Life on the Endpoint Edge:

Winning the Battle Against Cyber Attacks

IBM BigFix

© 2015
© 2015 IBM Corporation
IBM Corporation
 75% Of attacks use publicly known
vulnerabilities that could be
prevented by patching
Ineffective patch management is a
major contributor to breaches. 99.9% of exploited vulnerabilities were
compromised more than a year
after the CVE was published

© 2015 IBM Corporation 2

The path of least resistance

58% of all cyber-attacks originate on an endpoint

• Siloed security and operations teams

• Disparate tools and manual processes
• Curious users via phishing variants
• Narrow visibility into highly distributed environments

© 2015 IBM Corporation 3

Why some approaches fail

© 2015 IBM Corporation 4

IBM BigFix: Unified Endpoint Security & Management

© 2015 IBM Corporation 5

© 2015 IBM Corporation 6
How it Works

© 2015 IBM Corporation 7

IBM BigFix – Unified Management and Security

IT OPERATIONS SECURITY

IBM BigFix®
FIND IT. FIX IT. SECURE IT… FAST

Lifecycle Inventory Patch Compliance Protection

 Patch Mgmt  SW/HW Inventory  OS Patching  Patch Mgmt  Anti-Malware
Available as
“Starter Kit”  Asset Discovery  SW Usage  3rd party App  Sec Config Mgmt  Firewall
 SW Distribution Reporting Patching  Vuln Assessment
 Advanced Patching  Software  Offline Patching  Comp Analytics Add-on:
 Remote Control Catalogue  3rd Party AV Mgmt  Data Loss
 OS Deployment Correlation  Self Quarantine Prevention &
 Power Mgmt  SW Tagging Device Control
 Sequenced Task Add-on:
Automation  PCI DSS

© 2015 IBM Corporation 8

BigFix Web UI

Flexibility
 Web client improves accessibility and
eliminates the dependency on Windows
only endpoint
Visibility
 Visibility into subscribed sites and status
of endpoints
Usability
 Simplified workflow making it easier to
navigate
Performance
 Faster data refresh and access

https://alpha.bigfix.com/

© 2015 IBM Corporation 9

 BigFix Query (via the BigFix Fast Query Channel)

Query Editor User-defined

Queries

Pre-defined
Queries

Rapidly interrogate endpoints with BigFix Query

 Pre-defined queries enable rapid time-to-value
 Create and share user-defined queries
 Queries can target individual endpoints, groups or broadcast to your enterprise
 View query results in tabular format, export to CSV
 Integrations to/from BigFix Query within the BigFix WebUI
Get The Right Answer,  Query execution leverages the BigFix Fast Query Channel
Not Just Any Answer  Built on the power of proven BigFix relevance.
*The Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential
future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development,
release, and timing of any future features or functionality described for our products remains at our sole discretion. Subject to IBM NDA
© 2015 IBM Corporation 10
 CSO Dashboard

 Leverage OOTB compliance dashboards and tiles

 Customize your views leveraging structured BigFix

objects

 Reporting widgets enable a range of views

 Drill-down into details of devices and security

objects

 Quickly understand the security posture of your organization

© 2015 IBM Corporation 11

Advanced Patching – Who needs it?

Anyone with clustered servers! No more weekend Pizza Parties

Business Challenge:
• Patching the Operating System or Application version for
Clustered Windows Servers is complicated, and can costs 100’s of
hours per month. (Typically involves weekend work)

• If a mistake is made in patching “mission critical applications” it can

cost $Thousands to $Millions per hour.

Before BigFix: Manual effort for 28 3-Node clusters 16 person days.

Gov’t
Agency Now: Less than 3 days (~80% savings) doing the same work Smarter!

Pre-Prod: Manual effort for patching Multi-Node clusters 11.5 hours.

Semiconductor
Early POC results: 30 Minutes (99% savings) “…So far Bigfix is looking like a
Company
real winner !“
http://www.youtube.com/watch?v=x1LRAaFJZaI&feature=youtu.be
© 2015 IBM Corporation 12
How a retail giant responded to the Shellshock / Bash bug
Resolving a critical issue on ~600 servers in under four hours with IBM BigFix

Managing 27,000 servers across 3,000+ locations with two IT staff

Major US Retailer
PREPARE (less than 3 hours)

• Issue discovered and teams mobilized

• Teams created necessary patch scripts
within a fixlet and tested manually
• Fixlets were pushed to the BigFix SCAN (less than 30 minutes)
server for distribution Total Time
~ 4 Hours • Scanned and deployed to ~600 servers
in less than 30 minutes
DEPLOY (less than 30 minutes) • New systems reporting online were
automatically addressed within minutes
• Endpoint management team executed based upon their group membership
analysis of systems to determine which
systems were vulnerable
• Corrective actions were implemented
using IBM BigFix

A Race to the finish!

The BigFix team remediated 600 servers in same the time it took the datacenter
team to address just 35 servers. (would have taken them 8hrs)
Major US Retailer

© 2015 IBM Corporation 13

Prioritize risks and expedite remediation of vulnerabilities

Real-time endpoint Provides current Enterprise-wide

intelligence endpoint status security analytics

IBM BigFix Integrated, IBM QRadar

closed-loop
risk
management
Prompts IT staff Correlates events
to fix vulnerabilities and generates alerts

• Improves asset database accuracy • Accelerates risk prioritization

of threats and vulnerabilities
• Strengthens risk assessments
• Increases reach of vulnerability assessment to off-
• Enhances compliance reporting
network endpoints

© 2015 IBM Corporation 14

IBM BigFix

Find It.
Discover unmanaged endpoints and get
real-time visibility into all endpoints to identify
vulnerabilities and non-compliant endpoints

Fix It.
Fix vulnerabilities and apply patches across
all endpoints on and off the network in minutes regardless of
endpoint type or network connectivity

Secure It.
Continuously monitor and enforce compliance
with security, regulatory and operational policies
while proactively responding to threats

© 2015 IBM Corporation 15

 Low hanging fruit

75% of attacks use publicly known vulnerabilities

that could be prevented by patching

• Think patch management 101

• Endpoint & vulnerability discovery across
devices, OS, location
• Automated patching and remediation
• Quarantine non-compliant endpoints
• Enforce continuous compliance
• Ensure proper password procedures
• Implement two-factor authentication
• Invest in end-user education

© 2015 IBM Corporation 16

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being
altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can
be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require oth er
systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF
ANY PARTY.

THANK YOU
www.ibm.com/security

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any
damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or alteri ng the terms and
conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other
IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.