes, and verifying incident response capabilities.

Gap Analysis and Risk Assessment: Every identified gap is categorized by claim denial risk (Critical, High, Medium, Low) and assessed for remediation complexity. We provide preliminary timelines and resource requirements for addressing each finding.

Your Involvement: Minimal - occasional clarification questions and weekly status updates. The technical work happens in the background.

Phase 3: Documentation and Ongoing Monitoring

Comprehensive Documentation Package: The final deliverable isn't just a report - it's a comprehensive compliance package designed to satisfy insurance investigations and support claim approvals.

Executive Summary: Board-ready overview of compliance status, risk assessment, and investment requirements for full compliance.

Technical Implementation Guide: Step-by-step remediation procedures for every identified gap, including configuration examples, testing procedures, and validation checklists.

Legal Documentation Package: Evidence compilation suitable for claim defense, including policy requirement mapping, configuration validation, and professional assessment summary.

Ongoing Monitoring Setup: Automated systems to track compliance status, detect configuration drift, and alert when changes threaten coverage validity.

Implementation Support: We don't just hand over documentation and disappear. Our team provides guidance during remediation implementation, answers technical questions, and validates that fixes meet policy requirements.

What Clients Experience

Minimal Disruption: Most clients report the process requires less time than their monthly security team meetings.

Fast Results: Average timeline from engagement start to final documentation is 2-3 weeks.

Simple Fixes: Most identified gaps can be resolved within 48-72 hours of discovery. Common fixes include enabling MFA on service accounts, updating backup testing procedures, or documenting existing security training programs.

Immediate Value: Clients receive actionable intelligence about their actual compliance status and clear guidance for maintaining coverage.

The Business Impact

The return on investment is straightforward. Our process protects against potential claim denials in the millions. More importantly, validated compliance strengthens insurance renewal negotiations and often results in better rates and terms.

Why This Process Works

The methodology mirrors exactly what insurance companies do during claim investigations, but proactively when problems can still be fixed. We're not creating new standards - we're validating against the requirements already in your policy.

The process is designed for busy organizations that need compliance validation without operational disruption. Most of the work happens behind the scenes with minimal client involvement.

Most importantly, we focus on practical solutions. When we identify gaps, we provide specific remediation guidance that typically involves simple configuration changes rather than major infrastructure investments.

Getting Started

If this process sounds like something your organization needs, the first step is a brief discovery conversation. We can usually determine fit and provide initial recommendations within a 15-minute call.

The goal isn't to find problems - it's to ensure your cyber insurance coverage will actually protect you when you need it most. Don't discover you're not covered after you've been attacked.

Contact Information: Clay Babcock, President
clay@senserva.com

Ready to validate your coverage? Let's make sure your cyber insurance will be there when you need it.

The Hidden Crisis in Cyber Insurance

clay@senserva.com (Clay Babcock) — Fri, 12 Sep 2025 17:22:39 GMT

Why I'm Soft-Launching the Senserva Insurance Compliance Inquisitor (And Why I Need Your Help)

Hi everyone,

How Senserva is addressing the “Too Small to Target” Security Myth

glenn@senserva.com (Glenn Adolph) — Mon, 01 Sep 2025 20:14:42 GMT

For decades, small and medium-sized businesses operated under a comforting but false assumption: "We're too small to be a target." This mindset, while understandable from a resource allocation perspective, has proven to be one of the most dangerous misconceptions in modern cybersecurity. The IT landscape has undergone a fundamental shift, and with it, the security paradigm has evolved from "security through obscurity" to "assume you're already compromised."

Bridging PowerShell and C# for Advanced Microsoft Security Automation

Mark Shavlik — Tue, 19 Aug 2025 20:48:01 GMT

Hello, fellow security enthusiasts and sysadmins!

Why Removing Legacy Software is Crucial for Security

TJ Dolan — Wed, 13 Aug 2025 17:52:05 GMT

Senserva is offering a Zero Setup plan for Drift Manager. We do all the work for you.

glenn@senserva.com (Glenn Adolph) — Tue, 05 Aug 2025 17:02:11 GMT

When Cyberattacks Hit Home: Lessons from the Saint Paul Incident

clay@senserva.com (Clay Babcock) — Fri, 01 Aug 2025 16:48:31 GMT

Drift Management: The Perfect Complement to Infrastructure as Code (IaC)

rod@cdmediainc.com (Rod Trent) — Tue, 24 Jun 2025 16:32:43 GMT

Maintaining consistency and control over system configurations is paramount. Infrastructure as Code (IaC) has revolutionized the way we manage and deploy infrastructure, allowing for automated and repeatable configurations. However, IaC alone may not be sufficient to address all the challenges associated with configuration management. This is where Drift Management comes into play, offering a perfect complement to IaC.

Understanding and Mitigating Security Drift in Microsoft Intune Managed Devices

rod@cdmediainc.com (Rod Trent) — Thu, 23 Jan 2025 19:03:27 GMT

Enhancing Security Through Best Practices and Conditional Access Policies

Embracing the Future: The Shift Towards a Passwordless World

rod@cdmediainc.com (Rod Trent) — Tue, 17 Dec 2024 17:22:49 GMT

Why Going Passwordless is the Next Big Step in Cybersecurity

Security Drift in Microsoft Entra: Challenges and Mitigation Strategies

rod@cdmediainc.com (Rod Trent) — Mon, 09 Dec 2024 15:53:20 GMT

Microsoft Entra, a comprehensive identity and access management (IAM) solution, is designed to safeguard and streamline access to your digital assets. However, like any sophisticated system, it is not immune to security drift, a phenomenon where the security posture of an environment gradually deviates from its original, intended state. This blog post delves into the specifics of security drift within Microsoft Entra, elucidating the challenges it presents and proposing strategies to mitigate its impact.

The Cumulative Impact of Incremental Changes on Security Posture: A Major Cause of Security Drift

rod@cdmediainc.com (Rod Trent) — Mon, 11 Nov 2024 13:02:19 GMT

One concept that often goes unnoticed is the insidious effect of incremental changes on an organization's security posture. While these small adjustments may seem harmless on their own, their cumulative impact over time can significantly weaken security defenses, leading to a phenomenon known as security drift. This blog post delves into how seemingly minor modifications can collectively erode security measures and why it is crucial to remain vigilant against this silent threat.

Combating Security Drift: Proactive Measures for Long-Term Security

rod@cdmediainc.com (Rod Trent) — Mon, 04 Nov 2024 17:50:50 GMT

Maintaining robust security protocols is a continual challenge for organizations of all sizes. Security drift, the gradual decline in the effectiveness of security measures, can occur as a result of complacency, evolving threats, or changing business practices. To ensure long-term security, organizations must adopt proactive measures to prevent security drift. This blog post delves into specific strategies and best practices that can help organizations stay ahead of potential security vulnerabilities.

Proactive Strategies: How Continuous Monitoring and Training Can Mitigate Security Drift

rod@cdmediainc.com (Rod Trent) — Mon, 28 Oct 2024 16:00:00 GMT

Maintaining a robust security posture is an ongoing challenge. One of the most insidious threats to organizational cybersecurity is security drift—a gradual, often unnoticed, degradation of security practices over time. To combat this, organizations must adopt proactive strategies, primarily through continuous monitoring and regular training. This blog post explores how these two critical components can mitigate security drift, ensuring a resilient defense against emerging threats.

Human Behavior and Security Drift: Employee Actions That Can Compromise Security

rod@cdmediainc.com (Rod Trent) — Mon, 21 Oct 2024 16:00:00 GMT

The importance of robust security measures cannot be overstated. Organizations invest heavily in advanced technologies and protocols to protect their data and systems. However, one often overlooked factor remains a significant vulnerability: human behavior. The phenomenon known as "security drift" highlights how employee actions can gradually erode the effectiveness of security measures, leading to potential breaches.

Security Drift: The Silent Killer

rod@cdmediainc.com (Rod Trent) — Fri, 11 Oct 2024 21:49:10 GMT

New threats often capture our attention with their immediate and visible impact. However, lurking beneath the surface is a less conspicuous but highly insidious threat known as security drift. This gradual erosion of security measures over time can lead to significant vulnerabilities, making it a silent killer in the realm of cybersecurity. In this blog post, we will explore what security drift is, why it occurs, and how organizations can effectively combat it.

New Senserva Web Site is On Line

Mark Shavlik — Mon, 11 Mar 2024 05:00:00 GMT

Senserva has a great new web site, its full of details around what we help secure and how we work with high end security partners to provide a full solution.

Azure AD Role Scoring

Kyle White — Mon, 10 Jul 2023 05:00:00 GMT

At the time of writing this post, Azure AD contains 91 built-in administrative roles. These roles have varying degrees of power within Azure AD.