Professional Documents
Culture Documents
IBM BigFix Client Overview
IBM BigFix Client Overview
Resemble Systems
Why today’s attacks are so successful
85 45 1.5
MILLION unfilled security
positions by 2020
security tools from vendors
99 201
PERCENT endpoint vulnerabilities exploited DAYS -- average time
(over a year after CVE was published) to identify a data breach
September 2016
2 IBM Security
Where endpoint security tools are challenged
Incomplete visibility of endpoint Limited visibility, limited skills and Disparate tools and teams reduce the
status provides poor context for overwhelming amounts of data inhibit ability to both proactively reduce
risk reduction or detection of accurate planning, investigations and endpoint attack surface and effectively
malicious activity decision making respond to malicious activity
3 IBM Security
The Collaborative Endpoint Security and Management Platform
IT SECURITY IT OPERATIONS
IBM BigFix
DETECT COMPLIANCE LIFECYCLE INVENTORY PATCH
4 IBM Security
The IBM BigFix Platform – See, Understand and Act
• Discover and audit all endpoints • Vulnerability and configuration • Continuously and proactively reduce
however connected management and prioritization your attack surface
̵ Configuration • A trusted advisor guides analyst
investigation, in context, to define: • Based on investigation findings:
̵ Compliance
• Veracity of the attack ̵ Immediately contain the attack
̵ Patch level
• Scope and potential enterprise wide ̵ Roll out enterprise wide
̵ SW versions etc remediation packages in minutes
impact
or hours
• Full Range of Remediation actions
• Detect evasive malware and behavior
required
5 IBM Security
IBM BigFix Detect is a unified platform that allows organizations to
not only manage threat detection but also remediation to expedite
reducing the attack surface area.
It's also entering a market where the bar is high with respect to
both functionality and innovation, and has cleared that bar with
the integration of detection and remediation. The user interface
also looks great, which is important to streamline workflows.
DOUG CAHILL
ESG
6 IBM Security
IBM BigFix Real-time Visualization of Endpoint Status
IBM BigFix helps protect over 50,000 PCs, servers and ATMs
across thousands of locations with one console
Major US Bank
7 IBM Security
IBM BigFix You can’t secure what you can’t see...
with BigFix you can see all, know all!
SEE Clearly
UNDERSTAND
Completely
ACT
Precisely
8 IBM Security
IBM BigFix Detecting evasive behavior
Detect
• Detection is dynamic and behavioral “IoA” based and does not rely upon
static signatures or IoC’s
SEE Clearly • Endpoint agents analyze activity independently at kernel level, using a
deep understanding of the latest malicious tactics, techniques and
procedures (TTP’s), based on:
̵ Direct intelligence from 20+M endpoints
UNDERSTAND ̵ IBM+ human intelligence*
Completely
̵ External threat feeds
External
Intelligence
10 IBM Security
IBM BigFix Enrich QRadar security intelligence with BigFix endpoint states
Detect and alerts
SEE Clearly
Security devices
Automated Suspected
Servers and Offense Incidents
BigFix endpoint mainframes
Identification
deep intelligence Network & virtual activity Prioritized
• Unlimited data collection, Incidents
UNDERSTAND • Patches applied storage and analysis
• Configurations Data activity • Built in data classification
Completely
changed Application • Automatic asset, service and
• Applications activity user discovery and profiling
installed Configuration • Real-time correlation
information
Detection and threat intelligence
Vulnerabilities and
• Alerts generated threats • Activity baselining
and anomaly detection
ACT Users and identities • Detects incidents
of the box
Precisely Global threat intelligence
Embedded
Intelligence
11 IBM Security
IBM BigFix Extend QRadar Reach and Remediate Faster
12 IBM Security
IBM BigFix Continuous policy enforcement and compliance
across all endpoints
Your policies should be a floor, not a ceiling
13 IBM Security
IBM BigFix Unparalleled Volume of Pre-built Content
SEE Clearly
UNDERSTAND
Completely
ACT
Precisely
• Extensive library of 500,000+ prebuilt controls, policies and checklists for PCI, CIS, SANS, DISA STIGs,
FDCC, USGBC, NIST, SCAP and more
• 3rd party AV management to ensure that Symantec, McAfee, Trend Micro, Sophos and others are always
installed and current
14 IBM Security
IBM BigFix Accelerate and Automate PCI 3.2 Compliance
IBM BigFix Compliance PCI add-on helps clients comply with PCI DSS 3.2
requirements across the enterprise in a more cost-effective manner and
SEE Clearly reduce the overall data breach risks
15 IBM Security
IBM BigFix Containment: Stopping an attack in its tracks
Detect
• Once the attack is understood, precise action must be taken immediately
to remove the files, processes, or systems being used in the attack
SEE Clearly ̶ Actions: Quarantine device, quarantine file, kill process and fix registry etc.
̶ Kernel level agent provides greater visibility and granular control
UNDERSTAND
Completely
ACT
Precisely
But now that the bleeding has stopped, how do we repair our
systems and eliminate the vulnerabilities that were exploited?
16 IBM Security
IBM BigFix Roll out enterprise wide attack remediation in minutes / hours
Detect
• The initial phase of remediation is to return the endpoints to their pre
infected state, but that does not make them more secure
SEE Clearly • The power of having detect capabilities directly integrated into an endpoint
management platform
̶ Integrated “closed loop” remediation
̶ Full range of responsive actions from patching to remote re imaging
UNDERSTAND ̶ Massive pre validated library of OS and application packages
Completely ̶ Allows Security and IT Operations to collaborate on both proactive hardening
and reactive response
ACT
Precisely
IT SECURITY IT OPERATIONS
17 IBM Security
IBM BigFix Client success story: U.S. Foods
US Foods, Inc. distributes more than 350,000 products to more than 250,000
customers, including independent and multiunit restaurants, healthcare and
hospitality companies, and government and educational institutions.
SEE
Business Need
US Foods needed an automated, centralized endpoint management solution to
replace cumbersome software audit, compliance monitoring and application
deployment processes across 15,000 endpoints.
Solution
UNDERSTAND The company deployed the IBM BigFix to ensure software license compliance
across all of its 15,000 endpoints as well as to reduce its device-related electricity
costs and compress its patch and application deployment cycles.
Benefits
Helped reduce patch deployment times by 80 percent, saving $USD 500,000 on
software licenses and avoiding more than $USD 1 million in license noncompliance
ACT audits.
“Out of the box, IBM BigFix dramatically streamlined our patch deployment
processes…, increased confidence in our software usage data and enhanced our
lifecycle management and power management processes significantly.”
- Dan Corcoran, director of client technology, US Foods
18 IBM Security
IBM BigFix Security and Compliance At Scale
“More than 55 U.S. Federal agencies have standardized
on IBM BigFix to manage and secure over 4 million workstations,
servers (both physical and virtual), and many other endpoints
SEE across a vast array of operating systems.
Such solutions deliver real-time, continuous endpoint security and
compliance by leveraging a library of many thousands of checks...”
ACT
19 IBM Security
IBM BigFix Fastest incident response and payback
WNS (Holdings) Ltd. decreased time to deploy large-scale sites
by 80%, reduced labor costs by 20%, and cut power usage by
over 20%
SEE
Sabadell United Bank reduced time to execute and deploy
patches by 6X, improved patch compliance, and cut time to
deploy vendor patches for zero-day vulnerabilities from weeks
to one day.
Penn state University saved an estimated annual energy cost
UNDERSTAND of $700,000 through power management. They also enabled
remote patching, configuration management, support and
software deployment.
Suntrust achieved a 127% ROI with payback in 9 months;
saving a total of $2.65M. Implemented a patch management
solution to 50,000 endpoints spread across nearly 1,800
locations in three months with just two staff members
ACT
Patching 2-Node Cluster Client Example
Pre IBM BigFix Post IBM BigFix
11.5 man hours for patch completion 80 minutes for patch completion
3.5 hour maintenance window <10 minutes of admin labor
3 to 4 FTE to work in parallel 96%+ savings
20 IBM Security
IBM BigFix How a retail giant responded to zero-day vulnerability
Resolving a critical issue on ~600 servers in under four hours with IBM BigFix
ACT
The security team used IBM BigFix to remediate ~600 servers
while they could previously only address 35 servers
Major US Retailer
21 IBM Security
IBM BigFix
IBM BigFix
Summary: Transforming endpoint security and
Detect management in one platform
SEE
Clearly • Complete visibility into endpoint security posture and malicious activity
̶ Seeing only half the picture in 15 seconds is not enough
ACT
Precisely • Allows Security and IT Ops teams to collaborate
̶ More effective proactive and reactive threat response
22 IBM Security
BigFix Detect should put fear into endpoint security tools trying to
maintain or gain market share in the EDR space. As the new EDR
competitive features are vetted on efficacy for detection, current
BigFix users will be able leverage one package for both EDR and
advanced endpoint / lifecycle management.
As BigFix shows its stuff in the market, competitors will either need
additional partnerships or will need to build out additional
capabilities to meet its full suite capabilities.
DAVID MONAHAN
EMA
23 IBM Security
A Global Leader in Enterprise Security
• #1 in enterprise security
software and services*
• 7,500+ people
• 12,000+ customers
• 133 countries
• 3,500+ security patents
• 15 acquisitions since 2005
*According to Technology Business Research, Inc. (TBR) 2016
24 IBM Security
THANK YOU
FOLLOW US ON:
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informati onal purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
IBM BIGFIX
Product-level module
Insert Slides
The Collaborative Endpoint Security and Management Platform
IBM BigFix IT SECURITY IT OPERATIONS
IBM BigFix
FIND IT. FIX IT. SECURE IT… FAST
Detect and respond to Continuous policy Software patching, Audit authorized Automated patching
malicious activity enforcement and distribution and and unauthorized with high first pass
reporting provisioning software success
27 IBM Security
Detect client benefits
28 IBM Security
Compliance client benefits
29 IBM Security
Inventory client benefits
15,000
• Decrease software license costs Number of endpoints needing software
by reducing the amount of unused compliance management
or redundant software
80%
Reduced patch deployment time
• Mitigate risk from malicious software
$500,000
• Discovery of all licensed and unlicensed USD saved on unused software licenses
software with in-depth granularity across all
operating systems and devices $1 million
USD license noncompliance fines avoided
30 IBM Security
Lifecycle client benefits
31 IBM Security
Patch client benefits
32 IBM Security
IBM BIGFIX
Industry-level module
Insert Slides
Higher Education
Endpoint Security Challenges in Higher Ed
• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix PCs and
Servers
• Non-compliance with PCI-DSS 3.2 and security standards (i.e. "Is AV installed?", "Is the
endpoint encrypted?", “Is it patched?” etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely
• Individual departments
̶ Single tool for managing PCs, Macs and *Servers vs. SCCM+Casper+??
̶ Interrogate endpoints with unprecedented speed and accuracy vs. writing WMI scripts
̶ Accelerate Green IT initiatives with PC and Mac power management – reduce energy
costs and carbon footprint
• Central IT Security
̶ Report on each department's compliance with the university's compliance policies
̶ Allow departments to use their remediation tool of choice (i.e. BigFix, SCCM, Casper, etc).
BigFix agent uses <2% CPU and 10-15MB RAM. Coexists well with a other tools, while
providing the real-time, system-wide visibility and compliance
36 IBM Security
Representative List of Higher Ed BigFix Client Websites
37 IBM Security
Customer Case Study: Penn State
Chartered in 1855, The Pennsylvania State University (Penn State) is a public university based in
University Park, Pennsylvania.
Software:
Business Need: • IBM BigFix®
With energy costs doubling, Penn State looked to reduce
unnecessary power consumption from leaving classroom, lab, and
departmental computers on, when they were not in use. Benefits:
• Reduced energy costs by
US$288,000 per year with annual
Solution: savings expected to reach
US$800,000
The University implemented an end-to-end endpoint
management solution that combines power, lifecycle, patch and • Decreased IT time required to
manage classroom and lab
security management to reduce energy costs while improving the
computers
reliability and security of campus computers.
• Improved security with faster
* Source: IBM CEO Study
“We expect almost US$800,000 in annual savings, once all of our deployment of patches and
approximately 20,000 workstations are under IBM BigFix and similar software applications.
power management settings are applied.”
38 IBM Security
Distribution
Security In Distribution
“A top priority for retailers is to protect customer relationships. To build and maintain that trust in
an omni-channel marketplace is a real challenge and one that retailers tackle head on, investing
significantly in technology that not only provides value to customers but also protects them from
fraud and data theft. “
40 IBM Security
Endpoint Security Challenges in Distribution
• Insufficient visibility into all assets (you can't secure what you can't see).
̶ Remote locations with varying degrees of bandwidth and no IT. Endpoints often stay
unpatched and non-compliant with security standards
̶ Roaming, off-network, laptops which go unpatched and non-compliant for days to months
• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix
PCs/POS/Servers
• Non-compliance with PCI-DSS 3.2 and security standards (i.e. "Is AV installed?", "Is
the endpoint encrypted?", “Is it patched?” etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely,
before, during and after an attack
• Constantly under pressure to cut costs
BigFix helps clients pass more audits, avoid fines, improve their security posture and protect their
brand equity - all while reducing OPEX
42 IBM Security
Customer Case Study: US Foods
US Foods, Inc. distributes more than 350,000 products to more than 250,000 customers, including independent and
multiunit restaurants, healthcare and hospitality companies, and government and educational institutions.
Software:
• IBM BigFix®
Business Need:
US Foods needed an automated, centralized endpoint
management solution to replace cumbersome software
compliance monitoring and application deployment processes Benefits:
across 15,000 endpoints. • Helped reduce patch
deployment times by 80 percent,
Solution: saving USD500,000 on software
The company deployed the IBM BigFix® solution to ensure licenses and avoiding more than
USD1 million in license
software license compliance across all of its 15,000 endpoints as noncompliance fines.
well as to reduce its device-related electricity costs and compress
* Source: IBM CEO Study
its patch and application deployment cycles.
43 IBM Security
Government
BigFix In Federal Government
“More than 50 U.S. Federal agencies have standardized on IBM BigFix to manage and secure over 3 million
workstations, servers (both physical and virtual), and many other endpoints across a vast array of operating
systems. Such solutions deliver real-time, continuous endpoint security and compliance by leveraging a library of
many thousands of checks.. “
45 IBM Security
Endpoint Security Challenges in Government
• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix
PCs/POS/Servers
• Non-compliance with SCAP, PCI DSS, FDCC, CIS, DISA STIG, security standards (i.e. "Is AV
installed?", "Is the endpoint encrypted?", “Is it patched?”etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely
47 IBM Security
Healthcare
BigFix In Healthcare
“Continuous monitoring of risk and compliance with regulations such as 21 CFR Part II, HIPPA, PCI DSS, and more is
essential to driving effective IT security and brings health care institutions full circle to the first step of establishing a security
baseline.”
49 IBM Security
Endpoint Security Challenges in Healthcare
• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix
PCs/POS/Servers
• Non-compliance with PCI DSS, HIPAA and security standards (i.e. "Is AV installed?", "Is the
endpoint encrypted?", “Is it patched?”etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely
Software:
Business Need: •IBM Security QRadar Log Manager,
Infirmary Health System needed to automate and strengthen •IBM Security QRadar SIEM,
security and endpoint management to better protect data and •IBM BigFix Compliance, (And other
meet HIPAA and meaningful use requirements. BigFix Modules)
Solution:
Working with ESM Technology, the organization deployed a Benefits:
• Using the information collected by IBM
comprehensive security solution from IBM that helps staff secure BigFix, QRadar can see immediately if
endpoints and better detect and respond to threats across the someone is trying to exploit a
organization. vulnerability
• Based on alerts from QRadar, the
security team can now immediately
"We can now quickly, easily and accurately produce audit
remediate a vulnerability issue with
* Source: IBM CEO Study
reports for HIPAA and meaningful use compliance. This has IBM BigFix
helped us obtain a considerable sum of meaningful use • Maintain continuous compliance with
incentive dollars. “ security and regulatory policies
• Increased endpoint patching success
- Eddy Stephens, Chief Information Officer, Infirmary Health System rates from 40% to 90%
> Click here to learn about how IBM and ESM Technology • Reduced software deployment time
worked together to improve security at Infirmary Health from 7 weeks to 2 days
• Gain real-time visibility to malware and
System. (Video) hackers on their network
> Read Case Study
51 IBM Security
Customer Case Study: Concord Hospital
Founded in 1884, Concord Hospital is a regional medical center that provides comprehensive acute
care services and healthcare programs to people throughout the state.
Software:
• IBM BigFix®
Business Need:
Maintain high service levels with limited staff and budget; achieve
visibility into computing assets; automatically remediate security
and health issues on computers; validate software licensing Benefits:
usage and compliance across enterprise. • No malware infections since
solution implementation
Solution: • Increased patch compliance
from 60 to 93 percent
IBM BigFix technology, simplifies IT operations and provides the
visibility Concord Health needs to maintain a secure and healthy • Accelerated system
maintenance—from weeks to
computing environment.
hours * Source: IBM CEO Study
• 25 percent savings in software
“We have been very impressed with the solution and highly licensing costs.
recommend it to colleagues in the healthcare industry.”
52 IBM Security
Financial
Banking Imperatives:
54 IBM Security
‘Hot’ Client Imperative – PCI DSS 3.2 Compliance
BigFix helps clients pass more audits, avoid fines, improve their security posture and protect their
brand equity - all while reducing OPEX
55 IBM Security
‘Hot’ Client Imperative – Mitigate Malicious Access To Swift
Vulnerable SWIFT
BEFORE
Transaction Server 35 orders worth $951M
Vulnerable Bank made via SWIFT system
Endpoint from NY Fed USD Account
̶ Roaming, off-network, laptops which go unpatched and non-compliant for days to months
• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix
PCs/ATMs/Servers
• Non-compliance with PCI-DSS 3.2 and security standards (i.e. "Is AV installed?", "Is the
endpoint encrypted?", “Is it patched?” etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely, before,
during and after an attack
Back-up module
How do clients use BigFix?
• Disable unapproved USB storage devices • Enable enterprise-wide Windows migration
• Patch OpenSSL Heartbleed vulnerabilities • Prevent unapproved devices from connecting including removable storage
• Locate a stolen laptop with sensitive data • Ensure third-party agents are always available and current
• Reduce OPEX by $3M via server consolidation • Keep systems free of unwanted/risky applications
• Discover machines running older, non-compliant OS version
• Patch convoluted Adobe Acrobat upgrade paths
• Schedule patches / maintenance based on business- relevant schedules
• Discover non-approved or rogue wireless access points
• Systematically schedule computers to be turned off to conserve energy
• Save $1M in annual software license costs
• Automate decryption, switch network settings, rebrand pc’s as part of
• Monitor endpoints where IE is storing autocomplete passwords acquisition
• Reduce help desk calls by 78% leading to $10M savings • Remotely reimage computers avoiding costly travel/shipping costs
within 6 months
• Monitor system drive space usage on servers or workstations
• Quarantine machines with compromised MD5 hashes
• Delete or rename files across a large group of machines
and 150 other IOCs
• Identify core infrastructure, domain controllers, DNS / DHCP / Win servers
• Kill an SCCM task which was accidentally rebooting 30,000 servers
• Determine patch status and percentage of the environment patched
• Reset key security controls changed by a malicious user or malware
• Deploy McAfee virus definitions when EPO servers lose communications
• Complete out-of-band MS Security patch to remote users with endpoints
hours after release
• Update Symantec product when group update server fails
• Repair corrupted AV signature files from Symantec
• Repair enterprise wide, patient-facing vulnerabilities in minutes
• Keep SCCM running when WMI fails
61 IBM Security
IBM BigFix Architecture
• Highly active community contributing 10k fixlets • Leverages existing systems / shared
infrastructure
62 IBM Security
An integrated and intelligent security immune system
Indicators of compromise
Security IP reputation Threat sharing
Ecosystem Threat Incident and threat management
Real Time Visibility Intelligence
Firewalls
Continuous Enforcement Sandboxing
Endpoint Network
Rapid Remediation Virtual patching
Network visibility
Data Identity
Data monitoring and and Privileged identity management
Data access control Apps Access Entitlements and roles
Application scanning Cloud Access management
Cloud access Workload
Application security management security broker protection Identity management
63 IBM Security
IBM BigFix Accelerate risk prioritization and expedite
remediation
REAL TIME Infirmary Health System is the largest non-government healthcare team in
VISIBILITY Alabama, treating more than 100,000 patients annually. The organization
includes three acute-care hospitals, three rehabilitation hospitals, three
outpatient facilities and more than 30 medical clinics.
CONTINUOUS
Business Need:
ENFORCEMENT Infirmary Health System needed to automate and
Benefits:
strengthen security and endpoint management to better • Using the information collected by IBM
protect data and meet HIPAA and meaningful use BigFix, QRadar can see immediately
RAPID requirements. if someone is trying to exploit a
REMEDIATION vulnerability
• Based on alerts from QRadar, the
Solution: security team can now immediately
Working with ESM Technology, Infirmary deployed a remediate vulnerabilities with IBM
comprehensive security solution from IBM that helps BigFix
staff secure endpoints and better detect and respond to • Maintain continuous compliance with
threats across the organization. security and regulatory policies
• Increased endpoint patching success
rates from 40% to 90%
"We can now quickly, easily and accurately produce • Reduced software deployment time
audit reports for HIPAA and meaningful use compliance. from 7 weeks to 2 days
This has helped us obtain a considerable sum of • Gain real-time visibility to malware and
hackers on their network
meaningful use incentive dollars. “
64 IBM Security
Compliance report?
65 IBM Security
A new platform for security collaboration
NEW
IBM Security App Exchange
Validated
security apps
Single platform
for collaboration
Access to partner
innovations
Fast extensions to
security functionality
66 IBM Security