ibm bigfix · 2017-10-25 · 2 ibm security why today’s attacks are so successful million...
TRANSCRIPT
IBM BigFixEndpoint Security and Management
Resemble Systems
2 IBM Security
Why today’s attacks are so successful
MILLION unfilled security
positions by 20201.585 security tools from 45 vendors
PERCENT endpoint vulnerabilities exploited
(over a year after CVE was published)99 201DAYS -- average time
to identify a data breach
ZERO DAY exploits
in major breaches
over the last 24 months0NSA: No zero days were used in any high profile breaches over last 24 months
Poor cyber hygiene – the fundamental problem
September 2016
3 IBM Security
Lack of
Visibility
Complexity of prioritization
and Investigations
Ineffective
Remediation
Incomplete visibility of endpoint
status provides poor context for
risk reduction or detection of
malicious activity
Limited visibility, limited skills and
overwhelming amounts of data inhibit
accurate planning, investigations and
decision making
Disparate tools and teams reduce the
ability to both proactively reduce
endpoint attack surface and effectively
respond to malicious activity
Where endpoint security tools are challenged
We are letting attackers in, failing to detect them in context,
and failing to respond effectively
4 IBM Security
The Collaborative Endpoint Security and Management Platform
IBM BigFix
DETECT COMPLIANCE LIFECYCLE INVENTORY PATCH
Detect and
respond to
malicious activity
Continuous policy
enforcement and
reporting
Software patching,
distribution and
provisioning
Audit authorized
and unauthorized
software
Automated
patching with high
first pass success
IT SECURITY IT OPERATIONS
5 IBM Security
• Discover and audit all endpoints
however connected
Configuration
Compliance
Patch level
SW versions etc
• Detect evasive malware and behavior
• Vulnerability and configuration
management and prioritization
• A trusted advisor guides analyst
investigation, in context, to define:
• Veracity of the attack
• Scope and potential enterprise wide
impact
• Full Range of Remediation actions
required
• Continuously and proactively reduceyour attack surface
• Based on investigation findings:
Immediately contain the attack
Roll out enterprise wide
remediation packages in minutes
or hours
SEEClearly
UNDERSTANDCompletely
ACTPrecisely
The IBM BigFix Platform – See, Understand and Act
6 IBM Security
ESG
IBM BigFix Detect is a unified platform that allows organizations to
not only manage threat detection but also remediation to expedite
reducing the attack surface area.
It's also entering a market where the bar is high with respect to
both functionality and innovation, and has cleared that bar with
the integration of detection and remediation. The user interface
also looks great, which is important to streamline workflows.
DOUG CAHILL
7 IBM Security
Real-time Visualization of Endpoint StatusIBM BigFix
• Discover and audit all endpoints- PCs, Macs, *nix, Servers, ATMs, POS, etc.
- Continuously assess configuration, security,
compliance and patch posture
- Inventory all software, usage and licensing
• Efficient use of low bandwidth and intermittent connections
• Simple Queries provide precise enterprise wide reports on endpoint status in second
• Map file hashes and processes to CVE’s
• Extensive configuration, drift and compliance reports
IBM BigFix helps protect over 50,000 PCs, servers and ATMs
across thousands of locations with one console
Major US Bank
SEE Clearly
UNDERSTAND
Completely
ACT
Precisely
8 IBM Security
You can’t secure what you can’t see...with BigFix you can see all, know all!
IBM BigFix
SEE Clearly
UNDERSTAND
Completely
ACT
Precisely
9 IBM Security
IBM BigFix
Detect
External
Intelligence
Direct
Intelligence
Detecting evasive behavior
• Detection is dynamic and behavioral “IoA” based and does not rely upon
static signatures or IoC’s
• Endpoint agents analyze activity independently at kernel level, using a
deep understanding of the latest malicious tactics, techniques and
procedures (TTP’s), based on:
Direct intelligence from 20+M endpoints
IBM+ human intelligence*
External threat feeds
Behavioral-based Endpoint
Analysis and Detection
SEE Clearly
UNDERSTAND
Completely
ACT
PreciselyHuman
Intelligence
TTP
Analysis
* Additional IBM Threat Hunting service planned
10 IBM Security
IBM BigFix
Detect
Actionable investigation:
• As detection is only the beginning, security analysts are provided with a trusted advisor to ascertain: Is this a real attack?
What’s the root cause and scope?
What’s the appropriate contain and remediate response?
• Powerful enterprise wide hunting and searching tools Free-text historical searches to provide timeline
Ad hoc IoC searches
Process tree drill down and traversal
• Watson cognitive investigation included via QRadar
What, where, and how to respond
CFCADC2085FB
ACDCFC1219C
BCFACDC2542B
ADEFCBC245FA
Endpoint AFBCED3694E“PATIENT ZERO”
SEE Clearly
UNDERSTAND
Completely
ACT
Precisely
11 IBM Security
IBM BigFix
Detect
SEE Clearly
UNDERSTAND
Completely
ACT
Precisely
Enrich QRadar security intelligence with BigFix endpoint states and alerts
SuspectedIncidentsServers and
mainframes
Data activity
Network & virtual activity
Application activity
Configuration information
Security devices
Users and identities
Vulnerabilities and threats
Global threat intelligence
AutomatedOffenseIdentification
• Unlimited data collection, storage and analysis
• Built in data classification
• Automatic asset, service and user discovery and profiling
• Real-time correlation and threat intelligence
• Activity baselining and anomaly detection
• Detects incidentsof the box
Embedded
Intelligence
Prioritized
Incidents
BigFix endpoint
deep intelligence • Patches applied
• Configurations
changed
• Applications
installed
Detection
• Alerts generated
12 IBM Security
Extend QRadar Reach and Remediate FasterIBM BigFix
IBM QRadarIBM BigFix
Real-time endpointintelligence
Security Analytics
• Improves asset database accuracy
• Strengthens risk assessments
• Enhances compliance reporting
• Accelerates risk prioritization of threats and vulnerabilities
• Increases reach of vulnerability assessment to off-network endpoints
Integrated,closed-loop
riskmanagement
Provides current
endpoint status
Correlates events
and generates alerts
Prompts IT staff
to fix vulnerabilities
SEE Clearly
UNDERSTAND
Completely
ACT
Precisely
13 IBM Security
Continuous policy enforcement and compliance across all endpoints
IBM BigFix
98%+ patch and update compliance rate on 4,000+ workstations with 50% reduced labor costs
Infirmary Health System
Your policies should be a floor, not a ceiling
• Continuous controls monitoring achieves a
constant foundational standard baselines
- Security
- Configuration
- Compliance
- Patch levels
• Allow Security and IT Operations to collaborate
on patch and configuration management
• System / kernel level agent provides deeper
visibility and control
• Force the bad guys to use zero-day exploits
Compliance Approaches
Time
Co
mp
lia
nc
eContinuousPoint in Time
SEE Clearly
UNDERSTAND
Completely
ACT
Precisely
14 IBM Security
Unparalleled Volume of Pre-built ContentIBM BigFix
• Extensive library of 500,000+ prebuilt controls, policies and checklists for PCI, CIS, SANS, DISA STIGs, FDCC, USGBC, NIST, SCAP and more
• 3rd party AV management to ensure that Symantec, McAfee, Trend Micro, Sophos and others are always installed and current
SEE Clearly
UNDERSTAND
Completely
ACT
Precisely
15 IBM Security
IBM BigFix Accelerate and Automate PCI 3.2 Compliance
IBM BigFix Compliance PCI add-on helps clients comply with PCI DSS 3.2
requirements across the enterprise in a more cost-effective manner and
reduce the overall data breach risks
BigFix compliance capabilities
tailored to support PCI DSS 3.2
• Covers the majority of machine
enforceable requirements
• Continuous monitoring and
remediation
• Specialized dashboards
• Reports based on requirement,
milestone, or platform
SEE Clearly
UNDERSTAND
Completely
ACT
Precisely
16 IBM Security
IBM BigFix
Detect
Containment: Stopping an attack in its tracks
• Once the attack is understood, precise action must be taken immediately
to remove the files, processes, or systems being used in the attack
Actions: Quarantine device, quarantine file, kill process and fix registry etc.
Kernel level agent provides greater visibility and granular controlSEE Clearly
UNDERSTAND
Completely
ACT
Precisely
But now that the bleeding has stopped, how do we repair our
systems and eliminate the vulnerabilities that were exploited?
17 IBM Security
IBM BigFix
DetectRoll out enterprise wide attack remediation in minutes / hours
• The initial phase of remediation is to return the endpoints to their pre
infected state, but that does not make them more secure
• The power of having detect capabilities directly integrated into an endpoint
management platform
Integrated “closed loop” remediation
Full range of responsive actions from patching to remote re imaging
Massive pre validated library of OS and application packages
Allows Security and IT Operations to collaborate on both proactive hardening
and reactive response
SEE Clearly
UNDERSTAND
Completely
ACT
Precisely
IT SECURITY IT OPERATIONS
18 IBM Security
IBM BigFix
US Foods, Inc. distributes more than 350,000 products to more than 250,000 customers, including independent and multiunit restaurants, healthcare and hospitality companies, and government and educational institutions.
Business NeedUS Foods needed an automated, centralized endpoint management solution to replace cumbersome software audit, compliance monitoring and application deployment processes across 15,000 endpoints.
SolutionThe company deployed the IBM BigFix to ensure software license compliance across all of its 15,000 endpoints as well as to reduce its device-related electricity costs and compress its patch and application deployment cycles.
BenefitsHelped reduce patch deployment times by 80 percent, saving $USD 500,000 on software licenses and avoiding more than $USD 1 million in license noncompliance audits.
“Out of the box, IBM BigFix dramatically streamlined our patch deployment processes…, increased confidence in our software usage data and enhanced our lifecycle management and power management processes significantly.”
- Dan Corcoran, director of client technology, US Foods
Client success story: U.S. Foods
SEE
UNDERSTAND
ACT
19 IBM Security
IBM BigFix Security and Compliance At Scale
“More than 55 U.S. Federal agencies have standardized
on IBM BigFix to manage and secure over 4 million workstations,
servers (both physical and virtual), and many other endpoints
across a vast array of operating systems.
Such solutions deliver real-time, continuous endpoint security and
compliance by leveraging a library of many thousands of checks...”
- Department of Interior Inspector General Recommends BigFix
- DOI IG Report
- IBM blog
SEE
UNDERSTAND
ACT
20 IBM Security
IBM BigFix Fastest incident response and payback
Patching 2-Node Cluster Client Example
Pre IBM BigFix Post IBM BigFix
11.5 man hours for patch completion 80 minutes for patch completion
3.5 hour maintenance window <10 minutes of admin labor
3 to 4 FTE to work in parallel 96%+ savings
SEE
UNDERSTAND
ACT
WNS (Holdings) Ltd. decreased time to deploy large-scale sites
by 80%, reduced labor costs by 20%, and cut power usage by
over 20%
Sabadell United Bank reduced time to execute and deploy
patches by 6X, improved patch compliance, and cut time to
deploy vendor patches for zero-day vulnerabilities from weeks
to one day.
Penn state University saved an estimated annual energy cost
of $700,000 through power management. They also enabled
remote patching, configuration management, support and
software deployment.
Suntrust achieved a 127% ROI with payback in 9 months;
saving a total of $2.65M. Implemented a patch management
solution to 50,000 endpoints spread across nearly 1,800
locations in three months with just two staff members
21 IBM Security
IBM BigFix
Resolving a critical issue on ~600 servers in under four hours with IBM BigFix
The security team used IBM BigFix to remediate ~600 servers while they could previously only address 35 servers
Major US Retailer
• Issue discovered and teams mobilized
• Teams created necessary patch scripts within a fixlet and tested manually
• Fixlets were pushed to the BigFix server for distribution
Total Time
~ 4 Hours
• Endpoint management team executed analysis of systems to determine which systems were vulnerable
• Corrective actions were implemented using IBM BigFix
PREPARE (less than 3 hours)
DEPLOY (less than 30 minutes)
• Scanned and deployed to ~600 servers in less than 30 minutes
• New systems reporting online were automatically addressed within minutes based upon their group membership
SCAN (less than 30 minutes)
How a retail giant responded to zero-day vulnerability
SEE
UNDERSTAND
ACT
22 IBM Security
IBM BigFix
Detect
Summary: Transforming endpoint security and management in one platform
SEE
Clearly
UNDERSTAND
Completely
ACT
Precisely
• Complete visibility into endpoint security posture and malicious activity
Seeing only half the picture in 15 seconds is not enough
• Continuous attack surface reduction, compliance and reporting
Immediate and perpetual reduction in risk
• Guided incident investigation in a platform that can implement complete
remediation
Drastic increase in response speed, completeness and efficacy
• Allows Security and IT Ops teams to collaborate
More effective proactive and reactive threat response
IBM BigFix
23 IBM Security
EMA
BigFix Detect should put fear into endpoint security tools trying to
maintain or gain market share in the EDR space. As the new EDR
competitive features are vetted on efficacy for detection, current
BigFix users will be able leverage one package for both EDR and
advanced endpoint / lifecycle management.
As BigFix shows its stuff in the market, competitors will either need
additional partnerships or will need to build out additional
capabilities to meet its full suite capabilities.
DAVID MONAHAN
24 IBM Security
A Global Leader in Enterprise Security
• #1 in enterprise security
software and services*
• 7,500+ people
• 12,000+ customers
• 133 countries
• 3,500+ security patents
• 15 acquisitions since 2005*According to Technology Business Research, Inc. (TBR) 2016
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU
Product-level module Insert Slides
IBM BIGFIX
27 IBM Security
Detect Compliance Lifecycle Inventory Patch
Detect and respond to
malicious activity
Continuous policy
enforcement and
reporting
Software patching,
distribution and
provisioning
Audit authorized
and unauthorized
software
Automated patching
with high first pass
success
• Asset discovery
• Patch management
• Query
• Detect
• Investigate
• Response
• Software distribution
• Asset discovery
• Patch management
• Query
• Security configuration
management
• Vulnerability assessment
• Compliance analytics
• Third-party anti-virus
management
• Self quarantine
• Add-on: PCI DSS
• Asset discovery
• Patch management
• Query
• Software distribution
• Advanced patching /
Task Automation
• Remote control
• OS deployment
• Power management
• Self-Service App &
Profile Management
• Software / hardware
inventory
• Software usage
reporting
• Software catalogue
correlation
• ISO 19770 software
tagging
• OS patching
• Third-party application
patching
• Offline patching
IBM BigFix
IBM BigFix
FIND IT. FIX IT. SECURE IT… FAST
IT SECURITY IT OPERATIONS
The Collaborative Endpoint Security and Management Platform
28 IBM Security
Leading Analyst
BigFix Detect should put fear into endpoint
security tools trying to maintain or gain market
share in the EDR space. As the new EDR
competitive features are vetted on efficacy for
detection, current BigFix users will be able
leverage one package for both EDR and
advanced endpoint / lifecycle management.
As BigFix shows its stuff in the market,
competitors will either need additional
partnerships or will need to build out
additional capabilities to meet its full suite
capabilities.
DAVID MONAHAN - EMA
Detect client benefits
• Deeper visibility into endpoint security posture
and malicious activity. Seeing only half the
picture in 15 seconds is not enough
• Continuous attack surface reduction provides
immediate and perpetual reduction in risk
• Guided incident investigation in a platform that
can implement complete remediation provides
a drastic increase in response speed,
completeness and efficacy
• Allows Security and IT Ops teams to
collaborate for more effective proactive and
reactive threat response
29 IBM Security
Infirmary Health System
4,000Individual workstations that need
to be protected and compliant
MinutesTo complete an accurate asset inventory
98%Patch and update compliance rate
50%Reduction in labor costs
Compliance client benefits
• Continuous enforcement of operational,
security and regulatory policies with up-to-the
minute visibility of compliance status
• Automatic quarantine actions that isolate
out of compliance endpoints until remediation
is complete
• Reduce patching cycles from days or weeks
to hours with over 99% first-pass patch
success rate
• Deploy, update and health check
third-party antivirus solutions
30 IBM Security
Inventory client benefits
• Reduce license compliance exposure
and associated fines
• Decrease software license costs
by reducing the amount of unused
or redundant software
• Mitigate risk from malicious software
• Discovery of all licensed and unlicensed
software with in-depth granularity across all
operating systems and devices
15,000Number of endpoints needing software
compliance management
80%Reduced patch deployment time
$500,000USD saved on unused software licenses
$1 millionUSD license noncompliance fines avoided
US Foods
31 IBM Security
27,000Virtual servers
3,000Distinct stores
99%Savings in deployment time
2IT staff needed to manage 27,000 servers
distributed in over 3,000 locations
Lifecycle client benefits
• Streamline asset discovery and software
distribution for 90+ operating systems
• Single pane of glass to manage the lifecycle
and security configuration of all endpoints
• Prebuilt automation scripts to simplify server
build and configuration management
• Automated patching for physical,
virtual and clustered servers
• Role based software deployment
and user self-provisioning
• Hardware independent OS imaging
and driver management
Major US Retailer
32 IBM Security
SunTrust Banks
50,000PCs, servers and ATMs that need
to be protected and compliant
1,800Branch locations
98.5%Patch and update compliance rate
1Console needed to see, change, enforce
and report on patch compliance status
Patch client benefits
• Deliver patches for over 90+ OS such as
Microsoft Windows, UNIX, Linux and Mac OS;
and for application vendors including Adobe,
Mozilla, Apple and Java
• Compresses patch cycles to minutes or hours
with more than 99 percent first-pass success
• Provide patches to distributed endpoints
regardless of their location, connection type
or status
• Real-time reporting and automated self-
assessment (no centralized or remote
scanning required)
Industry-level moduleInsert Slides
IBM BIGFIX
Higher Education
35 IBM Security
Endpoint Security Challenges in Higher Ed
• Constantly under pressure to cut costs
• Insufficient visibility into all assets (you can't secure what you can't see).
Remote locations with varying degrees of bandwidth and no IT. Endpoints often stay unpatched and non-
compliant with security standards for lengthy periods of time.
Roaming, off-network, laptops which similarly remain unpatched and non-compliant until the user
reconnects to the school/hospital/agency network.
• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix PCs and
Servers
• Non-compliance with PCI-DSS 3.2 and security standards (i.e. "Is AV installed?", "Is the
endpoint encrypted?", “Is it patched?” etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely
BigFix Delivers Value In All Areas
36 IBM Security
BigFix Best Practices for Higher Education
• Individual departments
Single tool for managing PCs, Macs and *Servers vs. SCCM+Casper+??
Interrogate endpoints with unprecedented speed and accuracy vs. writing WMI scripts
Accelerate Green IT initiatives with PC and Mac power management – reduce energy
costs and carbon footprint
• Central IT Security
Report on each department's compliance with the university's compliance policies
Allow departments to use their remediation tool of choice (i.e. BigFix, SCCM, Casper, etc).
BigFix agent uses <2% CPU and 10-15MB RAM. Coexists well with a other tools, while
providing the real-time, system-wide visibility and compliance
37 IBM Security
Representative List of Higher Ed BigFix Client Websites
• Stanford University (link)
• University of Illinois (link)
• University of Florida (link)
• San Jose State University (link)
• University of Santa Cruz (link)
• University of Michigan (link)
• Duke University (link)
• Penn State University (link)
• University of Southern California (link)
All sites are public. Please share with clients!
38 IBM Security
* Source: IBM CEO Study
Benefits:
• Reduced energy costs by US$288,000 per year with annual savings expected to reach US$800,000
• Decreased IT time required to manage classroom and lab computers
• Improved security with faster deployment of patches and software applications.
Business Need:
With energy costs doubling, Penn State looked to reduce
unnecessary power consumption from leaving classroom, lab, and
departmental computers on, when they were not in use.
Customer Case Study: Penn State
Solution:The University implemented an end-to-end endpoint
management solution that combines power, lifecycle, patch and
security management to reduce energy costs while improving the
reliability and security of campus computers.
“We expect almost US$800,000 in annual savings, once all of our
approximately 20,000 workstations are under IBM BigFix and similar
power management settings are applied.”
Chris Sacksteder, Manager, Systems Development Group, Penn State
Software:
• IBM BigFix®
Chartered in 1855, The Pennsylvania State University (Penn State) is a public university based inUniversity Park, Pennsylvania.
Distribution
40 IBM Security
“A top priority for retailers is to protect customer relationships. To build and maintain that trust in
an omni-channel marketplace is a real challenge and one that retailers tackle head on, investing
significantly in technology that not only provides value to customers but also protects them from
fraud and data theft. “
National Retail Federation (link)
Security In Distribution
Hundreds of distribution companies have standardized on IBM BigFix to keep all
endpoints current, secure and compliant, regardless of their OS, location or connectivity
41 IBM Security
Endpoint Security Challenges in Distribution
• Insufficient visibility into all assets (you can't secure what you can't see).
Remote locations with varying degrees of bandwidth and no IT. Endpoints often stay
unpatched and non-compliant with security standards
Roaming, off-network, laptops which go unpatched and non-compliant for days to months
• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix
PCs/POS/Servers
• Non-compliance with PCI-DSS 3.2 and security standards (i.e. "Is AV installed?", "Is
the endpoint encrypted?", “Is it patched?” etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely,
before, during and after an attack
• Constantly under pressure to cut costs
BigFix Delivers Value In All Areas
42 IBM Security
‘Hot’ Client Imperative – PCI DSS 3.2 Compliance
• PCI DSS 3.2 announced earlier
this year.
• All checklists in BigFix
Compliance's PCI add-on solution
are now at PCI DSS 3.2 level
• BigFix enables clients to
accelerate and automate PCI
compliance at the lowest TCO.
No one receives 'extra points' for spending more to pass audits.
BigFix helps clients pass more audits, avoid fines, improve their security posture and protect their
brand equity - all while reducing OPEX
43 IBM Security
* Source: IBM CEO Study
Benefits:
• Helped reduce patch deployment times by 80 percent, saving USD500,000 on software licenses and avoiding more than USD1 million in license noncompliance fines.
Business Need:
US Foods needed an automated, centralized endpoint
management solution to replace cumbersome software
compliance monitoring and application deployment processes
across 15,000 endpoints.
Customer Case Study: US Foods
Solution:The company deployed the IBM BigFix® solution to ensure
software license compliance across all of its 15,000 endpoints as
well as to reduce its device-related electricity costs and compress
its patch and application deployment cycles.
> Read Case Study
“Out of the box, IBM BigFix® software dramatically streamlined our
patch deployment processes…, increased confidence in our software
usage data and enhanced our lifecycle management and power
management processes significantly.”
Dan Corcoran, director of client technology, US Foods
Software:
• IBM BigFix®
US Foods, Inc. distributes more than 350,000 products to more than 250,000 customers, including independent andmultiunit restaurants, healthcare and hospitality companies, and government and educational institutions.
Government
45 IBM Security
“More than 50 U.S. Federal agencies have standardized on IBM BigFix to manage and secure over 3 million
workstations, servers (both physical and virtual), and many other endpoints across a vast array of operating
systems. Such solutions deliver real-time, continuous endpoint security and compliance by leveraging a library of
many thousands of checks.. “
“National Security Requires Real-Time Endpoint Compliance” (link)
BigFix In Federal Government
46 IBM Security
Endpoint Security Challenges in Government
• Constantly under pressure to increase continuous diagnostics and mitigation capabilities
• Insufficient visibility into all assets (you can't secure what you can't see).
Remote locations with varying degrees of bandwidth and no IT. Endpoints often stay unpatched and non-
compliant with security standards for lengthy periods of time.
Roaming, off-network, laptops which similarly remain unpatched and non-compliant until the user
reconnects to the school/hospital/agency network.
• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix
PCs/POS/Servers
• Non-compliance with SCAP, PCI DSS, FDCC, CIS, DISA STIG, security standards (i.e. "Is AV
installed?", "Is the endpoint encrypted?", “Is it patched?”etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely
BigFix Delivers Value In All Areas
47 IBM Security
* Source: IBM CEO Study
Benefits:
• USMC gained granular, near- real-time visibility into IT assets across the enterprise and automated patch and security configuration management.
• The client dramatically improved security audit scores within hours of deployment.
• Improved patch management first-time success rates by more than 95 percent.
• The solution enabled the client to bolster its security posture while lowering its total cost of ownership.
Business Need:
The US Marine Corps (USMC) lacked visibility into the health of
its IT assets and had to spend considerable labor and costs to
perform security audits. It was using multiple tools across low-
bandwidth communications links for the warfighters, resulting in
labor-intensive patch management. In addition, the organization
was experiencing low first-time patch management success rates
for distributed end points
Customer Case Study: US Marine Corps
Solution:USMC implemented IBM BigFix Compliance and IBM BigFix
Inventory software. The client uses the IBM BigFix Compliance
software to support endpoint security across the enterprise. The
software helps the client protect endpoints and assures its
regulators are meeting security compliance standards. The client
uses the IBM BigFix Inventory software to track software usage
across its entire inventory to improve planning and budgeting
and to maintain vendor license compliance.
Software:• IBM BigFix Compliance
• IBM BigFix Inventory
The US Marine Corps (USMC) has been a component of the US Navy, which is the naval warfareservice branch of the US Armed Forces and is subordinate to the US Department of Defense. It isbased in the Pentagon, in Virginia.
Please get email
permission from Tom
Burke before
publishing
Healthcare
49 IBM Security
“Continuous monitoring of risk and compliance with regulations such as 21 CFR Part II, HIPPA, PCI DSS, and more is
essential to driving effective IT security and brings health care institutions full circle to the first step of establishing a security
baseline.”
Preemptive Security Solutions for Healthcare (link)
BigFix In Healthcare
50 IBM Security
Endpoint Security Challenges in Healthcare
• Constantly under pressure to cut costs
• Insufficient visibility into all assets (you can't secure what you can't see).
Remote locations with varying degrees of bandwidth and no IT. Endpoints often stay unpatched and non-
compliant with security standards for lengthy periods of time.
Roaming, off-network, laptops which similarly remain unpatched and non-compliant until the user
reconnects to the school/hospital/agency network.
• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix
PCs/POS/Servers
• Non-compliance with PCI DSS, HIPAA and security standards (i.e. "Is AV installed?", "Is the
endpoint encrypted?", “Is it patched?”etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely
BigFix Delivers Value In All Areas
51 IBM Security
* Source: IBM CEO Study
Business Need:
Infirmary Health System needed to automate and strengthen
security and endpoint management to better protect data and
meet HIPAA and meaningful use requirements.
Solution:Working with ESM Technology, the organization deployed a
comprehensive security solution from IBM that helps staff secure
endpoints and better detect and respond to threats across the
organization.
> Read Case Study
"We can now quickly, easily and accurately produce audit
reports for HIPAA and meaningful use compliance. This has
helped us obtain a considerable sum of meaningful use
incentive dollars. “
- Eddy Stephens, Chief Information Officer, Infirmary Health System
Software:•IBM Security QRadar Log Manager,
•IBM Security QRadar SIEM,
•IBM BigFix Compliance, (And other BigFix Modules)
Infirmary Health System is the largest non-government healthcare team in Alabama, treating morethan 100,000 patients annually. The organization includes three acute-care hospitals, threerehabilitation hospitals, three outpatient facilities and more than 30 medical clinics.
> Click here to learn about how IBM and ESM Technology
worked together to improve security at Infirmary Health
System. (Video)
Benefits:• Using the information collected by IBM
BigFix, QRadar can see immediately if
someone is trying to exploit a
vulnerability
• Based on alerts from QRadar, the
security team can now immediately
remediate a vulnerability issue with
IBM BigFix
• Maintain continuous compliance with
security and regulatory policies
• Increased endpoint patching success
rates from 40% to 90%
• Reduced software deployment time
from 7 weeks to 2 days
• Gain real-time visibility to malware and
hackers on their network
Customer Case Study: Infirmary Health
52 IBM Security
* Source: IBM CEO Study
Benefits:
• No malware infections since solution implementation
• Increased patch compliance from 60 to 93 percent
• Accelerated system maintenance—from weeks to hours
• 25 percent savings in software licensing costs.
Business Need:
Maintain high service levels with limited staff and budget; achieve
visibility into computing assets; automatically remediate security
and health issues on computers; validate software licensing
usage and compliance across enterprise.
Customer Case Study: Concord Hospital
Solution:IBM BigFix technology, simplifies IT operations and provides the
visibility Concord Health needs to maintain a secure and healthy
computing environment.
> Read Case Study
“We have been very impressed with the solution and highly
recommend it to colleagues in the healthcare industry.”
Mark Starry, Manager of IT Infrastructure & Security, Concord Hospital
Software:
• IBM BigFix®
Founded in 1884, Concord Hospital is a regional medical center that provides comprehensive acutecare services and healthcare programs to people throughout the state.
Financial
54 IBM Security
• Accelerate and Automate PCI 3.2 Compliance
• Mitigate Malicious Access to Swift
• Secure Remote PCs/ATMs/Servers
Banking Imperatives:
55 IBM Security
‘Hot’ Client Imperative – PCI DSS 3.2 Compliance
• PCI DSS 3.2 announced earlier
this year.
• All checklists in BigFix
Compliance's PCI add-on solution
are now at PCI DSS 3.2 level
• BigFix enables clients to
accelerate and automate PCI
compliance at the lowest TCO.
No one receives 'extra points' for spending more to pass audits.
BigFix helps clients pass more audits, avoid fines, improve their security posture and protect their
brand equity - all while reducing OPEX
56 IBM Security
Proactive Phase Reactive Phase
Continuous Carbon Black to BigFix
feedback loop for any
remediation/patching action required
to eliminate vulnerabilities
Hardened SWIFT Transaction Server
Compromise of hardened server
mitigated via continuous
• compliance
• patching
• file/process reporting
• whitelisting (option)
If criminal does gain access to server,
malicious activity can be recognized and
alerted and acted upon (e.g. specific SWIFT
related malware behavior / IOC’s can identify
root cause – file/device)
BEFORE
AFTER
Vulnerable Bank
Endpoint
35 orders worth $951M
made via SWIFT system
from NY Fed USD Account
Vulnerable SWIFT
Transaction Server
Vast majority of endpoint
vulnerabilities are eliminated with
continuous compliance and
patching
Hardened Bank Endpoint
‘Hot’ Client Imperative – Mitigate Malicious Access To Swift
Please view in ‘Presentation’ mode
57 IBM Security
• Banks lack sufficient visibility into all assets (you can't secure what you can't see).
Remote locations with varying degrees of bandwidth and no IT. Endpoints often stay unpatched and non-
compliant with security standards
Roaming, off-network, laptops which go unpatched and non-compliant for days to months
• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix
PCs/ATMs/Servers
• Non-compliance with PCI-DSS 3.2 and security standards (i.e. "Is AV installed?", "Is the
endpoint encrypted?", “Is it patched?” etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely, before,
during and after an attack
• Constantly under pressure to cut costs
‘Hot’ Client Imperative – Secure Remote PCs/ATMs/Servers
BigFix Delivers Value In All Areas
Energy, Power, Industrial(Any business with Industrial Control Systems)
59 IBM Security
NERC CIP Compliance
• Standard enterprise challenges, plus:
• Non-compliance with NERC CIP on traditional Win/*nix endpoints and Industrial Control
Systems
• Contact RK Neal & Associates: Holistic NERC CIP solution which includes BigFix Patch for Win/*nix endpoints
Integrates QRadar and Carbon Black
Great upsell opportunity to complement RK Neal Verve
Great expansion opportunity to enterprise endpoints
• Contact John Livingston ([email protected])
BigFix Delivers Value In All Areas
Back-up moduleIBM BIGFIX
61 IBM Security
How do clients use BigFix?
• Disable unapproved USB storage devices
• Patch OpenSSL Heartbleed vulnerabilities
• Locate a stolen laptop with sensitive data
• Reduce OPEX by $3M via server consolidation
• Patch convoluted Adobe Acrobat upgrade paths
• Discover non-approved or rogue wireless access points
• Save $1M in annual software license costs
• Monitor endpoints where IE is storing autocomplete passwords
• Reduce help desk calls by 78% leading to $10M savings
within 6 months
• Quarantine machines with compromised MD5 hashes
and 150 other IOCs
• Kill an SCCM task which was accidentally rebooting 30,000 servers
• Reset key security controls changed by a malicious user or malware
• Complete out-of-band MS Security patch to remote users
hours after release
• Repair corrupted AV signature files from Symantec
• Keep SCCM running when WMI fails
• Enable enterprise-wide Windows migration
• Prevent unapproved devices from connecting including removable storage
• Ensure third-party agents are always available and current
• Keep systems free of unwanted/risky applications
• Discover machines running older, non-compliant OS version
• Schedule patches / maintenance based on business- relevant schedules
• Systematically schedule computers to be turned off to conserve energy
• Automate decryption, switch network settings, rebrand pc’s as part of acquisition
• Remotely reimage computers avoiding costly travel/shipping costs
• Monitor system drive space usage on servers or workstations
• Delete or rename files across a large group of machines
• Identify core infrastructure, domain controllers, DNS / DHCP / Win servers
• Determine patch status and percentage of the environment patched
• Deploy McAfee virus definitions when EPO servers lose communications with endpoints
• Update Symantec product when group update server fails
• Repair enterprise wide, patient-facing vulnerabilities in minutes
62 IBM Security
• Encrypts all traffic to endpoints
• Pre Verified OS/App Content Packages
• Manages up to 250K endpoints
per server
• Continuous self-assessment
• Runs in System / Kernel mode
• Minimal system impact (<2% CPU,<10MB RAM)
• Throttling for low bandwidth environments
Flexible policy language
(Fixlets)
Lightweight, easily
configurable infrastructure
Single server
and console
Single intelligent
agent
• Thousands of out-of-the-box policies
• Best practices for operations and security
• Simple custom policy authoring
• Highly active community contributing 10k fixlets
• Designate IBM BigFix agent as a relay
or discovery point in minutes
• Provides built-in redundancy
• Leverages existing systems / shared
infrastructure
IBM BigFix Architecture
63 IBM Security
Threat Intelligence
Security Analytics
Cloud
Identityand
Access
Dataand
Apps
MobileAdvanced
Fraud
NetworkEndpoint
Security Ecosystem
An integrated and intelligent security immune system
Criminal detection
Fraud protection
Workloadprotection
Cloud accesssecurity broker
Access management
Entitlements and roles
Privileged identity management
Identity management
Data access control
Application security management
Application scanning
Data monitoring
Device Management
Transaction protection
Content security
Rapid Remediation
Real Time Visibility
Virtual patching
Firewalls
Incident and threat management
Sandboxing
Network visibility
Vulnerability management Incident response
Log, flow, data analysis Anomaly detection
Indicators of compromise
IP reputation Threat sharing
Continuous Enforcement
64 IBM Security
IBM BigFix
Infirmary Health System is the largest non-government healthcare team inAlabama, treating more than 100,000 patients annually. The organizationincludes three acute-care hospitals, three rehabilitation hospitals, threeoutpatient facilities and more than 30 medical clinics.
Business Need:
Infirmary Health System needed to automate and
strengthen security and endpoint management to better
protect data and meet HIPAA and meaningful use
requirements.
Solution:Working with ESM Technology, Infirmary deployed a
comprehensive security solution from IBM that helps
staff secure endpoints and better detect and respond to
threats across the organization.
"We can now quickly, easily and accurately produce
audit reports for HIPAA and meaningful use compliance.
This has helped us obtain a considerable sum of
meaningful use incentive dollars. “
- Eddy Stephens, Chief Information Officer, Infirmary Health
System
Benefits:
• Using the information collected by IBM
BigFix, QRadar can see immediately
if someone is trying to exploit a
vulnerability
• Based on alerts from QRadar, the
security team can now immediately
remediate vulnerabilities with IBM
BigFix
• Maintain continuous compliance with
security and regulatory policies
• Increased endpoint patching success
rates from 40% to 90%
• Reduced software deployment time
from 7 weeks to 2 days
• Gain real-time visibility to malware and
hackers on their network
Accelerate risk prioritization and expedite remediation
REAL TIME
VISIBILITY
CONTINUOUS
ENFORCEMENT
RAPID
REMEDIATION
65 IBM Security
Compliance report?
66 IBM Security
A new platform for security collaboration
Enables rapid innovation to deliver new apps and content for IBM Security solutions
NEW
IBM Security App Exchange
Single platform for collaboration
Access to partner innovations
Validatedsecurity apps
Fast extensions to security functionality