| Date post: | 07-Aug-2015 |
| Category: |
Technology |
| Upload: | ibm-security |
| View: | 558 times |
| Download: | 0 times |
© 2015 IBM Corporation
Bridging the Endpoint Gap Between IT Ops and Security
Murtuza Choilawala | Product Management & Strategy, IBM Security
Rohan Ramesh | Product Marketing, IBM Security
IBM BigFix
2© 2015 IBM Corporation
IBM Security Strategy
Buyers
CISO, CIO, and Line-of-Business
Deliver a broad portfolio of solutions differentiated
through their integration and innovation to address the latest trends
Key Security Trends
IBM Security Portfolio
Strategy, Risk and Compliance Cybersecurity Assessment and Response
Security Intelligence and Operations
Advanced Fraud
Protection
Identity and Access
Management
Data Security
Application Security
Network, Mobileand Endpoint
Protection
Advanced Threat and Security Research
Support the
CISO agenda1
Innovate around
megatrends2
Lead in selected
segments3
Advanced Threats
Skills Shortage
Cloud Mobile andInternet of Things
Compliance Mandates
3© 2015 IBM Corporation
You can’t fix what you can’t see
Incident response is the No. 1 factor to reduce the cost of a data breach
Despite existing tools, breaches continue to rise Lack
of visibility and control contributes to security breaches and financial loss
*Source: 2015 Cost of a Data Breach Study: Global Analysis, Ponemon Institute, May 2015
“Major global bank compromised and
millions of depositor records stolen
due to missed server upgrade cycle”
?
global average cost
of a data breach*$3.8M
4© 2015 IBM Corporation
Siloed IT Operations and Security Teams
IT OPERATIONS
• Apply patches and fixes
• Implement security and operational policy
• Manual process takes weeks / months
IT SECURITY
• Scan for compliance status
• Create security policies
• Identify vulnerabilities
Disparate tools, manual processes, lack of integration and narrow visibility
5© 2015 IBM Corporation
Architecture Complexity Resources
Heavy, resource-intensive agent(s)
Multiple products, multiple agents
Not Internet-friendly
Why other approaches fail
Too much admin and infrastructure
Little pre-built content
Each task detracts from higher value projects
Slow, scan-based architectures
Limited coverage
Not cost-effective at scale
6© 2015 IBM Corporation
IBM BigFix: Bridge the gap between Security and IT Ops
ENDPOINT SECURITY
Discoveryand Patching
Lifecycle Management
Software Compliance and Usage
ContinuousMonitoring
ThreatProtection
IncidentResponse
ENDPOINT MANAGEMENT
IBM BigFix®
FIND IT. FIX IT. SECURE IT.
…FAST
Shared visibility and control
between IT Operations
and Security
IT OPERATIONS SECURITY
Reduce operational costs while improving your security posture
7© 2015 IBM Corporation
Single Intelligent Agent
• Performs multiple functions
• Continuous self-assessment & policy
enforcement
• Minimal system impact (< 2% CPU)
IBM BigFix
Single intelligent
agent
Lightweight, robust infrastructure
• Use existing systems as relays
• Built-in redundancy
•Support/secure roaming endpoints
Cloud-based content delivery
• Highly extensible
• Automatic, on-demand functionality
Single server and console
•Highly secure and scalable
•Aggregates data, analyzes & reports
•Pushes out pre-defined/custom policies
Real-Time Visibility
Scalability Ease of Use
BigFix
Platform
Flexible policy language (Fixlets)
• Thousands of out-of-the-box policies
• Best practices for operations and security
• Simple custom policy authoring
• Highly extensible/applicable across all platforms
8© 2015 IBM Corporation
Endpoint management
Find and fix problems in minutes, across endpoints on and off the network
IBM BigFix®
FIND IT. FIX IT. SECURE IT…FAST
Discovery
and Patching
A single console
to identify, patch
and report
on endpoints
Lifecycle
Management
Asset discovery,
software distribution
and advanced patching
across 90+ platforms
Software Compliance
and Usage
Software license
control to improve
compliance and reduce
costs and risk
ENDPOINT MANAGEMENT
Reduce admin and infrastructure costs
9© 2015 IBM Corporation
Discoveryand Patching
LifecycleManagement
Software Compliance and Usage
Discovery and patching
A single-console management system to identify, patch, and report
on multiple devices and attributes
Discover and report on every endpoint
– Desktops
– Laptops
– Servers
– Purpose-specific endpoints
e.g., ATMs and point-of-sale (POS) devices
Gain accurate, up-to-the minute visibility
and continuous enforcement of patches
Manage patches to hundreds of thousands
of endpoints, multiple operating systems
and applications – automatically
Clients report >98% first pass patch success
Protecting 50,000 PCs, servers and ATMs in 1,800 locations with one console
SunTrust Banks
10© 2015 IBM Corporation
Managing 27,000 servers across 3,000+ locations with two IT staff
Major US Retailer
Lifecycle management
Reduce cost, risk, and complexity of managing endpoints
Streamline asset discovery
and software distribution
Prebuilt automation scripts
Automated advanced patching for
physical, virtual and clustered servers
Role based software deployment
and user self-provisioning
Bare-metal provisioning, OS imaging
and driver management
PC and Mac power management
Manage the endpoint lifecycle from a single pane of glass
Discoveryand Patching
LifecycleManagement
Software Compliance and Usage
11© 2015 IBM Corporation
Software compliance and usage
Identify what software is installed and how it’s used
Discover all licensed and unlicensed software
with in-depth granularity across operating systems
and devices
Reduce license compliance exposure and associated fines
Decrease software license costs by eliminating unused
or redundant software
8,000+ software publishers, 40,000+ software products, 50+
cross OS virtualizations
Mitigate risk from unauthorized and malicious software
$
Discoveryand Patching
LifecycleManagement
Software Compliance and Usage
Saved $500K in unused software licenses while avoiding
$1M in non-compliance fines across 15,000+ endpointsUS Foods
SW Catalogue, ISO 19770 enabled
12© 2015 IBM Corporation
Disrupt the attack chain
Real-time situational awareness and incident response
IBM BigFix®
FIND IT. FIX IT. SECURE IT…FAST
Continuous Monitoring
Discover vulnerabilities and enforce
continuous complianceBEFORE an attack
Threat Protection
Detect and defend against endpoint threats
in real time DURING an attack
Incident Response
Quarantine and remediate non-compliant or
infected endpoints AFTER an attack
ENDPOINT SECURITY
Actionable IntelligenceReal-time incident response
13© 2015 IBM Corporation
98% patch and update compliance rate on 4,000+ workstations
with 50% reduced labor costsInfirmary Health System
Continuous security configuration compliance
Accurate, real-time visibility and continuous security configuration enforcement
Continuous compliance “set and forget”
• No high-risk periods
• Lower total cost
• Continued improvement
• Identify and report on any configuration drift
• Library of 9,000+ compliance checks(e.g., CIS, PCI, USGCB, DISA STIG)
Traditional compliance “out of synch”
• High-risk and cost periods
• Manual approach causes endpoints
to fall out of compliance again
Continuous Monitoring
Threat Protection
IncidentResponse
Traditional versus Continuous
Time
Co
mp
lian
ce
ContinuousTraditional
RISK
14© 2015 IBM Corporation
Advanced endpoint protection
Stop exploits before application vendors provide updates
Third-party AV ProtectionProtection IBMTrusteer Apex
• Anti-virus protection and Data
Loss Prevention
• Deploy and enforce security
configuration policies
IBM BigFix®
• Third-party anti-virus
management
• Manage compliance,
quarantine and remediate
Continuous protection from advanced persistent threats
• Multi-layered protection
designed to break the
threat lifecycle in real-time
Continuous Monitoring
Threat Protection
IncidentResponse
15© 2015 IBM Corporation
A look ahead
Integrated real-time endpoint intelligence for closed-loop risk management
IBM QRadarIBM BigFix
Real-time endpointintelligence
Network anomalydetection
Provides current
endpoint status
Correlates events
and generates alerts
Prompts IT staff
to fix vulnerabilities
• Improves asset database accuracy
• Strengthens risk assessments
• Enhances compliance reporting
• Accelerates risk prioritization of threats and vulnerabilities
• Increases reach of vulnerability assessment to off-network endpoints
Integrated,closed-loop
riskmanagement
Continuous Monitoring
Threat Protection
IncidentResponse
16© 2015 IBM Corporation
Respond to threats with blazing speed
Incident response
Fix problems in minutes
Respond to threats
and vulnerabilities with
remediation in minutes
Automatic, continuous,
closed-loop remediation
of endpoints
Implement policies across
the organization for on-
and off-network endpointsRemediate
Evaluate
Report
Continuous Monitoring
ThreatProtection
IncidentResponse
17© 2015 IBM Corporation
PREPARE (less than 3 hours)
How a retail giant responded to the Shellshock / Bash bugResolving a critical issue on ~600 servers in under four hours with IBM BigFix
• Issue discovered and teams mobilized
• Teams created necessary patch scripts within a fixlet and tested manually
• Fixlets were pushed to the BigFix server for distribution
The security team used IBM BigFix to remediate ~600 servers while they could previously only address 35 servers
Major US Retailer
Total Time
~ 4 Hours
PREPARE (less than 3 hours)
SCAN (less than 30 minutes)DEPLOY (less than 30 minutes)
• Endpoint management team executed analysis of systems to determine which systems were vulnerable
• Corrective actions were implemented using IBM BigFix
SCAN (less than 30 minutes)
• Scanned and deployed to ~600 servers in less than 30 minutes
• New systems reporting online were automatically addressed within minutes based upon their group membership
SCAN (less than 30 minutes)
18© 2015 IBM Corporation
IBM BigFix – Unified Management and Security
Lifecycle Inventory Patch Compliance Protection
Patch Mgmt
Asset Discovery
SW Distribution
Advance Patching
Remote Control
OS Deployment
Power Mgmt
Sequenced Task
Automation
SW/HW Inventory
SW Usage
Reporting
Software Catalogue
Correlation
SW Tagging
OS Patching
3rd party App
Patching
Offline Patching
Patch Mgmt
Sec Config Mgmt
Vuln Assessment
Comp Analytics
3rd Party AV Mgmt
Self Quarantine
Add-on:
PCI DSS
Anti-Malware
Firewall
Add-on:
Data Loss
Prevention &
Device Control
IT OPERATIONS SECURITY
IBM BigFix®
FIND IT. FIX IT. SECURE IT… FAST
19© 2015 IBM Corporation
Gartner has recognized IBM as a leader
Magic Quadrant for Client Management Tools
Note: This Magic Quadrant graphic was published by Gartner, Inc. as part
of a larger research note and should be evaluated in the context of the entire report.
The Gartner report is available upon request from IBM. G00264801.
Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest
ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed
or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner Magic Quadrant ReportJune 2015
LEADER - Four Years in a ROW!!
Analyst(s): Kevin Knox, Terrence Cosgrove
Link to Gartner MQ report
20© 2015 IBM Corporation
Client results
Lifecycle Inventory Patch Compliance Protection
27,000Virtual servers
3,000Distinct stores
99%
Deployment time saved
2IT staff needed to manage
27,000 servers distributed
in over 3,000 locations
15,000Endpoints needed software
compliance management
80%
Reduced patch
deployment time
$500,000USD saved on unused
software licenses
$1 millionLicense noncompliance
fines avoided in USD
50,000PCs, servers and ATMs
1,800Branch locations
98.5%
Patch and update
compliance rate
1Console needed to see,
change, enforce and report
on patch compliance status
4,000Individual workstations
that needed to be protected
and compliant
MinutesTime to complete an
accurate asset inventory
98%
Patch and update
compliance rate
50%
Reduced labor costs
Major US Retailer US Foods SunTrust Banks Infirmary Health System Alstom Holdings
98,000Individual laptops that
needed to be protected
and compliant
60%
Decrease in the amount
of required IT staff
3 daysTo deploy software,
down from 2 weeks
97%
Reduced number
of required servers
21© 2015 IBM Corporation
IBM BigFix ecosystem
IBM CONFIDENTIAL
IBM Integrations Business Partners End-users
• IBM QRadar
• IBM Trusteer Apex
• IBM MobileFirst Protect
• IBM Cloud Orchestrator
• IBM Control Desk
• IBM PureScale
• IBM TeaLeaf
• IBM Workload Scheduler
and more …..
BigFix Forums re-launched
IBM BigFix®
FIND IT. FIX IT. SECURE IT…FAST
22© 2015 IBM Corporation
Website: www.ibm.com/security/bigfix
Twitter: @IBMBigFix
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any
kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor
shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product
or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries
or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside
your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks
on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access.
IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other
systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE
IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security
24© 2015 IBM Corporation
What our clients are saying
“…we can now better defend against
internal and external threats. We can
see who is doing what… And with the new
intelligence, we’ve applied new settings
that significantly strengthen our
security posture and reduce the
number of potential security incidents.”
- Infirmary Health
“…we will be able to guarantee that
all of our endpoints are patched
appropriately, and we will be able to
provide solid proof that we have a fully
documented regular patch process
in place… moving us closer to full PCI
DSS compliance.”
- The Co-Operative Food
“IBM Endpoint Manager is easy to
use, which helps us keep operational
costs low and makes the integration
of services much easier.”
- Orange Business Services
“Now that we know what we’ve
deployed and where, we’re better
positioned to find any unpatched
holes in our systems and keep our
corporate data protected.” - Allstate
25© 2015 IBM Corporation
Product Name Changes
26© 2015 IBM Corporation
Integrated endpoint protection ecosystem
• Consolidated view of managed endpoints
• Detailed mobile device views
• Ability to drive simple actions
on mobile devices‒ Lock, wipe, locate, etc.
• Consolidated asset reporting
