2© 2015 IBM CorporationIBM Internal & BP use only
Establish security as an immune system
Application securitymanagement
Application scanning
Incident and threat management
Device management
Transaction protection
Log, flow anddata analysis
Vulnerabilityassessment
Security research
Sandboxing
Firewalls
Anomaly detection
Antivirus
Fraud protection
Criminal detection
Network visibility
Virtual patching
Content security
Data access control
Data monitoringIdentity management
Access managementEntitlements and roles
Privileged identity management
Endpoint patching and management
Malware protection
3© 2015 IBM CorporationIBM Internal & BP use only
Global Threat Intelligence
Consulting Services | Managed Services
Cloud
Establish security as an immune system
Firewalls
Incident and threat management
Virtual patching
Sandboxing
Network visibility
Data access control
Data monitoring
Malware protection
Antivirus
Endpoint patching and management
Criminal detection
Fraud protection
Security Research
Access management
Entitlements and roles
Identity management
Privileged identity management
Application securitymanagement
Application scanning
Transaction protection
Device management
Content security
Log, flow and data analysis
Vulnerabilityassessment
Anomaly detectionSecurity
Intelligence
4© 2015 IBM CorporationIBM Internal & BP use only
Global Threat Intelligence
Consulting Services | Managed Services
IBM has the world’s broadest and deepest security portfolio
QRadar Risk Manager
QRadar Incident Forensics
SiteProtector
Network Protection XGS
Key Lifecycle Manager
Guardium
zSecure
BigFix
Trusteer Apex
MaaS360
Trusteer Mobile
Trusteer Rapport
Trusteer Pinpoint
IBM SecurityResearch
Identity Manager
Access Manager
Identity Governance and Intelligence
Privileged Identity Manager
DataPower Web Security Gateway
AppScanSecurity
Intelligence
Cloud
Cloud Security Enforcer
QRadar SIEM
QRadar Vulnerability Manager
QRadar Log Manager
6© 2015 IBM CorporationIBM Internal & BP use only
Siloed IT Operations and Security Teams
IT OPERATIONS
• Deploy/Remove software, apply patches
and fixes
• Implement security and operational policy
• Manual process takes weeks / months
IT SECURITY
• Scan for compliance status
• Create security policies
• Identify vulnerabilities
Disparate tools, manual processes, lack of integration and narrow visibility
7© 2015 IBM CorporationIBM Internal & BP use only
IBM BigFix: Bridge the gap between Security and IT Ops
ENDPOINT SECURITY
Discoveryand Patching
Lifecycle Management
Software Compliance and Usage
ContinuousMonitoring
ThreatProtection
IncidentResponse
ENDPOINT MANAGEMENT
IBM BigFix®
FIND IT. FIX IT. SECURE IT.
…FAST
Shared visibility and control
between IT Operations
and Security
IT OPERATIONS SECURITY
Reduce operational costs while improving your security posture
8© 2015 IBM CorporationIBM Internal & BP use only
IBM BigFix Platform Elements
Single Intelligent Agent• Continuous self-assessment
• Continuous Policy enforcement• Minimal system impact (<2% cpu)
Single Server & Console• Highly secure, highly available
• Aggregates data, analyzes & reports• Manages >250k endpoints
Powerful policy language (Fixlets)• Thousands of out-of-the-box policies
• Best practices for ops and security
• Simple custom policy authoring
• Highly extensible / applicable across all platforms
Virtual Infrastructure• Designate any TEM agent a relay or scan point
• Built-in redundancy
• Leverage existing systems/ shared infrastructure
An existing TEM managed asset can become a relay in
minutes
8
9© 2015 IBM CorporationIBM Internal & BP use only
Heterogeneous Platform Support (Managed Assets)
Microsoft Windows
Windows XP - 10, Server 2000 – 2012 R2
SUSE Linux Enterprise
Red Hat Enterprise Linux
CentOS
Ubuntu
Oracle Enterprise Linux
Solaris
IBM AIX
HP-UX
Mac OS X
VMWare ESX
Linux on System z
Visibility into any IP enabled device through network scanning enabled in any
TEM managed asset (Unmanaged Assets)
9
IBM BigFix Supported OSes
10© 2015 IBM CorporationIBM Internal & BP use only
IBM BigFix – Unified Management and Security
Lifecycle Inventory Patch Compliance Protection
Everything from
provisioning and
SW distribution
to patching and
remote control
of Win, Mac and
*nix endpoints
Identify what
software is
installed and how
its used to reduce
costs and
increase
compliance
Compress patch
cycles to
minutes/hours
with 98-99% first-
pass success
Ensure
continuous
compliance of
security,
operational and
regulatory policies
Real-time protection
from viruses, Trojan
horses, spyware,
rootkits, and other
malware. Device
control and data loss
prevention available
IT OPERATIONS SECURITY
IBM BigFix®
FIND IT. FIX IT. SECURE IT… FAST
11© 2015 IBM CorporationIBM Internal & BP use only
Patch Management – content and process benefits
11
Review of MS
Patch
Tuesday and
other source
analysis
Publish related
Patch Fixlets
content on IBM
site
Patch Fixlet
content streamed
to TEM Server
and to Agents
accordingly
Patch Fixlet
Relevance
check and
reporting
Take Action on
Patch Fixlets for
relevant target
computers
Publish related
Patch Fixlets
content on IBM
site
12© 2015 IBM CorporationIBM Internal & BP use only
98% patch and update compliance rate on 4,000+ workstations
with 50% reduced labor costsInfirmary Health System
Continuous security configuration compliance Accurate, real-time visibility and continuous security configuration enforcement
BigFix was designed for Continuous Compliance!
Continuous compliance “set and forget”
• No high-risk periods
• Lower total cost
• Continued improvement
• Identify and report on any configuration drift
Traditional compliance “out of synch”
• High-risk and cost periods
• Manual approach causes endpoints
to fall out of compliance again
Traditional versus Continuous
Time
Co
mp
lian
ce
ContinuousTraditional
RISK
13© 2015 IBM CorporationIBM Internal & BP use only
Why Gartner has recognized IBM as a Leader
Magic Quadrant for Client Management Tools
Note: This Magic Quadrant graphic was published by Gartner, Inc. as part
of a larger research note and should be evaluated in the context of the entire report.
The Gartner report is available upon request from IBM. G00264801.
Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest
ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed
or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner Magic Quadrant ReportJune 2015
LEADER - Four Years in a ROW!!
Analyst(s): Kevin Knox, Terrence Cosgrove
Link to Gartner MQ report
Why Clients Select BigFix over Competition:
•Less infrastructure = Lower operational and admin costs
•Automation tools = Faster ROI and payback
•Greater visibility = Complete coverage of all endpoints
•Real time visibility and control = Faster time to compliance
•More OOB content = Faster incident response
•Proven industry success and client references of all sizes
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any
kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor
shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product
or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries
or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside
your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks
on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access.
IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other
systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE
IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security