IBM BigFix

Endpoint Security and Management

Resemble Systems
 Why today’s attacks are so successful

85 45 1.5
MILLION unfilled security
positions by 2020
security tools from vendors

99 201
PERCENT endpoint vulnerabilities exploited DAYS -- average time
(over a year after CVE was published) to identify a data breach

September 2016

NSA: No zero days were used in any high

0
ZERO DAY exploits
in major breaches profile breaches over last 24 months
over the last 24 months Poor cyber hygiene – the fundamental problem

2 IBM Security
 Where endpoint security tools are challenged

Lack of Complexity of prioritization Ineffective

Visibility and Investigations Remediation

Incomplete visibility of endpoint Limited visibility, limited skills and Disparate tools and teams reduce the
status provides poor context for overwhelming amounts of data inhibit ability to both proactively reduce
risk reduction or detection of accurate planning, investigations and endpoint attack surface and effectively
malicious activity decision making respond to malicious activity

We are letting attackers in, failing to detect them in context,

and failing to respond effectively

3 IBM Security
 The Collaborative Endpoint Security and Management Platform

IT SECURITY IT OPERATIONS

IBM BigFix
DETECT COMPLIANCE LIFECYCLE INVENTORY PATCH

Detect and Continuous policy Software patching, Audit authorized Automated

respond to enforcement and distribution and and unauthorized patching with high
malicious activity reporting provisioning software first pass success

4 IBM Security
 The IBM BigFix Platform – See, Understand and Act

SEE UNDERSTAND ACT

Clearly Completely Precisely

• Discover and audit all endpoints • Vulnerability and configuration • Continuously and proactively reduce
however connected management and prioritization your attack surface
̵ Configuration • A trusted advisor guides analyst
investigation, in context, to define: • Based on investigation findings:
̵ Compliance
• Veracity of the attack ̵ Immediately contain the attack
̵ Patch level
• Scope and potential enterprise wide ̵ Roll out enterprise wide
̵ SW versions etc remediation packages in minutes
impact
or hours
• Full Range of Remediation actions
• Detect evasive malware and behavior
required

5 IBM Security
 IBM BigFix Detect is a unified platform that allows organizations to
not only manage threat detection but also remediation to expedite
reducing the attack surface area.

It's also entering a market where the bar is high with respect to
both functionality and innovation, and has cleared that bar with
the integration of detection and remediation. The user interface
also looks great, which is important to streamline workflows.

DOUG CAHILL
ESG

6 IBM Security
IBM BigFix Real-time Visualization of Endpoint Status

SEE Clearly • Discover and audit all endpoints

- PCs, Macs, *nix, Servers, ATMs, POS, etc.
- Continuously assess configuration, security,
compliance and patch posture
- Inventory all software, usage and licensing
• Efficient use of low bandwidth and
UNDERSTAND intermittent connections
Completely
• Simple Queries provide precise enterprise
wide reports on endpoint status in second
• Map file hashes and processes to CVE’s
• Extensive configuration, drift and
ACT compliance reports
Precisely

IBM BigFix helps protect over 50,000 PCs, servers and ATMs
across thousands of locations with one console
Major US Bank

7 IBM Security
IBM BigFix You can’t secure what you can’t see...
with BigFix you can see all, know all!

SEE Clearly

UNDERSTAND
Completely

ACT
Precisely

8 IBM Security
IBM BigFix Detecting evasive behavior
Detect
• Detection is dynamic and behavioral “IoA” based and does not rely upon
static signatures or IoC’s
SEE Clearly • Endpoint agents analyze activity independently at kernel level, using a
deep understanding of the latest malicious tactics, techniques and
procedures (TTP’s), based on:
̵ Direct intelligence from 20+M endpoints
UNDERSTAND ̵ IBM+ human intelligence*
Completely
̵ External threat feeds

Direct Behavioral-based Endpoint

Intelligence Analysis and Detection
ACT TTP
Human
Precisely Intelligence Analysis

External
Intelligence

* Additional IBM Threat Hunting service planned

9 IBM Security
IBM BigFix Actionable investigation: What, where, and how to respond
Detect
• As detection is only the beginning, security analysts are provided with a
trusted advisor to ascertain:
̶ Is this a real attack?
SEE Clearly ̶ What’s the root cause and scope?
̶ What’s the appropriate contain and remediate response?

• Powerful enterprise wide hunting and searching tools

̶ Free-text historical searches to provide timeline
UNDERSTAND ̶ Ad hoc IoC searches
Completely ̶ Process tree drill down and traversal

• Watson cognitive investigation included via QRadar

Endpoint AFBCED3694E CFCADC2085FB

ACT “PATIENT ZERO” ACDCFC1219C

BCFACDC2542B
Precisely ADEFCBC245FA

10 IBM Security
IBM BigFix Enrich QRadar security intelligence with BigFix endpoint states
Detect and alerts

SEE Clearly
Security devices
Automated Suspected
Servers and Offense Incidents
BigFix endpoint mainframes
Identification
deep intelligence Network & virtual activity Prioritized
• Unlimited data collection, Incidents
UNDERSTAND • Patches applied storage and analysis
• Configurations Data activity • Built in data classification
Completely
changed Application • Automatic asset, service and
• Applications activity user discovery and profiling
installed Configuration • Real-time correlation
information
Detection and threat intelligence
Vulnerabilities and
• Alerts generated threats • Activity baselining
and anomaly detection
ACT Users and identities • Detects incidents
of the box
Precisely Global threat intelligence
Embedded
Intelligence

11 IBM Security
IBM BigFix Extend QRadar Reach and Remediate Faster

Real-time endpoint Provides current Security Analytics

SEE Clearly intelligence endpoint status

IBM BigFix Integrated, IBM QRadar

UNDERSTAND closed-loop
Completely risk
Prompts IT staff management Correlates events
to fix vulnerabilities and generates alerts

ACT • Improves asset database accuracy • Accelerates risk prioritization

Precisely • Strengthens risk assessments of threats and vulnerabilities
• Enhances compliance reporting • Increases reach of vulnerability
assessment to off-network
endpoints

12 IBM Security
IBM BigFix Continuous policy enforcement and compliance
across all endpoints
Your policies should be a floor, not a ceiling

• Continuous controls monitoring achieves a

SEE Clearly
Compliance Approaches constant foundational standard baselines
- Security
Point in Time Continuous - Configuration
Compliance - Compliance
- Patch levels
UNDERSTAND
Completely • Allow Security and IT Operations to collaborate
on patch and configuration management

• System / kernel level agent provides deeper

Time visibility and control
ACT • Force the bad guys to use zero-day exploits
Precisely

98%+ patch and update compliance rate on 4,000+ workstations

with 50% reduced labor costs
Infirmary Health System

13 IBM Security
IBM BigFix Unparalleled Volume of Pre-built Content

SEE Clearly

UNDERSTAND
Completely

ACT
Precisely

• Extensive library of 500,000+ prebuilt controls, policies and checklists for PCI, CIS, SANS, DISA STIGs,
FDCC, USGBC, NIST, SCAP and more
• 3rd party AV management to ensure that Symantec, McAfee, Trend Micro, Sophos and others are always
installed and current

14 IBM Security
IBM BigFix Accelerate and Automate PCI 3.2 Compliance
IBM BigFix Compliance PCI add-on helps clients comply with PCI DSS 3.2
requirements across the enterprise in a more cost-effective manner and
SEE Clearly reduce the overall data breach risks

BigFix compliance capabilities

tailored to support PCI DSS 3.2
UNDERSTAND
Completely • Covers the majority of machine
enforceable requirements

• Continuous monitoring and

remediation

ACT • Specialized dashboards

Precisely
• Reports based on requirement,
milestone, or platform

15 IBM Security
IBM BigFix Containment: Stopping an attack in its tracks
Detect
• Once the attack is understood, precise action must be taken immediately
to remove the files, processes, or systems being used in the attack
SEE Clearly ̶ Actions: Quarantine device, quarantine file, kill process and fix registry etc.
̶ Kernel level agent provides greater visibility and granular control

UNDERSTAND
Completely

ACT
Precisely

But now that the bleeding has stopped, how do we repair our
systems and eliminate the vulnerabilities that were exploited?

16 IBM Security
IBM BigFix Roll out enterprise wide attack remediation in minutes / hours
Detect
• The initial phase of remediation is to return the endpoints to their pre
infected state, but that does not make them more secure
SEE Clearly • The power of having detect capabilities directly integrated into an endpoint
management platform
̶ Integrated “closed loop” remediation
̶ Full range of responsive actions from patching to remote re imaging
UNDERSTAND ̶ Massive pre validated library of OS and application packages
Completely ̶ Allows Security and IT Operations to collaborate on both proactive hardening
and reactive response

ACT
Precisely

IT SECURITY IT OPERATIONS

17 IBM Security
IBM BigFix Client success story: U.S. Foods
US Foods, Inc. distributes more than 350,000 products to more than 250,000
customers, including independent and multiunit restaurants, healthcare and
hospitality companies, and government and educational institutions.
SEE
Business Need
US Foods needed an automated, centralized endpoint management solution to
replace cumbersome software audit, compliance monitoring and application
deployment processes across 15,000 endpoints.

Solution
UNDERSTAND The company deployed the IBM BigFix to ensure software license compliance
across all of its 15,000 endpoints as well as to reduce its device-related electricity
costs and compress its patch and application deployment cycles.

Benefits
Helped reduce patch deployment times by 80 percent, saving $USD 500,000 on
software licenses and avoiding more than $USD 1 million in license noncompliance
ACT audits.

“Out of the box, IBM BigFix dramatically streamlined our patch deployment
processes…, increased confidence in our software usage data and enhanced our
lifecycle management and power management processes significantly.”
- Dan Corcoran, director of client technology, US Foods

18 IBM Security
IBM BigFix Security and Compliance At Scale
“More than 55 U.S. Federal agencies have standardized
on IBM BigFix to manage and secure over 4 million workstations,
servers (both physical and virtual), and many other endpoints
SEE across a vast array of operating systems.
Such solutions deliver real-time, continuous endpoint security and
compliance by leveraging a library of many thousands of checks...”

- Department of Interior Inspector General Recommends BigFix

UNDERSTAND - DOI IG Report
- IBM blog

ACT

19 IBM Security
IBM BigFix Fastest incident response and payback
WNS (Holdings) Ltd. decreased time to deploy large-scale sites
by 80%, reduced labor costs by 20%, and cut power usage by
over 20%
SEE
Sabadell United Bank reduced time to execute and deploy
patches by 6X, improved patch compliance, and cut time to
deploy vendor patches for zero-day vulnerabilities from weeks
to one day.
Penn state University saved an estimated annual energy cost
UNDERSTAND of $700,000 through power management. They also enabled
remote patching, configuration management, support and
software deployment.
Suntrust achieved a 127% ROI with payback in 9 months;
saving a total of $2.65M. Implemented a patch management
solution to 50,000 endpoints spread across nearly 1,800
locations in three months with just two staff members
ACT
Patching 2-Node Cluster Client Example
Pre IBM BigFix Post IBM BigFix
11.5 man hours for patch completion 80 minutes for patch completion
3.5 hour maintenance window <10 minutes of admin labor
3 to 4 FTE to work in parallel 96%+ savings

20 IBM Security
IBM BigFix How a retail giant responded to zero-day vulnerability
Resolving a critical issue on ~600 servers in under four hours with IBM BigFix

PREPARE (less than 3 hours)

SEE
• Issue discovered and teams mobilized
• Teams created necessary patch scripts
within a fixlet and tested manually
• Fixlets were pushed to the BigFix SCAN (less than 30 minutes)
server for distribution
Total Time
• Scanned and deployed to ~600 servers
~ 4 Hours in less than 30 minutes
UNDERSTAND DEPLOY (less than 30 minutes)
• New systems reporting online were
• Endpoint management team executed automatically addressed within minutes
analysis of systems to determine which based upon their group membership
systems were vulnerable
• Corrective actions were implemented
using IBM BigFix

ACT
The security team used IBM BigFix to remediate ~600 servers
while they could previously only address 35 servers
Major US Retailer

21 IBM Security
IBM BigFix
IBM BigFix
Summary: Transforming endpoint security and
Detect management in one platform
SEE
Clearly • Complete visibility into endpoint security posture and malicious activity
̶ Seeing only half the picture in 15 seconds is not enough

• Continuous attack surface reduction, compliance and reporting

UNDERSTAND ̶ Immediate and perpetual reduction in risk
Completely

• Guided incident investigation in a platform that can implement complete

remediation
̶ Drastic increase in response speed, completeness and efficacy

ACT
Precisely • Allows Security and IT Ops teams to collaborate
̶ More effective proactive and reactive threat response

22 IBM Security
 BigFix Detect should put fear into endpoint security tools trying to
maintain or gain market share in the EDR space. As the new EDR
competitive features are vetted on efficacy for detection, current
BigFix users will be able leverage one package for both EDR and
advanced endpoint / lifecycle management.

As BigFix shows its stuff in the market, competitors will either need
additional partnerships or will need to build out additional
capabilities to meet its full suite capabilities.

DAVID MONAHAN
EMA

23 IBM Security
 A Global Leader in Enterprise Security

• #1 in enterprise security
software and services*
• 7,500+ people
• 12,000+ customers
• 133 countries
• 3,500+ security patents
• 15 acquisitions since 2005
*According to Technology Business Research, Inc. (TBR) 2016

24 IBM Security
THANK YOU
FOLLOW US ON:

ibm.com/security

securityintelligence.com
xforce.ibmcloud.com

@ibmsecurity

youtube/user/ibmsecuritysolutions

© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informati onal purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
IBM BIGFIX

Product-level module
Insert Slides
 The Collaborative Endpoint Security and Management Platform
IBM BigFix IT SECURITY IT OPERATIONS

IBM BigFix
FIND IT. FIX IT. SECURE IT… FAST

Detect Compliance Lifecycle Inventory Patch

Detect and respond to Continuous policy Software patching, Audit authorized Automated patching
malicious activity enforcement and distribution and and unauthorized with high first pass
reporting provisioning software success

• Asset discovery • Asset discovery • Asset discovery • Software / hardware • OS patching

• Patch management • Patch management
• Query • Query
• Detect • Security configuration
management
• Investigate
• Response • Vulnerability assessment
• Software distribution • Compliance analytics
• Third-party anti-virus
management
• Self quarantine
• Add-on: PCI DSS
• Patch management inventory • Third-party application
• Query • Software usage patching
reporting • Offline patching
• Software distribution
• Software catalogue
• Advanced patching /
correlation
Task Automation
• ISO 19770 software
• Remote control
tagging
• OS deployment
• Power management
• Self-Service App &
Profile Management

27 IBM Security
 Detect client benefits
• Deeper visibility into endpoint security posture
and malicious activity. Seeing only half the
picture in 15 seconds is not enough
• Continuous attack surface reduction provides
immediate and perpetual reduction in risk
• Guided incident investigation in a platform that
can implement complete remediation provides
a drastic increase in response speed,
completeness and efficacy
• Allows Security and IT Ops teams to
collaborate for more effective proactive and
reactive threat response
28 IBM Security
Leading Analyst
BigFix Detect should put fear into endpoint
security tools trying to maintain or gain market
share in the EDR space. As the new EDR
competitive features are vetted on efficacy for
detection, current BigFix users will be able
leverage one package for both EDR and
advanced endpoint / lifecycle management.
As BigFix shows its stuff in the market,
competitors will either need additional
partnerships or will need to build out
additional capabilities to meet its full suite
capabilities.
DAVID MONAHAN - EMA
 Compliance client benefits

• Continuous enforcement of operational, Infirmary Health System

security and regulatory policies with up-to-the
minute visibility of compliance status
4,000
• Automatic quarantine actions that isolate Individual workstations that need
out of compliance endpoints until remediation to be protected and compliant
is complete
Minutes
• Reduce patching cycles from days or weeks To complete an accurate asset inventory
to hours with over 99% first-pass patch
success rate
98%
• Deploy, update and health check Patch and update compliance rate
third-party antivirus solutions
50%
Reduction in labor costs

29 IBM Security
 Inventory client benefits

• Reduce license compliance exposure US Foods

and associated fines

15,000
• Decrease software license costs Number of endpoints needing software
by reducing the amount of unused compliance management
or redundant software
80%
Reduced patch deployment time
• Mitigate risk from malicious software
$500,000
• Discovery of all licensed and unlicensed USD saved on unused software licenses
software with in-depth granularity across all
operating systems and devices $1 million
USD license noncompliance fines avoided

30 IBM Security
 Lifecycle client benefits

• Streamline asset discovery and software Major US Retailer

distribution for 90+ operating systems

• Single pane of glass to manage the lifecycle 27,000

and security configuration of all endpoints Virtual servers

• Prebuilt automation scripts to simplify server

build and configuration management 3,000
Distinct stores
• Automated patching for physical,
virtual and clustered servers 99%
Savings in deployment time
• Role based software deployment
and user self-provisioning
2
• Hardware independent OS imaging IT staff needed to manage 27,000 servers
distributed in over 3,000 locations
and driver management

31 IBM Security
 Patch client benefits

• Deliver patches for over 90+ OS such as SunTrust Banks

Microsoft Windows, UNIX, Linux and Mac OS;
and for application vendors including Adobe,
Mozilla, Apple and Java 50,000
PCs, servers and ATMs that need
• Compresses patch cycles to minutes or hours to be protected and compliant
with more than 99 percent first-pass success
1,800
• Provide patches to distributed endpoints Branch locations
regardless of their location, connection type
or status 98.5%
Patch and update compliance rate
• Real-time reporting and automated self-
assessment (no centralized or remote
scanning required) 1
Console needed to see, change, enforce
and report on patch compliance status

32 IBM Security
IBM BIGFIX

Industry-level module
Insert Slides
Higher Education
 Endpoint Security Challenges in Higher Ed

• Constantly under pressure to cut costs

• Insufficient visibility into all assets (you can't secure what you can't see).
̶ Remote locations with varying degrees of bandwidth and no IT. Endpoints often stay unpatched and non-
compliant with security standards for lengthy periods of time.
̶ Roaming, off-network, laptops which similarly remain unpatched and non-compliant until the user
reconnects to the school/hospital/agency network.

• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix PCs and
Servers
• Non-compliance with PCI-DSS 3.2 and security standards (i.e. "Is AV installed?", "Is the
endpoint encrypted?", “Is it patched?” etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely

BigFix Delivers Value In All Areas

35 IBM Security
 BigFix Best Practices for Higher Education

• Individual departments
̶ Single tool for managing PCs, Macs and *Servers vs. SCCM+Casper+??
̶ Interrogate endpoints with unprecedented speed and accuracy vs. writing WMI scripts
̶ Accelerate Green IT initiatives with PC and Mac power management – reduce energy
costs and carbon footprint
• Central IT Security
̶ Report on each department's compliance with the university's compliance policies
̶ Allow departments to use their remediation tool of choice (i.e. BigFix, SCCM, Casper, etc).

BigFix agent uses <2% CPU and 10-15MB RAM. Coexists well with a other tools, while
providing the real-time, system-wide visibility and compliance

36 IBM Security
 Representative List of Higher Ed BigFix Client Websites

• Stanford University (link)

• University of Illinois (link)

• University of Florida (link)

• San Jose State University (link)

• University of Santa Cruz (link)

• University of Michigan (link)

• Duke University (link)

• Penn State University (link)

• University of Southern California (link)

All sites are public. Please share with clients!

37 IBM Security
 Customer Case Study: Penn State
Chartered in 1855, The Pennsylvania State University (Penn State) is a public university based in
University Park, Pennsylvania.

Software:
Business Need: • IBM BigFix®
With energy costs doubling, Penn State looked to reduce
unnecessary power consumption from leaving classroom, lab, and
departmental computers on, when they were not in use. Benefits:
• Reduced energy costs by
US$288,000 per year with annual
Solution: savings expected to reach
US$800,000
The University implemented an end-to-end endpoint
management solution that combines power, lifecycle, patch and • Decreased IT time required to
manage classroom and lab
security management to reduce energy costs while improving the
computers
reliability and security of campus computers.
• Improved security with faster
* Source: IBM CEO Study

“We expect almost US$800,000 in annual savings, once all of our deployment of patches and
approximately 20,000 workstations are under IBM BigFix and similar software applications.
power management settings are applied.”

Chris Sacksteder, Manager, Systems Development Group, Penn State

38 IBM Security
Distribution
 Security In Distribution

“A top priority for retailers is to protect customer relationships. To build and maintain that trust in
an omni-channel marketplace is a real challenge and one that retailers tackle head on, investing
significantly in technology that not only provides value to customers but also protects them from
fraud and data theft. “

National Retail Federation (link)

Hundreds of distribution companies have standardized on IBM BigFix to keep all

endpoints current, secure and compliant, regardless of their OS, location or connectivity

40 IBM Security
 Endpoint Security Challenges in Distribution

• Insufficient visibility into all assets (you can't secure what you can't see).
̶ Remote locations with varying degrees of bandwidth and no IT. Endpoints often stay
unpatched and non-compliant with security standards
̶ Roaming, off-network, laptops which go unpatched and non-compliant for days to months

• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix
PCs/POS/Servers
• Non-compliance with PCI-DSS 3.2 and security standards (i.e. "Is AV installed?", "Is
the endpoint encrypted?", “Is it patched?” etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely,
before, during and after an attack
• Constantly under pressure to cut costs

BigFix Delivers Value In All Areas

41 IBM Security
 ‘Hot’ Client Imperative – PCI DSS 3.2 Compliance

• PCI DSS 3.2 announced earlier

this year.

• All checklists in BigFix

Compliance's PCI add-on solution
are now at PCI DSS 3.2 level

• BigFix enables clients to

accelerate and automate PCI
compliance at the lowest TCO.

No one receives 'extra points' for spending more to pass audits.

BigFix helps clients pass more audits, avoid fines, improve their security posture and protect their
brand equity - all while reducing OPEX

42 IBM Security
 Customer Case Study: US Foods
US Foods, Inc. distributes more than 350,000 products to more than 250,000 customers, including independent and
multiunit restaurants, healthcare and hospitality companies, and government and educational institutions.

Software:
• IBM BigFix®
Business Need:
US Foods needed an automated, centralized endpoint
management solution to replace cumbersome software
compliance monitoring and application deployment processes Benefits:
across 15,000 endpoints. • Helped reduce patch
deployment times by 80 percent,
Solution: saving USD500,000 on software
The company deployed the IBM BigFix® solution to ensure licenses and avoiding more than
USD1 million in license
software license compliance across all of its 15,000 endpoints as noncompliance fines.
well as to reduce its device-related electricity costs and compress
* Source: IBM CEO Study
its patch and application deployment cycles.

“Out of the box, IBM BigFix® software dramatically streamlined our

patch deployment processes…, increased confidence in our software
usage data and enhanced our lifecycle management and power
management processes significantly.”
> Read Case Study
Dan Corcoran, director of client technology, US Foods

43 IBM Security
Government
 BigFix In Federal Government

“More than 50 U.S. Federal agencies have standardized on IBM BigFix to manage and secure over 3 million
workstations, servers (both physical and virtual), and many other endpoints across a vast array of operating
systems. Such solutions deliver real-time, continuous endpoint security and compliance by leveraging a library of
many thousands of checks.. “

“National Security Requires Real-Time Endpoint Compliance” (link)

45 IBM Security
 Endpoint Security Challenges in Government

• Constantly under pressure to increase continuous diagnostics and mitigation capabilities

• Insufficient visibility into all assets (you can't secure what you can't see).
̶ Remote locations with varying degrees of bandwidth and no IT. Endpoints often stay unpatched and non-
compliant with security standards for lengthy periods of time.
̶ Roaming, off-network, laptops which similarly remain unpatched and non-compliant until the user
reconnects to the school/hospital/agency network.

• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix
PCs/POS/Servers
• Non-compliance with SCAP, PCI DSS, FDCC, CIS, DISA STIG, security standards (i.e. "Is AV
installed?", "Is the endpoint encrypted?", “Is it patched?”etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely

BigFix Delivers Value In All Areas

46 IBM Security
 Customer Case Study: US Marine Corps
The US Marine Corps (USMC) has been a component of the US Navy, which is the naval warfare
service branch of the US Armed Forces and is subordinate to the US Department of Defense. It is
based in the Pentagon, in Virginia.

Business Need: Please get email

The US Marine Corps (USMC) lacked visibility into the health of Software: permission from Tom
its IT assets and had to spend considerable labor and costs to • IBM BigFix Compliance
Burke before
perform security audits. It was using multiple tools across low- • IBM BigFix Inventory
bandwidth communications links for the warfighters, resulting in publishing
labor-intensive patch management. In addition, the organization
was experiencing low first-time patch management success rates
for distributed end points
Benefits:
Solution: • USMC gained granular, near- real-time
USMC implemented IBM BigFix Compliance and IBM BigFix visibility into IT assets across the
enterprise and automated patch and
Inventory software. The client uses the IBM BigFix Compliance security configuration management.
software to support endpoint security across the enterprise. The • The client dramatically improved
* Source: security
IBM CEO Study
software helps the client protect endpoints and assures its audit scores within hours of deployment.
regulators are meeting security compliance standards. The client • Improved patch management first-time
uses the IBM BigFix Inventory software to track software usage success rates by more than 95 percent.
across its entire inventory to improve planning and budgeting • The solution enabled the client to bolster
its security posture while lowering its total
and to maintain vendor license compliance. cost of ownership.

47 IBM Security
Healthcare
 BigFix In Healthcare

“Continuous monitoring of risk and compliance with regulations such as 21 CFR Part II, HIPPA, PCI DSS, and more is
essential to driving effective IT security and brings health care institutions full circle to the first step of establishing a security
baseline.”

Preemptive Security Solutions for Healthcare (link)

49 IBM Security
 Endpoint Security Challenges in Healthcare

• Constantly under pressure to cut costs

• Insufficient visibility into all assets (you can't secure what you can't see).
̶ Remote locations with varying degrees of bandwidth and no IT. Endpoints often stay unpatched and non-
compliant with security standards for lengthy periods of time.
̶ Roaming, off-network, laptops which similarly remain unpatched and non-compliant until the user
reconnects to the school/hospital/agency network.

• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix
PCs/POS/Servers
• Non-compliance with PCI DSS, HIPAA and security standards (i.e. "Is AV installed?", "Is the
endpoint encrypted?", “Is it patched?”etc.)
• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely

BigFix Delivers Value In All Areas

50 IBM Security
 Customer Case Study: Infirmary Health
Infirmary Health System is the largest non-government healthcare team in Alabama, treating more
than 100,000 patients annually. The organization includes three acute-care hospitals, three
rehabilitation hospitals, three outpatient facilities and more than 30 medical clinics.

Software:
Business Need: •IBM Security QRadar Log Manager,
Infirmary Health System needed to automate and strengthen •IBM Security QRadar SIEM,
security and endpoint management to better protect data and •IBM BigFix Compliance, (And other
meet HIPAA and meaningful use requirements. BigFix Modules)

Solution:
Working with ESM Technology, the organization deployed a Benefits:
• Using the information collected by IBM
comprehensive security solution from IBM that helps staff secure BigFix, QRadar can see immediately if
endpoints and better detect and respond to threats across the someone is trying to exploit a
organization. vulnerability
• Based on alerts from QRadar, the
security team can now immediately
"We can now quickly, easily and accurately produce audit
remediate a vulnerability issue with
* Source: IBM CEO Study
reports for HIPAA and meaningful use compliance. This has IBM BigFix
helped us obtain a considerable sum of meaningful use • Maintain continuous compliance with
incentive dollars. “ security and regulatory policies
• Increased endpoint patching success
- Eddy Stephens, Chief Information Officer, Infirmary Health System rates from 40% to 90%
> Click here to learn about how IBM and ESM Technology • Reduced software deployment time
worked together to improve security at Infirmary Health from 7 weeks to 2 days
• Gain real-time visibility to malware and
System. (Video) hackers on their network
> Read Case Study

51 IBM Security
 Customer Case Study: Concord Hospital
Founded in 1884, Concord Hospital is a regional medical center that provides comprehensive acute
care services and healthcare programs to people throughout the state.

Software:
• IBM BigFix®
Business Need:
Maintain high service levels with limited staff and budget; achieve
visibility into computing assets; automatically remediate security
and health issues on computers; validate software licensing Benefits:
usage and compliance across enterprise. • No malware infections since
solution implementation
Solution: • Increased patch compliance
from 60 to 93 percent
IBM BigFix technology, simplifies IT operations and provides the
visibility Concord Health needs to maintain a secure and healthy • Accelerated system
maintenance—from weeks to
computing environment.
hours * Source: IBM CEO Study
• 25 percent savings in software
“We have been very impressed with the solution and highly licensing costs.
recommend it to colleagues in the healthcare industry.”

Mark Starry, Manager of IT Infrastructure & Security, Concord Hospital

> Read Case Study

52 IBM Security
Financial
 Banking Imperatives:

• Accelerate and Automate PCI 3.2 Compliance

• Mitigate Malicious Access to Swift

• Secure Remote PCs/ATMs/Servers

54 IBM Security
 ‘Hot’ Client Imperative – PCI DSS 3.2 Compliance

• PCI DSS 3.2 announced earlier

this year.

• All checklists in BigFix

Compliance's PCI add-on solution
are now at PCI DSS 3.2 level

• BigFix enables clients to

accelerate and automate PCI
compliance at the lowest TCO.

No one receives 'extra points' for spending more to pass audits.

BigFix helps clients pass more audits, avoid fines, improve their security posture and protect their
brand equity - all while reducing OPEX

55 IBM Security
 ‘Hot’ Client Imperative – Mitigate Malicious Access To Swift

Vulnerable SWIFT
BEFORE
Transaction Server 35 orders worth $951M
Vulnerable Bank made via SWIFT system
Endpoint from NY Fed USD Account

Proactive Phase Reactive Phase

AFTER Hardened SWIFT Transaction Server
Continuous Carbon Black to BigFix
feedback loop for any
Hardened Bank Endpoint remediation/patching action required
to eliminate vulnerabilities

Vast majority of endpoint

vulnerabilities are eliminated with
continuous compliance and
patching
Compromise of hardened server
mitigated via continuous
• compliance
• patching
• file/process reporting
• whitelisting (option)
If criminal does gain access to server,
malicious activity can be recognized and
alerted and acted upon (e.g. specific SWIFT
related malware behavior / IOC’s can identify
root cause – file/device)

Please view in ‘Presentation’ mode

56 IBM Security
 ‘Hot’ Client Imperative – Secure Remote PCs/ATMs/Servers
• Banks lack sufficient visibility into all assets (you can't secure what you can't see).
̶ Remote locations with varying degrees of bandwidth and no IT. Endpoints often stay unpatched and non-
compliant with security standards

̶ Roaming, off-network, laptops which go unpatched and non-compliant for days to months

• Redundant tools, skills and processes to manage/secure Windows, Mac and *nix
PCs/ATMs/Servers

• Non-compliance with PCI-DSS 3.2 and security standards (i.e. "Is AV installed?", "Is the
endpoint encrypted?", “Is it patched?” etc.)

• Inability to interrogate endpoints, attributes and risk indicators quickly and precisely, before,
during and after an attack

• Constantly under pressure to cut costs

BigFix Delivers Value In All Areas

57 IBM Security
Energy, Power, Industrial
(Any business with Industrial
Control Systems)
 NERC CIP Compliance

• Standard enterprise challenges, plus:

• Non-compliance with NERC CIP on traditional Win/*nix endpoints and Industrial Control
Systems
• Contact RK Neal & Associates:
̶ Holistic NERC CIP solution which includes BigFix Patch for Win/*nix endpoints
̶ Integrates QRadar and Carbon Black
̶ Great upsell opportunity to complement RK Neal Verve
̶ Great expansion opportunity to enterprise endpoints

• Contact John Livingston (jlivingston@rkneal.com)

BigFix Delivers Value In All Areas

59 IBM Security
IBM BIGFIX

Back-up module
 How do clients use BigFix?
• Disable unapproved USB storage devices • Enable enterprise-wide Windows migration

• Patch OpenSSL Heartbleed vulnerabilities • Prevent unapproved devices from connecting including removable storage

• Locate a stolen laptop with sensitive data • Ensure third-party agents are always available and current

• Reduce OPEX by $3M via server consolidation • Keep systems free of unwanted/risky applications
• Discover machines running older, non-compliant OS version
• Patch convoluted Adobe Acrobat upgrade paths
• Schedule patches / maintenance based on business- relevant schedules
• Discover non-approved or rogue wireless access points
• Systematically schedule computers to be turned off to conserve energy
• Save $1M in annual software license costs
• Automate decryption, switch network settings, rebrand pc’s as part of
• Monitor endpoints where IE is storing autocomplete passwords acquisition
• Reduce help desk calls by 78% leading to $10M savings • Remotely reimage computers avoiding costly travel/shipping costs
within 6 months
• Monitor system drive space usage on servers or workstations
• Quarantine machines with compromised MD5 hashes
• Delete or rename files across a large group of machines
and 150 other IOCs
• Identify core infrastructure, domain controllers, DNS / DHCP / Win servers
• Kill an SCCM task which was accidentally rebooting 30,000 servers
• Determine patch status and percentage of the environment patched
• Reset key security controls changed by a malicious user or malware
• Deploy McAfee virus definitions when EPO servers lose communications
• Complete out-of-band MS Security patch to remote users with endpoints
hours after release
• Update Symantec product when group update server fails
• Repair corrupted AV signature files from Symantec
• Repair enterprise wide, patient-facing vulnerabilities in minutes
• Keep SCCM running when WMI fails

61 IBM Security
 IBM BigFix Architecture

Single intelligent Single server

agent and console

• Continuous self-assessment • Encrypts all traffic to endpoints

• Runs in System / Kernel mode • Pre Verified OS/App Content Packages
• Minimal system impact (<2% CPU,<10MB RAM) • Manages up to 250K endpoints
• Throttling for low bandwidth environments per server

Flexible policy language Lightweight, easily

(Fixlets) configurable infrastructure

• Thousands of out-of-the-box policies • Designate IBM BigFix agent as a relay

• Best practices for operations and security or discovery point in minutes

• Simple custom policy authoring • Provides built-in redundancy

• Highly active community contributing 10k fixlets • Leverages existing systems / shared
infrastructure

62 IBM Security
 An integrated and intelligent security immune system

Indicators of compromise
Security IP reputation Threat sharing
Ecosystem Threat Incident and threat management
Real Time Visibility Intelligence
Firewalls
Continuous Enforcement Sandboxing
Endpoint Network
Rapid Remediation Virtual patching
Network visibility

Log, flow, data analysis Anomaly detection

Transaction protection
Vulnerability management Incident response Fraud protection
Device Management Security Advanced
Mobile Analytics Criminal detection
Fraud
Content security

Data Identity
Data monitoring and and Privileged identity management
Data access control Apps Access Entitlements and roles
Application scanning Cloud Access management
Cloud access Workload
Application security management security broker protection Identity management

63 IBM Security
IBM BigFix Accelerate risk prioritization and expedite
remediation
REAL TIME Infirmary Health System is the largest non-government healthcare team in
VISIBILITY Alabama, treating more than 100,000 patients annually. The organization
includes three acute-care hospitals, three rehabilitation hospitals, three
outpatient facilities and more than 30 medical clinics.

CONTINUOUS
Business Need:
ENFORCEMENT Infirmary Health System needed to automate and
strengthen security and endpoint management to better
protect data and meet HIPAA and meaningful use
RAPID requirements.
REMEDIATION
Solution:
Working with ESM Technology, Infirmary deployed a
comprehensive security solution from IBM that helps
staff secure endpoints and better detect and respond to
threats across the organization.
"We can now quickly, easily and accurately produce
audit reports for HIPAA and meaningful use compliance.
This has helped us obtain a considerable sum of
meaningful use incentive dollars. “
Benefits:
• Using the information collected by IBM
BigFix, QRadar can see immediately
if someone is trying to exploit a
vulnerability
• Based on alerts from QRadar, the
security team can now immediately
remediate vulnerabilities with IBM
BigFix
• Maintain continuous compliance with
security and regulatory policies
• Increased endpoint patching success
rates from 40% to 90%
• Reduced software deployment time
from 7 weeks to 2 days
• Gain real-time visibility to malware and
hackers on their network

- Eddy Stephens, Chief Information Officer, Infirmary Health

System

64 IBM Security
Compliance report?

65 IBM Security
A new platform for security collaboration
NEW
IBM Security App Exchange

Validated
security apps

Single platform
for collaboration

Access to partner
innovations

Fast extensions to
security functionality

Enables rapid innovation to deliver new apps and content

for IBM Security solutions

66 IBM Security