The document discusses the Network and Information Systems Directive (NIS2), a new European Union regulation that strengthens cybersecurity requirements. NIS2 expands coverage to more sectors and introduces new mandates around incident reporting, business continuity planning, and international collaboration. The document then explains how HCL's BigFix software can help organizations comply with NIS2 by enabling continuous compliance monitoring, vulnerability remediation, and security automation.
3. 3
HCLSoftware
Delivering software that fulfils the transformative needs
of clients around the world
_______________________________________
$1B 50
enterprise software business countries
________________________________________
50+ 15,000+
products enterprise customers
________________________________________
4,500+
employees worldwide
_________________________________________
4 areas of expertise
• Enterprise Security
• AI & Automation
• Digital Transformation
• Data & Analytics
4. 4
Security is a Universal Challenge
In 2023, there are
about 3.5 million
unfulfilled
cybersecurity jobs
Skills
shortage
Regulatory fines
can cost millions
for large global
brands
Compliance
mandates
Nearly 1/3 of all
detected
vulnerabilities
remain
unremediated
after a year
Long remediation
times
A typical
organization
uses 14 endpoint
management tools
Too many tools
And agents
No consolidated
single manage-
ment view of all
endpoints
increases security
risk
Lack of
visibility
Endpoint Security
is essential, but
challenging
“things” to secure personal data records stolen lost to cybercrime
5. European Union is reacting with NIS2?
5
• The Network and Information Systems Directive (NIS2) is a European Union regulation enacted in
November 2022 that sets out cybersecurity requirements for providers of essential services and digital
service providers. The aim of the directive is to “achieve a high common level of cybersecurity across the
Union”.
What is NIS2?
• The directive replaces the original NIS directive and introduces new provisions to improve cybersecurity
across a broader range of sectors categorized as “essential" or “important”, based upon the significance to
the disruption of to the society or the economy. These include manufacturing, finance, healthcare, and
transport, and other heretofore more lightly regulated industries that increasingly rely on technology to run
their businesses.
How is it different?
• https://www.europarl.europa.eu/RegData/etudes/BRIE/2021/689333/EPRS_BRI(2021)689333_EN.pdf
Where can I find the mandate?
6. What is new with NIS2
6
Business
Continuity
• Creates the
necessary
cyber crisis
management
structure
Reporting
• Increases the
level of
harmonization
regarding
security
requirements
and reporting
obligations
Scope
• Encourages
Members
States to
introduce new
areas of
interest such
as supply
chain, etc.
Collaboration
• Fosters novel
ideas such as
the peer
reviews for
enhancing
collaboration
and knowledge
sharing
Scale
• Covers a larger
share of the
economy and
society by
including more
sectors
Broader
Scope
Management Cyber Risk
Incident
Reporting
Fines and
Penalties
Core
Objectives
Core
Tenets
10. How BigFix can help: Optimize Your IT/Security Operations
Ad hoc
patching
Infrequent
vulnerability
scanning
Multiple endpoint
management tools
Management Siloes
for mobile, laptop,
servers
Siloed Vulnerability
management
Vulnerability
Prioritization
based on
CVSS
Manage
to Protection
Level Agreements
Compliance
enforced
automatically
Zero Trust
endpoint
management
Continuous
vulnerability
assessment
All endpoints
visible and
managed
Single
Endpoint
Management
Platform
Cost: CAPEX and OPEX
Cloud
Endpoint
Management
IT Operations
and Security
aligned and
data integrated
Operations Optimization Level
12. How BigFix will Help
13
Collaboration
•Fosters novel
ideas such as
the peer
reviews for
enhancing
collaboration
and
knowledge
sharing
13. How BigFix will Help
14
Collaboration
•Fosters novel
ideas such as
the peer
reviews for
enhancing
collaboration
and
knowledge
sharing
14. 15
Protection Level Agreements
Measure performance of remediation against
business-driven targets
Critical security patches for
online banking servers
for Cobalt Group CVEs
Aligns IT Operations with Business
Objectives, balancing business
objectives/goals with cyber risk tolerance
Leverages baselines that combine asset
criticality, CVE criticality, desired patch
levels, and compliance standards against
agreed-to organizational service levels
PLA report shows remediation
performance against specific asset
groups
15. Learn More from us
18
Forward the solution brief
How BigFix addresses NIS2 White paper
•https://www.hcltechsw.com/bigfix