Endpoint Security for Your Organization

An old maxim tells us an ounce of prevention is worth a pound of cure. And that’s great advice — unless you unfortunately missed the prevention step and need a cure quickly.

A quick Web search shows the severity of the recent Bash bug. There has been a lot of focus on prevention, which is great advice and something definitely worth listening to, but there hasn’t been a lot of information about the cure — until now.

To implement the cure for Shellshock, organizations need a way to assess their endpoint environment and then deploy and manage the patches for the myriad operating systems in their environment. An effective solution provides policy-based installation of security updates, closed-loop verification and the ability to manage patches across multiple platforms from a single point of control. It must also shrink patch deployment time to reduce the risks associated with Shellshock. As organizations look for best practices on how to update all of their affected systems, they look for a solution that can do the following:

  • Automatically manage patches for multiple operating systems across hundreds or thousands of endpoints, regardless of location, connection type or status
  • Reduce security and compliance risk by slashing remediation cycles from weeks to hours
  • Provide visibility into patch compliance with real-time monitoring and reporting
  • Patch online and offline virtual machines to improve security in virtual environments
  • Provide consistent functionality, even over low-bandwidth or globally distributed networks

To help organizations address this vulnerability, IBM provides security solutions that can help prevent, detect and respond to the Shellshock threat.

Preventing Shellshock

IBM has been able to identify and protect against attacks caused by this threat through its IBM Security Network Intrusion Prevention product offering. With its unique focus on identifying and shielding this vulnerability from an attempted exploit, IBM has been helping clients protect against these kinds of exploits since 2007.

Read more about how you could have prevented attackers from exploiting Shellshock and other similar vulnerabilities.


If an endpoint has already been exploited by Shellshock before patches have been made available, the way to find the threat is by understanding the behavior of all the individual attack components and by using analytics to understand their relationship.

The key tasks in detection include the following:

  • Discover: Understand where the Shellshock vulnerability is in your endpoint environment
  • Assess risk: Understand how exposed the instances of this vulnerability are to potential attack
  • Detect attacks: Monitor and detect potential exploits of the Shellshock vulnerability

A “closed loop” system can quickly detect threats and alert security administrators to take the necessary corrective actions. With IBM BigFix, you can quickly determine which endpoints — including servers, work stations and other devices — are vulnerable to the Bash bug. IBM Security QRadar can leverage data from network and endpoint security solutions to immediately see whether someone is trying to exploit an operating system vulnerability. IBM QRadar can then alert the security team to use endpoint management solutions, such as BigFix, to remediate the condition.


Today, it is not a matter of if an organization will be breached, but rather a question of when a breach will take place. This means organizations need to have the ability to respond rapidly once an initial incident or vulnerability has been detected. The key response functions include the following:

  • Identifying the type and version of OS on the previously detected vulnerable endpoints
  • Remediating the endpoints with the appropriate patch for the version of OS it is running

Having detected which endpoints are vulnerable and the various OS types and versions that these endpoints are running with Endpoint Manager, you now have to focus your efforts on patching these endpoints quickly and efficiently.

BigFix can rapidly apply patches across multiple operating systems within minutes, including UNIX, Linux and OS X, all of which have reportedly been affected by Shellshock. BigFix customers have realized up to a 98 percent first-pass patch success rate and can rapidly apply Shellshock patches for all OS types, including CentOS-5 and CentOS-6, RHEL 5 and RHEL 6, zLinux, SLE 11 and SLE 11 System z, Solaris, Mac OS X and Ubuntu. With the manager’s ability to provide real-time visibility into the status of managed endpoints, you can confirm all your endpoints have been patched and are more secure.

BigFix supports over 130 platforms out of the box and helps ensure your endpoints are in continuous compliance with your security and regulatory policies — all through a single console, regardless of endpoint type, OS version or location. By automating the remediation, BigFix helps customers close the loop by supporting the response phase of the IBM Threat Protection System.

An ounce of protection is certainly worth a pound of cure. With IBM Security solutions, you get both.

More from Endpoint

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response. Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats. Signature-Based Antivirus Software Signature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…