Have you been wondering what you can do about Malware and Ransomware? Thinking that you cannot stop the threat of the dark web or of the technical prowess of the mischievous people who seem to develop a constant stream of exploits that can leave your company’s network at their mercy? Does the possibility of an attack or ransomware incident keep you awake at night? The potential outages? The monetary costs and business impact?
It may interest you to know that the National Security Agency (NSA) recently published a report that during a two-year period ending in 2016, no exploit that caused a major breach was a zero-day exploit. What does this mean? A zero-day exploit is an exploit for which there is no known patch or fix, and for which there is no way to avoid its effects. It means that cyber criminals have been developing exploits that take advantage of existing vulnerabilities… that they know that they don’t need to develop zero-day exploits to cause disruption in your network. Think of it this way: why would a thief go through the trouble of breaking into a home with a security system if they can find homes with no security system where the door is left unlocked?
If this is the case, why are so many corporate networks exposed? Why did the recent Wannacry Ransomware attack cause so many issues and cost up to $4B? Well, as the NSA tells us, it boils down to a matter of hygiene. That’s right. We already have the ability to mitigate much of this and to protect ourselves but we frequently don’t, and therefore leave ourselves exposed. The recent Wannacry attack exploited a vulnerability that was patched by Microsoft in March of 2017, yet enough corporate networks weren’t effectively patched when it happened in May to result in significant impact. This may either be due to the lack of an endpoint management solution or to the use of an ineffective or inefficient endpoint management solution.
Enter IBM’s BigFix solution. BigFix is a core part of the IBM Cybersecurity portfolio, part of the IBM Immune System. It should be a fundamental underpinning of any Cybersecurity solution and any attempt to mitigate the ongoing (and increasing) Cybersecurity threat to corporate networks. It has a broad range of Endpoint Management functionality, which I will cover in other blog entries.
The focus I am highlighting here is its very strong Patch Management capability. It provides superior endpoint visibility – you can’t patch what you can’t see! It does not wait for the next scheduled network scan (which could take days or weeks) to take place to find vulnerable endpoints that need critical patches because it receives continuous updates from each endpoint in near real-time. During a recent POC, one customer discovered exposed production endpoints with critical patches unapplied, in spite of having a different patch management solution in place.
BigFix employs a lightweight endpoint agent (< 2% CPU and < 15MB RAM). It has the ability to throttle it’s use of the network to accommodate low-speed connections. You can manage up to 250,000 endpoints from a single easy-to-use console. Customers have found it to have a superb 98% or higher first-pass patch application success rate (not always the case with other patch management tools). It supports 90+ OS platform variants including Windows and *Nix.
So… if you are lacking endpoint patch management or think you could be doing better patch management, why leave the door open for the high cost of havoc, outages, data loss, or even having to fund a ransom? Put a deadbolt on that door. Make sure you take a close look at IBM BigFix… and sleep easier.