The document discusses the Network and Information Systems Directive (NIS2), a new European Union regulation that strengthens cybersecurity requirements. NIS2 expands coverage to more sectors and introduces new mandates around incident reporting, business continuity planning, and international collaboration. The document then explains how HCL's BigFix software can help organizations comply with NIS2 by enabling continuous compliance monitoring, vulnerability remediation, and security automation.

1. Copyright © 2023 HCL Software Limited
NIS2
• What is NIS2?
• How can BigFix Help?
• What do I do next?
Make Europe fit for the digital age

2. hcltechsw.com
2 Copyright © 2020 HCL Technologies Limited | www.hcltech.com

3. 3
HCLSoftware
Delivering software that fulfils the transformative needs
of clients around the world
_______________________________________
$1B 50
enterprise software business countries
________________________________________
50+ 15,000+
products enterprise customers
________________________________________
4,500+
employees worldwide
_________________________________________
4 areas of expertise
• Enterprise Security
• AI & Automation
• Digital Transformation
• Data & Analytics

4. 4
Security is a Universal Challenge
In 2023, there are
about 3.5 million
unfulfilled
cybersecurity jobs
Skills
shortage
Regulatory fines
can cost millions
for large global
brands
Compliance
mandates
Nearly 1/3 of all
detected
vulnerabilities
remain
unremediated
after a year
Long remediation
times
A typical
organization
uses 14 endpoint
management tools
Too many tools
And agents
No consolidated
single manage-
ment view of all
endpoints
increases security
risk
Lack of
visibility
Endpoint Security
is essential, but
challenging
“things” to secure personal data records stolen lost to cybercrime

5. European Union is reacting with NIS2?
5
• The Network and Information Systems Directive (NIS2) is a European Union regulation enacted in
November 2022 that sets out cybersecurity requirements for providers of essential services and digital
service providers. The aim of the directive is to “achieve a high common level of cybersecurity across the
Union”.
What is NIS2?
• The directive replaces the original NIS directive and introduces new provisions to improve cybersecurity
across a broader range of sectors categorized as “essential" or “important”, based upon the significance to
the disruption of to the society or the economy. These include manufacturing, finance, healthcare, and
transport, and other heretofore more lightly regulated industries that increasingly rely on technology to run
their businesses.
How is it different?
• https://www.europarl.europa.eu/RegData/etudes/BRIE/2021/689333/EPRS_BRI(2021)689333_EN.pdf
Where can I find the mandate?

6. What is new with NIS2
6
Business
Continuity
• Creates the
necessary
cyber crisis
management
structure
Reporting
• Increases the
level of
harmonization
regarding
security
requirements
and reporting
obligations
Scope
• Encourages
Members
States to
introduce new
areas of
interest such
as supply
chain, etc.
Collaboration
• Fosters novel
ideas such as
the peer
reviews for
enhancing
collaboration
and knowledge
sharing
Scale
• Covers a larger
share of the
economy and
society by
including more
sectors
Broader
Scope
Management Cyber Risk
Incident
Reporting
Fines and
Penalties
Core
Objectives
Core
Tenets

7. Who is impacted ?
7

8. Copyright © 2019 HCL Technologies Limited | www.hcltechsw.com
How can BigFix Help?
8
•BigFix can continuously enforce information system security and policies, preventing systems
from drifting out of compliance. Then using BigFix, the organization can prioritize and
remediate vulnerabilities and non-compliance in real-time.
Policies on risk analysis and
information system security
•The BigFix agent running on each managed system can monitor and detect any change that
can lead to a security incident. Automated incident handling can be configured to respond to
the detected security event.
Incident handling
•In a disaster recovery scenario, BigFix can deploy fully provision devices using bare metal
recoveries, software distribution, the ability to configure devices using established polices–
speeding the recovery following a disaster.
Business continuity: backup
management and disaster recovery,
and crisis management
•BigFix can identify all the systems that need to be patched, apply applicable patches to those
systems, and then report on the patching status. BigFix integrates Tenable and Qualys
vulnerability scanning solutions compress the time between discovery and remediation.
Security in network and information
development and maintenance,
vulnerability handling and disclosure

9. Copyright © 2019 HCL Technologies Limited | www.hcltechsw.com
How can BigFix Help (cont)?
9
•BigFix can be leveraged to define and implement cyber security policies and best practices.
These include asset discovery, patch management, continuous compliance assessment,
hardware and software inventory, and user-driven software distribution.
Basic cyber hygiene practices
•BigFix can enforce encryption policies at the OS level and ensure that required encryption
programs and applications on user devices are running.
Cryptography encryption
•BigFix can discover all devices that have an IP address on the network through distributed
NMAP scanning.
Human resources security,
access control policies and
asset management
•BigFix provides platform and application specific checklists security benchmarks published by
CIS, DISA, and PCI DSS. These checklists help an organization enforce secure account access
policies such as the use of two-factor authentication or other stronger authentication
mechanisms.
Continuous authentication
solutions and secure
communications

10. How BigFix can help: Optimize Your IT/Security Operations
Ad hoc
patching
Infrequent
vulnerability
scanning
Multiple endpoint
management tools
Management Siloes
for mobile, laptop,
servers
Siloed Vulnerability
management
Vulnerability
Prioritization
based on
CVSS
Manage
to Protection
Level Agreements
Compliance
enforced
automatically
Zero Trust
endpoint
management
Continuous
vulnerability
assessment
All endpoints
visible and
managed
Single
Endpoint
Management
Platform
Cost: CAPEX and OPEX
Cloud
Endpoint
Management
IT Operations
and Security
aligned and
data integrated
Operations Optimization Level

11. Reffer to existing Best Practices: Example ISO27001
12

12. How BigFix will Help
13
Collaboration
•Fosters novel
ideas such as
the peer
reviews for
enhancing
collaboration
and
knowledge
sharing

13. How BigFix will Help
14
Collaboration
•Fosters novel
ideas such as
the peer
reviews for
enhancing
collaboration
and
knowledge
sharing

14. 15
Protection Level Agreements
Measure performance of remediation against
business-driven targets
Critical security patches for
online banking servers
for Cobalt Group CVEs
 Aligns IT Operations with Business
Objectives, balancing business
objectives/goals with cyber risk tolerance
 Leverages baselines that combine asset
criticality, CVE criticality, desired patch
levels, and compliance standards against
agreed-to organizational service levels
 PLA report shows remediation
performance against specific asset
groups

15. Learn More from us
18
Forward the solution brief
How BigFix addresses NIS2 White paper
•https://www.hcltechsw.com/bigfix

16. Q&A

17. hcltechsw.com