It is becoming increasingly critical to manage both unknown and known vulnerabilities. In fact, since even novice cybercriminals can exploit publicly disclosed issues, it may be even more important to manage known vulnerabilities. Furthermore, fraudsters can examine information associated with known threats to develop new attacks and scout potential targets.

Intelligent Vulnerability Management

On one hand, it is important to fix vulnerabilities as quickly as possible. On the other hand, IT professionals must follow proper change management processes to ensure that systems are patched promptly and completely, and operations are restored.

It is equally crucial to prioritize remediation efforts, especially when there are limited resources. IBM BigFix offers real-time visibility into and control over all devices in an IT environment. It helps security analysts respond by answering questions such as:

  • What are the risks associated with a given vulnerability?
  • How many devices have the same vulnerability?
  • What patches are available to fix the problem?
  • How many devices does the patch apply to?

BigFix is based on machine learning that continuously assesses the state of endpoints in a network. After a patch is successfully installed, BigFix continues to verify the conditions of the vulnerability. If it detects an instance of noncompliance with a policy, patch or configuration, it reports the change to the server.

When integrated with IBM QRadar Vulnerability Manager (QVM), BigFix enables analysts to close the vulnerability management gap and remediate threats more effectively. QRadar scans vulnerabilities across a variety of devices and incorporates the data into the QRadar asset profile. With QRadar Risk Manager, analysts can prioritize vulnerabilities and assess the risk of each device. QVM then sends this data to BigFix, which identifies the appropriate fixlet to apply to the patches or quarantines the machine from the network, depending on the risk.

Be Proactive With BigFix

When managing vulnerabilities, it’s important to be proactive. BigFix provides continuous, intelligent endpoint protection, enabling analysts to maintain standardized baselines for security, compliance, configuration and patching. It also offers intelligent detection capabilities that evaluate alerts generated from millions of active endpoint anomalies, correlate events, recognize malicious behaviors and analyze root causes.

In other words, BigFix discovers what happened and reveals why it could be suspicious. It then guides analysts to conduct rapid remediation processes such as patching, reconfiguring or quarantining affected endpoints, or even remotely reimaging them altogether. Most importantly, BigFix provides real-time visibility throughout the endpoint security cycle. This visibility is the key to effective vulnerability management.

Sign up for a free 30-day trial of IBM BigFix

More from Intelligence & Analytics

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Overcoming Distrust in Information Sharing: What More is There to Do?

As cyber threats increase in frequency and intensity worldwide, it has never been more crucial for governments and private organizations to work together to identify, analyze and combat attacks. Yet while the federal government has strongly supported this model of private-public information sharing, the reality is less than impressive. Many companies feel that intel sharing is too one-sided, as businesses share as much threat intel as governments want but receive very little in return. The question is, have government entities…

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…