#dachnug50 | HCL BigFix - The Endpoint Management Platform | Tom Haab - HCLSoftware Senior X-Brand Technical Advisor

1. Copyright © 2023 HCL Software Limited
HCL BigFix
The Endpoint
Management Platform
DACHNUG#50
Tom Haab: Senior X-Brand Technical Advisor

2. Endpoint Security is a Universal Challenge
In 2023, there are
about 3.5 million
unfulfilled
cybersecurity jobs
Skills
shortage
Regulatory fines
can cost millions
for large global
brands
Compliance
mandates
Nearly 1/3 of all
detected
vulnerabilities
remain
unremediated
after a year
Long remediation
times
A typical
organization
uses 14 endpoint
management tools
Too many tools
And agents
No consolidated
single manage-
ment view of all
endpoints
increases security
risk
Lack of
visibility
Endpoint Security
is essential, but
challenging
“things” to secure personal data records stolen lost to cybercrime

3. Top Reasons Customers Buy BigFix
Consolidate tools for reduced
cost, complexity and risk
Accelerate Zero Trust and
other security initiatives
Keep all endpoints
continuously patched and
compliant
Remediate vulnerabilities
faster to maintain business
continuity
Reduce annual software costs
while fostering use of current,
most secure, software versions
Securely Manage
“Work From Anywhere”
Initiatives
Industry’s Broadest Array of Automation
and Out-Of-The Box Content

4. Internet/Firewall Connected
Corporate/Remote Offices/
ATM/PoS/Desktops etc.
Real-time visibility, scalability, and ease of use
Lightweight infrastructure
• Use existing systems as relays
• Built-in redundancy
• Support / secure roaming endpoints
• Single Port (52311)
• API Servers for extension to Cloud and
Mobile
Cloud-based content delivery
• Highly extensible
• Automatic, on-demand
functionality
• 500K+ Published Fixlets.
• New content added daily + community.
(BigFix.me)
• To BigFix Server Only!
Single server and console
• Highly secure
and scalable
• Aggregates data,
analyzes and reports
• Pushes out pre-defined / custom
policies
• Can be on WAN or Cloud
Flexible policy language (Fixlets)
• Thousands of out-of-the-box policies
• Best practices for operations and security
• Simple custom policy authoring
• Highly extensible/applicable across all
platforms
• Use Relevance, PowerShell and others
Intelligent agent
• Performs multiple functions
• Continuous self-assessment and
policy enforcement
• Minimal system impact
(< 2% CPU)
• Approximately 15MB Ram
• API Registration
Content Repository
BigFix Server
Relay
WAN Connected
Relay
Open Architecture
• Rest API
• ServiceNow
• Qualys
• Tenable
• Qualys
• Forescout
• Aruba
• Nutanix
MCM API
MCM/API
Server(s)
Remote Users
Laptops / Mobile

5. Endpoint Management for Every Part of Your Organization
Support for 100+ operating
systems and variants
Integrations with ServiceNow, Tenable,
Qualys, Nutanix, IBM, VMWare, AWS,
Google Cloud, Azure and others
User Workspace
Management
Deep automation for clients
and mobile to easily solve the
latest user endpoint demands
in the market
Secure Infrastructure
Automation
Intelligent automation
of servers and cloud assets
Security & risk management
compliance
Software Asset
Management
Software cost management
License optimization
Software auditing
CyberFOCUS Security
Management
Help alignment of security
and operations
Help C-suite balance
security and business
Prove cyber risk reduction

6. Support for 100 operating
systems and variants
Integrations with ServiceNow, Tenable,
Qualys, Nutanix, IBM, VMWare, AWS,
Google Cloud, Azure and others
Secure Infrastructure
Automation
Intelligent automation
of servers and cloud assets
Security & risk management
compliance
Software Asset
Management
Software cost management
License optimization
Software auditing
CyberFOCUS Security
Management
Help alignment of security
and operations
Help C-suite balance
security and business
Prove cyber risk reduction
Improve
management and
control of end user
computing devices
including laptops,
desktops, phones
and tablets while
enabling
self-service IT.
Provides
• Total User Workspace
Management
• User self-service
• User experience management
• CyberFOCUS Analytics
• Fast Vulnerability remediation
• Enforced compliance
• Remote desktop control
BigFix Lifecycle
BigFix Mobile
Endpoint Management for Every Part of Your Organization

7. Support for 100 operating
systems and variants
Integrations with ServiceNow, Tenable,
Qualys, Nutanix, IBM, VMWare, AWS,
Google Cloud, Azure and others
User Workspace
Management
Deep automation for clients
and mobile to easily solve the
latest user endpoint demands
in the market
Software Asset
Management
Software cost management
License optimization
Software auditing
CyberFOCUS Security
Management
Help alignment of security
and operations
Help C-suite balance
security and business
Prove cyber risk reduction
Endpoint Management for Every Part of Your Organization
Provides
• Effective patch management
• Intelligent server automation
• OS updates and deployment
• CyberFOCUS Analytics
• Continuous compliance
• Remote control
• Ready-to-deploy content
BigFix Lifecycle
BigFix Compliance
Improves security
and control of on-
prem and cloud
servers using a single
comprehensive
management
platform.

8. Endpoint Management for Every Part of Your Organization
Support for 100 operating
systems and variants
Integrations with ServiceNow, Tenable,
Qualys, Nutanix, IBM, VMWare, AWS,
Google Cloud, Azure and others
User Workspace
Management
Deep automation for clients
and mobile to easily solve the
latest user endpoint demands
in the market
Secure Infrastructure
Automation
Intelligent automation
of servers and cloud assets
Security & risk management
compliance
CyberFOCUS Security
Management
Help alignment of security
and operations
Help C-suite balance
security and business
Prove cyber risk reduction
Optimizing software
cost management
through license
inventory, usage
tracking and audit-
ready reports.
Provides
• Software catalog with
100,000+ titles
• Software usage reporting
• Identification of over
deployed titles
• Identification and optional
removal of risky and
unauthorized software
BigFix Inventory

9. Endpoint Management for Every Part of Your Organization
Support for 100 operating
systems and variants
Integrations with ServiceNow, Tenable,
Qualys, Nutanix, IBM, VMWare, AWS,
Google Cloud, Azure and others
User Workspace
Management
Deep automation for clients
and mobile to easily solve the
latest user endpoint demands
in the market
Secure Infrastructure
Automation
Intelligent automation
of servers and cloud assets
Security & risk management
compliance
Software Asset
Management
Software cost management
License optimization
Software auditing
CyberFOCUS Security
Management
Help alignment of security
and operations
Help C-suite balance
security and business
Prove cyber risk reduction
Aligns security and
operations to remediate
vulnerabilities faster,
ensure compliance
across the enterprise and
better manage security
and risk across all
endpoints in the
enterprise.
Provides
• Insights for Vuln Remediation
• CISA KEV Analyzer
• MITRE APTs Vuln Simulator
• Protection Level Agreements
BigFix Lifecycle
BigFix Compliance
BigFix Remediate

10. BigFix: The Endpoint Management Platform
Analyze
An open data analytics platform
providing insights, historical and trend
reports
Discover inventory
• Discovery and enrollment
• Hardware and software inventory for
over 100k titles
Continuous compliance and patch
• CIS, PCI-DSS, DISA-STIG
• Eliminate configuration drift
Vulnerability remediation
Correlates vulnerabilities from Tenable
and Qualys to bridge the Sec/Ops gap
and reduce attack surface
Intelligent automation
Fully automated operations for any
endpoint
• Distribution
• Hardening
• Patch
• Compliance
Manage
• Desktop, server, cloud and mobile
• End user self-service
• Remote desktop control
• Power Management
Integrate
Integrations with 12+ market leading
products including ServiceNow,
Tenable, Qualys, QRadar and more

11. BigFix Mobile
Modern Management for a Mobile Workforce
Enroll
Enroll corporate or BYOD devices with
Zero touch or end user initiated Over-
the-air enrollment.
Manage
• Easily manage several hundred OS
configuration settings and
applications
• Easily deploy Applications from
Google Playstore and Apple
Appstore
Service
Remotely wipe, or lock a lost or stolen
device to protect corporate data, and
provide an on-screen message so that
it can be retrieved
Secure
Set passcode policies, restrictions
policies, OS update policies or
manage application blacklist and
whitelisting, camera and print
settings, etc. Retire
Easily decommission corporate
applications and data on personal
devices that are no longer authorized

12. BigFix mobile features
Enroll Zero touch, Over-The-Air BYOD
Enables employees to easily connects device to
BigFix via self service
Application Deployment
Easily deploy Applications from Google Playstore and
Apple Appstore
Manage
IT Admin can easily configure and manage devices at
a detailed level. Ultimate flexibility in managing
several hundred configuration settings
Security
Set passcode policy, restrictions policies, application
blacklist and whitelist, camera and print settings,
remote lock, wipe, restart and more
Data Protection
Control corporate document usage
Decommission
Easily decommission use of corporate applications
and data on personal devices that are no longer
authorized
Lock
Remotely lock a device with corporate data, then
communicate with whoever finds the lost device
Mobile Command Center
A unified view of all endpoint operation with
interactive dashboard to manage your entire fleet of
user devices

13. Mobile Command Center
• Notification boxes
• At-a-glance status
• Top tasks & In-context help
• Mobile device population
• Notification boxes
• At-a-glance status
• Top tasks & In-context help
• Mobile device population

14. BigFix vs Microsoft Tools
Capabilities BigFix Microsoft - Intune / SCCM
Architecture
Strategic
Yes, BigFix strategic platform can manage Windows, Mac,
Linux, Unix supporting (server/client) and mobile devices
No, to manage windows clients/servers and mobile requires 2 disparate
tools (Intune / SCCM). To manage Linux or Unix requires other totally
disparate tool
Co-Manage
Co-Manage via BigFix solution with no requirements or
dependency on Active Directory or Domain Membership.
Decreases CCOI (Cost / Complexity of Infrastructure) and
improves security posture
Yes; but based on disparate infrastructures (Intune is Azure cloud
based, SCCM on-prem). Requires Azure based AD for Intune, on-prem
AD for SCCM and must be synced to function properly
Windows Client Yes Yes - Intune / SCCM
Windows Server Yes SCCM only
iOS Yes Intune only
Android Yes Intune only
Linux Yes Neither
Unix Yes Neither
Mac Yes
Intune / SCCM
Limited capabilities
(i.e. - Intune - no OS updates)

15. BigFix vs Microsoft Tools
Capabilities BigFix Microsoft - Intune / SCCM
Compliance
Continuous Compliance
Yes, via the BigFix agent content will continuously be
evaluated and enforced on/off network and even when
devices are network disconnected
No, SCCM requires agent check-in producing visibility gaps
Regulatory standards scanning Yes (native support) No (Intune / SCCM)
Vulnerability scanner integration
Yes (multiple vendors supported) with automated
correlated results and remediation
Intune – No
SCCM – can only feed data, no ability to consume data,
remediation is manually lengthily process and prone to
potential errors or missing vulnerabilities
Deploy and customize Windows PC device
configuration settings
(e.g., WMI, registry)
Yes
Intune – No official support
(see link in notes)
SCCM - Yes
Deploy configuration settings to mobile
devices.
Yes
Intune – Yes
SCCM - No
GPO Management
(Group Policy)
BigFix – Yes, set local policies and check group policies. No
dependency on domain membership, easily support remote
workers. No VPN dependency/requirement
Intune – No
SCCM – Yes
Note: Requires connection to Domain to deploy GPs and if
offsite requires VPN; otherwise, no oversight/mgt

16. BigFix vs Microsoft Tools
Capabilities BigFix Microsoft - Intune / SCCM
Deployment
Deploy apps to devices and Windows systems Yes – Windows (servers/clients), mobile, Unix, Linux, Mac
Intune – windows client and mobile devices
SCCM – windows servers and clients
Deploy Windows OS Yes (Bare metal included)
Intune – No
SCCM – Yes (Bare metal included)
Deploy non-windows OS Yes – Unix, Linux, Mac Intune/SCCM - No
Security and Privacy
Manage Windows OS software updates Yes – (Servers/Clients)
Intune/SCCM – Windows client (Both)
Windows Server (SCCM only)
Manage Non-Windows OS updates Yes - Linux, Unix, Mac, iOS, Android
Limited – iOS, Android (Intune)
Limited – Mac (SCCM, may require additional software)

17. BigFix vs Microsoft Tools
Capabilities BigFix Microsoft - Intune / SCCM
Data Protection for mobile devices
Deploy security settings to mobile devices Yes Yes (Intune only)
Remote lock Yes Yes (Intune only)
Remote wipe Yes Yes (Intune only)
Business value
Reduce CCOI (Cost / Complexity of
Infrastructure), agent sprawl (number of
agents) across Windows, Mac, Unix, Linux,
iOS, Android
Yes, BigFix as a strategic platform not only supports all major
OS; but it does it via a single platform allowing customers to do
more with less. Additionally, since BigFix helps reduce agent
sprawl (i.e. – number of agents per systems) may help increase
endpoint lifespan allowing customers to reduce hardware
spend
No, numerous disparate tool sets that drive up overall cost and
complexity, more staff overhead. Difficult to have synergy between
teams when utilizing disparate tools.
Enterprise Security Exposure
As BigFix strategic platform collapses an enterprise's existing
infrastructure (i.e. – tool sets) this promotes synergy between
various teams which ultimately decreases security exposure
Due to extremely complex infrastructure (i.e. – tool sets) it increases
the security exposure since there is very limited synergy between
teams due to this complexity.

18. Copyright © 2023 HCL Software Limited
Backup

19. The Economic Impact of BigFix
Addressing endpoint management challenges drives tangible value
No consolidated single
Management view of
all endpoints increases
security risk
Lack of
visibility
In 2023, there are about
3.5 million unfulfilled
cybersecurity jobs
Skills
shortage
Regulatory fines can
cost millions for large
global brands
Compliance
mandates
Nearly 1/3 of all
detected vulnerabilities
remain unremediated
after a year
Long remediation
times
A typical organization
uses 14 endpoint
management tools
Too many tools
And agents
Endpoint
Management
Challenges
One skillset leveraged
across all OS platforms
and device types
Simplified staffing,
fewer specialists
Eliminates configuration
drift, remediation effort,
and noncompliance
fines
Continuous
compliance
enforcement
Prioritize and speed
vulnerability remediation
across the fleet of
endpoints
Fast remediation of
vulnerabilities
A unified view simplifies
management and
control and reduces
risk
Consolidated view
of all endpoints
A single endpoint
management solution
reduces tool sprawl
and IT complexity
Single agent and
platform
BigFix delivers
Economic Impact
Reduced staffing
costs
Fewer fines for
noncompliance
Reduce security risk Reduced IT spend Improve visibility
and control

20. BigFix Technology Alliance Program
Certified integrations support by HCL and the partner

21. For HCL and HCL Business Partners only