What’s the State of Your Endpoint Security?

© 2016 IBM Corporation

George Mina, Program Director Mark Hafner, Systems Engineer

What’s the State of Your Endpoint Security?

2 © 2016 IBM Corporation

Security teams face an onslaught of serious challenges

Large skills gap in security expertise worldwide 83% of enterprises have difficulty finding the skills they need. Unfilled security positions are expected to grow to 1.5 Million by 2020.4

Data breaches continue with no end in sight Cybercrime is estimated to cost organizations $400 Billion per year1 with over 600 million records leaked in 2015.2

Lack of timely and relevant intelligence plagues security teams 80% believe if they had threat intelligence at the time of the breach, they could have prevented or minimized the consequences of the attack.3

1 Ponemon: Cost of a Data Breach Report 2015 2 IBM: X-Force Threat Intelligence Report 2016 3 Ponemon: Cost of a Data Breach Report 2015 4 Ponemon: Cyber Threat Intelligence Report 2015

?


The perimeter no longer exists It is wherever your endpoints are – both on and off the corporate network

1 SANS: State of Endpoint Security Survey 2016



Endpoints Covered by Security/IR Programs




Remediation and Recovery

0%

5%

10%

15%

20%

25%

Unknown

Less.than.1.hour

1–2.hours

3–4.hours

5–6.hours

7–8.hours

9–16.hours

17–24.hours

More.than.24.

hours

When%responding% to%an%incident,%how%much%time%(in%man5hours)%do%you%spend%(on%average)%per%compromised%endpoint?



The State of Endpoint Security

44% report that one or more of their endpoints have been breached in

past 24 months

55% spend 3 or more hours per compromised endpoint

70% find it difficult or impossible to determine

when an incident has been fully remediated



•  75% of attacks use publicly-known vulnerabilities that could be prevented by patching, but hackers know organizations can’t patch effectively.1

•  99.9% of exploited vulnerabilities were compromised more than a year after the CVE was published.2

•  The average time to detect advanced persistent threats is 256 days.3

1 CSIS: Raising the Bar for Cybersecurity 2 Verizon: Data Breach Investigation Report 2015 3 IBM: X-Force Threat Intelligence Report 2016

Ineffective patch management Major contributor to most breaches


Architecture Complexity Resources

!  Multi products, multi agents

!  Siloed security & ops teams

!  Resource-intensive agent(s)

Why so many endpoint approaches fail

!  Infrastructure & resource heavy

!  Little pre-built content

!  Manual tasks detracts from higher value projects

!  Narrow visibility and coverage

!  Slow, scan-based architecture

!  Not cost-effective at scale


Find It. Discover unmanaged endpoints and get real-time visibility into all endpoints to identify vulnerabilities and non-compliant endpoints

Fix It. Fix vulnerabilities and apply patches across all endpoints on and off the network in minutes regardless of endpoint type or network connectivity

Secure It. Continuously monitor and enforce compliance with security, regulatory and operational policies while proactively responding to threats

IBM BigFix®

FIND IT. FIX IT. SECURE IT… FAST

What we do


IBM BigFix: Bridge the gap between Security and IT Operations

ENDPOINT SECURITY

Discovery and Patching

Lifecycle Management

Software Compliance and Usage

Continuous Monitoring

Threat Protection

Incident Response

ENDPOINT MANAGEMENT IBM BigFix®

FIND IT. FIX IT. SECURE IT.

…FAST

Shared visibility and control between IT Operations

and Security

IT OPERATIONS SECURITY

Reduce operational costs while improving your security posture


How we do endpoint security & management

X üü ü

IBM BigFix Server

Datacenter

Remote Offices

T1

ISDN

56K

WiFi

Lightweight, robust infrastructure !  Use existing systems

as relays

!  Built-in redundancy

!  Support / secure roaming endpoints

Cloud-based content delivery !  Highly extensible

!  Automatic, on-demand functionality

Single intelligent agent !  Performs multiple functions

!  Continuous self-assessment and policy enforcement

!  Minimal system impact (< 2% CPU)

Single server and console !  Highly secure

and scalable

!  Aggregates data, analyzes and reports

!  Pushes out pre-defined / custom policies

Cable / DSL

3G

Real-time visibility, scalability, and ease of use

Satellite Cable / DSL

BigFix Content Delivery

INTERNET T1 WiFi WAN


Drowning in a sea of cyber threats. What do I remediate first?


Prioritize risks and expedite remediation of vulnerabilities

IBM QRadar IBM BigFix

Real-time endpoint intelligence

Enterprise-wide security analytics

Provides current endpoint status

Correlates events and generates alerts

Prompts IT staff to fix vulnerabilities

•  Improves asset database accuracy •  Strengthens risk assessments •  Enhances compliance reporting

•  Accelerates risk prioritization of threats and vulnerabilities

•  Increases reach of vulnerability assessment to off-network endpoints

Integrated, closed-loop

risk management


Step 1 Provide continuous insight

across all endpoints including off-network

laptops

Step 4 Expedite remediation of ranked vulnerabilities, configuration drift and

irregular behavior

Step 2 Enforce compliance of security, regulatory & operational policies

•  QRadar correlates assets & vulnerabilities with real-time security data

•  It then sends the prioritized list to BigFix administrators

•  Machine Name, OS, IP Address, Malware incidents •  Provides details on physical and virtual servers, PCs,

Macs, POS devices, ATMs, kiosks, etc. •  All known CVEs exposed on an endpoint

•  Quarantine endpoints until they can be remediated

•  Patch or reconfigure endpoints

IBM BigFix IBM BigFix

IBM BigFix

•  BigFix sends vulnerability and patch data to QRadar, automatically ensuring that QRadar's asset database is updated with current data

Extend QRadar’s reach and simplify incident response with BigFix

Step 3 Prioritize vulnerabilities and

remediation by risk


Quarantine non-compliant endpoints Protect against zero day malware and vulnerability attacks until remediation is complete

1.  Automatically assess endpoints for required compliance configurations

2.  Discover and isolate out-of-compliance endpoints in network quarantine until compliance is achieved

3.  Maintain management control of the endpoint and disable all other access

Server and Console

X üü

üü

Non-compliant Endpoint


Solution: Comprehensive security solution from IBM that helps staff secure endpoints and better detect and respond to threats across the organization.

“We can now quickly, easily and accurately produce audit reports for HIPAA and meaningful use compliance. This has helped us obtain a considerable sum of meaningful use incentive dollars.”

—Eddy Stephens, Chief Information Officer, Infirmary Health System

Business need: Automate and strengthen security and endpoint management to better protect data and meet HIPAA and meaningful use requirements.

Expedite remediation of vulnerabilities IBM BigFix and QRadar


•  Achieve automatic, continuous, closed-loop remediation of endpoints

•  Compress patch cycle times from weeks and days to hours or minutes

•  Significantly reduce operational costs while improving security posture

•  Implement and enforce continuous compliance across all endpoints both on and off the corporate network

Remediate

Evaluate Report

Find, fix and secure endpoints fast


Website: www.bigfix.com

Twitter: @IBMBigFix

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

THANK YOU www.ibm.com/security


BigFix Architecture

• Highly secure, highly available • Aggregates data, analyzes and reports • Manages up to 250K endpoints per server

• Continuous self-assessment • Continuous policy enforcement • Minimal system impact

(<2% CPU, <10MB RAM)

Flexible policy language (Fixlets)

Lightweight, easily configurable infrastructure

Single server and console

Single intelligent agent

• Thousands of out-of-the-box policies • Best practices for operations

and security • Simple custom policy authoring • Highly extensible/applicable across all platforms

• Designate IBM BigFix agent as a relay or discovery point in minutes

• Provides built-in redundancy • Leverages existing systems/shared infrastructure

Technology

What’s the State of Your Endpoint Security?