Learn more about how organizations prevented downtime with #BigFix in the wake of #wannacry. References and Use Cases along with a review of our BigFix Solution. https://www.ibm.com/connect/ibm/ca-en/resources/tomjs/

1. BigFix: Post-WannaCry/Petya
Tom Springer
Digital Development
Representative
IBM Security

2. 2 IBM Security
Network visibility and segmentation
Too Many People, Processes and Technology
IP reputation
Indicators of compromise
Firewalls
Network forensics and threat management
Virtual patching
Sandboxing
Malware protection
Data access control
Data monitoring
Application security management
Application scanning
Access management
Entitlements and roles
Identity management
Transaction protection
Device management
Content security
Workload
protection
Cloud access
security broker
Vulnerability management
Privileged identity management
Incident response
Criminal detection
Fraud protection
Endpoint patching
and management
Cognitive security
User behavior analysis
Threat and anomaly detection
Threat hunting and investigation
Threat sharing
Endpoint detection
and response

3. 3 IBM Security
Clients Are Demanding Less Complexity
Criminal detection
Fraud protection
Workload
protection
Cloud access
security broker
Access management
Entitlements and roles
Privileged identity management
Identity management
Data access control
Application security management
Application scanning
Data monitoring
Device management
Transaction protection
Content security
Malware protection
Endpoint detection
and response
Endpoint patching
and management
Virtual patching
Firewalls
Network forensics and threat management
Sandboxing
Network visibility and segmentation
Indicators of compromise
IP reputation Threat sharing
Vulnerability management Incident response
User behavior analysis
Threat hunting and investigationCognitive security
Threat and anomaly detection

4. 4 IBM Security
SECURITY TRANSFORMATION SERVICESManagement consulting | Systems integration | Managed security
MaaS360 Trusteer Mobile
Trusteer Rapport
Trusteer Pinpoint
INFORMATION RISK
AND PROTECTION
AppScan
Guardium
Cloud Security
Privileged Identity Manager
Identity Governance and Access
Cloud Identity Service
Key Manager
zSecure
IBM BigFix
X-Force Exchange
QRadar Incident Forensics
BigFix QRadar Network Security (XGS)
App Exchange
SECURITY OPERATIONS
AND RESPONSE
QRadar Vulnerability/ Risk Manager ResilientIncidentResponse
QRadar User Behavior Analytics
i2 EnterpriseInsightAnalysisQRadar Advisor with Watson
QRadar SIEM

5. 5 IBM Security
What is WannaCry?
• March 14: Microsoft releases MS17-010 patch
to fix a Windows vulnerability that enables
remote code execution
• April 14: Hacker group Shadow Brokers posts
exploits to several Windows vulnerabilities,
including those fixed by MS17-010
• May 12: WannaCry attack impacts 300K+
organizations, requiring them to pay ransom or
rebuild systems and restore backups
• Today: After over 90 days, many organizations
still can’t find all systems which need MS17-010,
let alone patch them.
• Most organizations are being tasked with
increasing patch effectiveness in anticipation of
the next WannaCry, Petya, etc.

6. 6 IBM Security
Fragmented defenses, slow to respond
Insufficient
Visibility
Sporadic
Endpoint Hygiene
Silos of Teams
and Tools
Why Were So Many Organizations Affected By WannaCry?

7. 7 IBM Security
• Discover and report on all endpoints
(including unmanaged ones)
regardless of location and bandwidth
• See all patch levels, sw versions and
configs. to identify vulnerabilities and
non-compliant endpoints across the
enterprise
• Immediately contain attacks by
quarantining malicious files, fixing
registry keys and isolating endpoints
• Automate patch deployment, fixing
vulnerabilities across all endpoints on
and off the network regardless of
endpoint type or network connectivity
• Roll out enterprise wide remediation
packages in minutes or hours
• Continuously monitor and enforce
compliance with security, regulatory
and operational policies to
proactively respond to threats and
reduce the attack surface
SEE
Clearly
ACT
Precisely
ENFORCE
Continuously
IBM BigFix: Real-time visibility & control across all endpoints

8. 8 IBM Security
Detect Compliance Lifecycle Inventory Patch
Detect and respond to
malicious activity
Continuous policy
enforcement and
reporting
Software patching,
distribution and
provisioning
Audit authorized
and unauthorized
software
Automated patching
with high first pass
success
• Asset discovery
• Detect
• Investigate
• Response
• Query
• Patch management
• Software distribution
• Query
• Patch management
• Security configuration
management
• Vulnerability assessment
• Compliance analytics
• Third-party anti-virus
management
• Self quarantine
• Add-on: PCI DSS
• Asset discovery
• Patch management
• Software distribution
• Query
• Advance patching
• Remote control
• OS deployment
• Power management
• Sequenced Task
Automation
• Software / hardware
inventory
• Software usage
reporting
• Software catalogue
correlation
• ISO 19770 software
tagging
• OS patching
• Third-party application
patching
• Offline patching
The Collaborative Endpoint Security and Management Platform
IBM BigFix
IBM BigFix
FIND IT. FIX IT. SECURE IT… FAST
IT SECURITY IT OPERATIONS

9. 9 IBM Security
BigFix App for QRadar: Greater Insight to Endpoint Security Status
 Fast and Current Views of
Endpoint Security Data:
̶ Vulnerabilities discovered
̶ Patches to be applied
̶ Anti-virus deployment status
̶ Software installed, processes
running, and files stored
̶ Configuration compliance status
̶ Malware recently identified
̶ Attack Alerts generated based on
IOC/IOA analysis

10. 10 IBM Security
BigFix Clients and WannaCry
Unlike others in that
Friday, Saturday and
Sunday after the attack
…everyone who was
using BigFix had a great
weekend
Marc Van Zadelhoff
General Manager
IBM Security
Click here to watch video

11. 11 IBM Security
WannaCry: BigFix Customer Testimonials
Thanks to BigFix we were able to remediate WannaCry 5 days prior to our target remediation date.
We were so successful that other business units came to us asking for BigFix installations to help
remediate their environments. At the end of the process we successfully remediated 6,300 endpoints on
a mixture of windows versions without issue”
Great News! 95% covered on BigFix. 560K Total Devices / 105K qualified and received he update
related to MS17-010 Vulnerability.”
BigFix topped Microsoft SCCM here in terms of patch compliance reporting and distribution, and
gained BigFix a little more respect from the pro Microsoft teams.”
University IT routinely patches 70,000 systems throughout campus, a service that has prevented
countless cyber incidents over the past 13 years. This fundamental practice, …..protected us from these
two large scale ransomware campaigns
Our Information Security alerted us to the issue, and within minutes we had a list of servers still
needing the patch and have been able to make a plan to resolve the servers that don’t get regular
patches.
We also kicked off an on-demand BigFix task that looks for any .wn or .wcry file extensions and have an
analysis that keys off the output of the task to determine if any files are found. We were able to quickly
determine that no files were present on any server. It definitely reduced any panic we might have had
from their urgency to immediately check all of our servers.

12. 12 IBM Security
Why were BigFix Customers Happy Before, During and
After WannaCry?
They didn’t have to wait for road warriors to join corporate network
• Single-port support (52311) for roaming laptops vs. multiple ports required by other tools
They were able to address remote locations regardless of network speed
• Dynamic bandwidth throttling to address all locations, regardless of bandwidth
They found and Patched all relevant systems in minutes/hours with 98%+ first-
pass success
• IBM receives patches from OS and application vendors, creates/tests packages then sends to
clients for real-time deployment on endpoints, on and off the corporate network. This automation
frees hours/days of admin time for higher-value projects
• BigFix uses a single agent (2% CPU, 10-15MB RAM) which isn’t reliant on fragile WMI or
incomplete Active Directory
• BigFix uses a single management console and skill set for everything from Patch to Software
Metering to Security Compliance Management to EDR and more.
• BigFix uses a single management server per 250,000 endpoints