IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security

© 2015 IBM Corporation
Bridging the Endpoint Gap Between IT Ops and Security
Murtuza Choilawala | Product Management & Strategy, IBM Security
Rohan Ramesh | Product Marketing, IBM Security
IBM BigFix

2© 2015 IBM Corporation
IBM Security Strategy
Buyers
CISO, CIO, and Line-of-Business
Deliver a broad portfolio of solutions differentiated
through their integration and innovation to address the latest trends
Key Security Trends
IBM Security Portfolio
Strategy, Risk and Compliance Cybersecurity Assessment and Response
Security Intelligence and Operations
Advanced
Fraud
Protection
Identity
and Access
Management
Data
Security
Application
Security
Network, Mobile
and Endpoint
Protection
Advanced Threat and Security Research
Support the
CISO agenda1
Innovate around
megatrends2
Lead in selected
segments3
Advanced
Threats
Skills
Shortage
Cloud Mobile and
Internet of Things
Compliance
Mandates

You can’t fix what you can’t see
Incident response is the No. 1 factor to reduce the cost of a data breach
Despite existing tools, breaches continue to rise Lack
of visibility and control contributes to security breaches and financial loss
*Source: 2015 Cost of a Data Breach Study: Global Analysis, Ponemon Institute, May 2015
“Major global bank compromised and
millions of depositor records stolen
due to missed server upgrade cycle”
?
global average cost
of a data breach*
$3.8M


Siloed IT Operations and Security Teams
IT OPERATIONS
• Apply patches and fixes
• Implement security and operational policy
• Manual process takes weeks / months
IT SECURITY
• Scan for compliance status
• Create security policies
• Identify vulnerabilities
Disparate tools, manual processes, lack of integration and narrow visibility

Architecture Complexity Resources
 Heavy, resource-intensive
agent(s)
 Multiple products,
multiple agents
 Not Internet-friendly
Why other approaches fail
 Too much admin
and infrastructure
 Little pre-built content
 Each task detracts from
higher value projects
 Slow, scan-based
architectures
 Limited coverage
 Not cost-effective at scale

IBM BigFix: Bridge the gap between Security and IT Ops
ENDPOINT
SECURITY
Discovery
and Patching
Lifecycle
Management
Software Compliance
and Usage
Continuous
Monitoring
Threat
Protection
Incident
Response
ENDPOINT
MANAGEMENT
IBM BigFix®
FIND IT. FIX IT. SECURE IT.
…FAST
Shared visibility and control
between IT Operations
and Security
IT OPERATIONS SECURITY
Reduce operational costs while improving your security posture

Single Intelligent Agent
• Performs multiple functions
• Continuous self-assessment & policy
enforcement
• Minimal system impact (< 2% CPU)
IBM BigFix
Single intelligent
agent
Lightweight, robust infrastructure
• Use existing systems as relays
• Built-in redundancy
•Support/secure roaming endpoints
Cloud-based content delivery
• Highly extensible
• Automatic, on-demand functionality
Single server and console
•Highly secure and scalable
•Aggregates data, analyzes & reports
•Pushes out pre-defined/custom policies
Real-Time Visibility
Scalability Ease of Use
BigFix
Platform
Flexible policy language (Fixlets)
• Thousands of out-of-the-box policies
• Best practices for operations and security
• Simple custom policy authoring
• Highly extensible/applicable across all platforms

Endpoint management
Find and fix problems in minutes, across endpoints on and off the network
IBM BigFix®
FIND IT. FIX IT. SECURE IT…FAST
Discovery
and Patching
A single console
to identify, patch
and report
on endpoints
Lifecycle
Management
Asset discovery,
software distribution
and advanced patching
across 90+ platforms
Software Compliance
and Usage
Software license
control to improve
compliance and reduce
costs and risk
ENDPOINT MANAGEMENT
Reduce admin and infrastructure costs

Discovery
and Patching
Lifecycle
Management
Software
Compliance
and Usage
Discovery and patching
A single-console management system to identify, patch, and report
on multiple devices and attributes
 Discover and report on every endpoint
– Desktops
– Laptops
– Servers
– Purpose-specific endpoints
e.g., ATMs and point-of-sale (POS) devices
 Gain accurate, up-to-the minute visibility
and continuous enforcement of patches
 Manage patches to hundreds of thousands
of endpoints, multiple operating systems
and applications – automatically
 Clients report >98% first pass patch success
Protecting 50,000 PCs, servers and ATMs in 1,800 locations with one console
SunTrust Banks

Managing 27,000 servers across 3,000+ locations with two IT staff
Major US Retailer
Lifecycle management
Reduce cost, risk, and complexity of managing endpoints
 Streamline asset discovery
and software distribution
 Prebuilt automation scripts
 Automated advanced patching for
physical, virtual and clustered servers
 Role based software deployment
and user self-provisioning
 Bare-metal provisioning, OS imaging
and driver management
 PC and Mac power management
Manage the endpoint lifecycle
from a single pane of glass
Discovery
and Patching
Lifecycle
Management
Software
Compliance
and Usage

Software compliance and usage
Identify what software is installed and how it’s used
 Discover all licensed and unlicensed software
with in-depth granularity across operating systems
and devices
 Reduce license compliance exposure and associated fines
 Decrease software license costs by eliminating unused
or redundant software
 8,000+ software publishers, 40,000+ software products, 50+
cross OS virtualizations
 Mitigate risk from unauthorized and malicious software
$
Discovery
and Patching
Lifecycle
Management
Software
Compliance
and Usage
Saved $500K in unused software licenses while avoiding
$1M in non-compliance fines across 15,000+ endpoints
US Foods
SW Catalogue, ISO 19770 enabled

Disrupt the attack chain
Real-time situational awareness and incident response
IBM BigFix®
Continuous
Monitoring
Discover vulnerabilities
and enforce
continuous compliance
BEFORE an attack
Threat
Protection
Detect and defend
against endpoint threats
in real time
DURING an attack
Incident
Response
Quarantine and remediate
non-compliant or
infected endpoints
AFTER an attack
ENDPOINT SECURITY
Actionable Intelligence
Real-time incident response

98% patch and update compliance rate on 4,000+ workstations
with 50% reduced labor costs
Infirmary Health System
Continuous security configuration compliance
Accurate, real-time visibility and continuous security configuration enforcement
Continuous compliance “set and forget”
• No high-risk periods
• Lower total cost
• Continued improvement
• Identify and report on any configuration drift
• Library of 9,000+ compliance checks
(e.g., CIS, PCI, USGCB, DISA STIG)
Traditional compliance “out of synch”
• High-risk and cost periods
• Manual approach causes endpoints
to fall out of compliance again
Continuous
Monitoring
Threat
Protection
Incident
Response
Traditional versus Continuous
Time
Compliance
ContinuousTraditional
RISK

Advanced endpoint protection
Stop exploits before application vendors provide updates
Third-party AV ProtectionProtection IBMTrusteer Apex
• Anti-virus protection and Data
Loss Prevention
• Deploy and enforce security
configuration policies
IBM BigFix®
• Third-party anti-virus
management
• Manage compliance,
quarantine and remediate
Continuous protection from advanced persistent threats
• Multi-layered protection
designed to break the
threat lifecycle in real-time
Continuous
Monitoring
Threat
Protection
Incident
Response

A look ahead
Integrated real-time endpoint intelligence for closed-loop risk management
IBM QRadarIBM BigFix
Real-time endpoint
intelligence
Network anomaly
detection
Provides current
endpoint status
Correlates events
and generates alerts
Prompts IT staff
to fix vulnerabilities
• Improves asset database accuracy
• Strengthens risk assessments
• Enhances compliance reporting
• Accelerates risk prioritization
of threats and vulnerabilities
• Increases reach of vulnerability
assessment to off-network endpoints
Integrated,
closed-loop
risk
management
Continuous
Monitoring
Threat
Protection
Incident
Response

Respond to threats with blazing speed
Incident response
Fix problems in minutes
 Respond to threats
and vulnerabilities with
remediation in minutes
 Automatic, continuous,
closed-loop remediation
of endpoints
 Implement policies across
the organization for on-
and off-network endpoints
Remediate
Evaluate
Report
Continuous
Monitoring
Threat
Protection
Incident
Response

PREPARE (less than 3 hours)
How a retail giant responded to the Shellshock / Bash bug
Resolving a critical issue on ~600 servers in under four hours with IBM BigFix
• Issue discovered and teams mobilized
• Teams created necessary patch scripts
within a fixlet and tested manually
• Fixlets were pushed to the BigFix
server for distribution
The security team used IBM BigFix to remediate ~600 servers
while they could previously only address 35 servers
Major US Retailer
Total Time
~ 4 Hours
PREPARE (less than 3 hours)
SCAN (less than 30 minutes)DEPLOY (less than 30 minutes)
• Endpoint management team executed
analysis of systems to determine which
systems were vulnerable
• Corrective actions were implemented
using IBM BigFix
SCAN (less than 30 minutes)
• Scanned and deployed to ~600 servers
in less than 30 minutes
• New systems reporting online were
automatically addressed within minutes
based upon their group membership
SCAN (less than 30 minutes)

IBM BigFix – Unified Management and Security
Lifecycle Inventory Patch Compliance Protection
 Patch Mgmt
 Asset Discovery
 SW Distribution
 Advance Patching
 Remote Control
 OS Deployment
 Power Mgmt
 Sequenced Task
Automation
 SW/HW Inventory
 SW Usage
Reporting
 Software Catalogue
Correlation
 SW Tagging
 OS Patching
 3rd party App
Patching
 Offline Patching
 Patch Mgmt
 Sec Config Mgmt
 Vuln Assessment
 Comp Analytics
 3rd Party AV Mgmt
 Self Quarantine
Add-on:
 PCI DSS
 Anti-Malware
 Firewall
Add-on:
 Data Loss
Prevention &
Device Control
IT OPERATIONS SECURITY
IBM BigFix®
FIND IT. FIX IT. SECURE IT… FAST

Gartner has recognized IBM as a leader
Magic Quadrant for Client Management Tools
Note: This Magic Quadrant graphic was published by Gartner, Inc. as part
of a larger research note and should be evaluated in the context of the entire report.
The Gartner report is available upon request from IBM. G00264801.
Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest
ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed
or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner Magic Quadrant Report
June 2015
LEADER - Four Years in a ROW!!
Analyst(s): Kevin Knox, Terrence Cosgrove
Link to Gartner MQ report

Client results
Lifecycle Inventory Patch Compliance Protection
27,000
Virtual servers
3,000
Distinct stores
99%
Deployment time saved
2
IT staff needed to manage
27,000 servers distributed
in over 3,000 locations
15,000
Endpoints needed software
compliance management
80%
Reduced patch
deployment time
$500,000
USD saved on unused
software licenses
$1 million
License noncompliance
fines avoided in USD
50,000
PCs, servers and ATMs
1,800
Branch locations
98.5%
Patch and update
compliance rate
1
Console needed to see,
change, enforce and report
on patch compliance status
4,000
Individual workstations
that needed to be protected
and compliant
Minutes
Time to complete an
accurate asset inventory
98%
Patch and update
compliance rate
50%
Reduced labor costs
Major US Retailer US Foods SunTrust Banks Infirmary Health System Alstom Holdings
98,000
Individual laptops that
needed to be protected
and compliant
60%
Decrease in the amount
of required IT staff
3 days
To deploy software,
down from 2 weeks
97%
Reduced number
of required servers

IBM BigFix ecosystem
IBM CONFIDENTIAL
IBM Integrations Business Partners End-users
• IBM QRadar
• IBM Trusteer Apex
• IBM MobileFirst Protect
• IBM Cloud Orchestrator
• IBM Control Desk
• IBM PureScale
• IBM TeaLeaf
• IBM Workload Scheduler
and more …..
BigFix Forums re-launched
IBM BigFix®

Website: www.ibm.com/security/bigfix
Twitter: @IBMBigFix

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any
kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor
shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product
or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries
or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside
your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks
on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access.
IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other
systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE
IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security

What our clients are saying
“…we can now better defend against
internal and external threats. We can
see who is doing what… And with the new
intelligence, we’ve applied new settings
that significantly strengthen our
security posture and reduce the
number of potential security incidents.”
- Infirmary Health
“…we will be able to guarantee that
all of our endpoints are patched
appropriately, and we will be able to
provide solid proof that we have a fully
documented regular patch process
in place… moving us closer to full PCI
DSS compliance.”
- The Co-Operative Food
“IBM Endpoint Manager is easy to
use, which helps us keep operational
costs low and makes the integration
of services much easier.”
- Orange Business Services
“Now that we know what we’ve
deployed and where, we’re better
positioned to find any unpatched
holes in our systems and keep our
corporate data protected.” - Allstate

Product Name Changes

Integrated endpoint protection ecosystem
• Consolidated view of managed endpoints
• Detailed mobile device views
• Ability to drive simple actions
on mobile devices
‒ Lock, wipe, locate, etc.
• Consolidated asset reporting

IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security

More Related Content

What's hot

Similar to IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security

More from IBM Security

Recently uploaded

IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security