Solutions / Protection
Before: Continuous monitoring
The best protection against threats is to discover vulnerabilities and secure them before an exploit can in?ict damage across your entire network. BigFix enforces continuous configuration compliance with security and regulatory policies on every endpoint, to eliminate configuration drift that can open windows of opportunity for potential attacks. An intelligent agent on every endpoint monitors, manages and reports on the status of every endpoint in real-time regardless of OS type or location.
Any endpoints found to be out of compliance can be automatically remediated and brought back into compliance, whether they are on or off the corporate network. Or, they can be quarantined completely to prevent the spread of malware to the broader network.
During: Threat protection
Security teams can be overwhelmed by a sea of vulnerabilities—without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. This means several months can pass between the discovery of a known vulnerability and the application of the patch. At the same time, security teams can lack a comprehensive view of endpoint status, which limits their understanding of the threat landscape.
MBU Secure Cognition analyzes data from all endpoints, then prioritizes and displays endpoint status information while simultaneously feeding this endpoint intelligence to IBM QRadar. BigFix’s compliance capabilities, when paired with QRadar, provides enterprise-wide closed-loop risk management. And BigFix’s real-time endpoint intelligence allows
QRadar to continuously check for network anomalies and then alert IT staff to critical vulnerabilities that need to be
taken care of. Simply, BigFix expedites remediation of the endpoint vulnerabilities QRadar prioritizes.
IBM BigFix together with IBM Trusteer Apex provides advanced malware protection during zero-day threats. This powerful combination ensures your endpoints are protected while waiting for the appropriate patch to be released by the application vendor.
After: Incident response
After a threat has been discovered, the security team needs take remediation action quickly on all endpoints, both on and off the network. IBM BigFix includes automatic quarantine actions, so you can isolate noncompliant or infected endpoints and protect against attacks until remediation is complete. Real-time, automated processes can shrink remediation windows from days or weeks to just hours or minutes—helping to quickly disinfect endpoints and ensure ongoing compliance with security and other policies.