Blog Series: IT Perspectives by Jaqui Lynch
In our initial security blog we talked about what is meant by security and what kinds of assets need to be protected. One of the items mentioned was the detection and prevention of threats. In this blog we will discuss an effective solution for vulnerability management.
The first approach many security departments take is to use firewalls to block everything and network scanners to check for known vulnerabilities. Real security involves much more than this – the idea is to layer security starting from the application, then the operating system and working your way out to the firewalls and so on. Traditional scanners are great at finding known vulnerabilities, but they have no context and typically only test for known network ports. They often can’t tell if the patches for the vulnerability have even been applied and they don’t take into account data from firewalls, etc. that would add valuable context.
One example of a free product offered by IBM is FLRTVC – the fix level recommendation tool vulnerability checker, but it is only for AIX. This is a great tool that you install on AIX and it downloads a database of known vulnerabilities, checks for them and then builds a file that lists the ones it found, what the patches or ifixes are, where to get them and whether they are already installed or not. This is excellent for smaller environments. However, if you have hundreds of LPARs then it is way too time consuming to run this tool every week on every LPAR. And, after you identify them, you have to apply the patches. There are similar issues with many tools – what we need is tools like this with an overall management dashboard that you can code priorities and risk ratings into. Effectively we want a central tool that:
- Identifies endpoints
- Provides visibility into endpoints to identify vulnerabilities or non-compliance
- Fixes vulnerabilities and applies patches
- Continuously monitors and enforces compliance
- Proactively responds to threats
Vulnerability management is a critical task. Once you know what you have and what level it is at (a mammoth task for many) then those endpoints need to be monitored so that patches and other remediation efforts can be prioritized and implemented judiciously and efficiently. This allows IT staff to take rapid action on security intelligence that requires updates to the endpoints. It is important to get patches out to critical systems as quickly as possible as the hackers tend to take advantage of vulnerabilities very quickly, sometimes the day they are found.
The Cyber Security Solution Every CISO Should Know About
This is where solutions like the QRadar Security Intelligence Platform and BigFix can make a difference. QRadar provides an architecture that integrates:
- Security information
- Log management
- Event management
- Event detection
- Forensics
- Configuration management
- Vulnerability management
The vulnerability management portion uses advanced analytics that add context to events so that the best decisions can be made for risk management. QRadar consists of a number of modules that work together. As an example QRadar Vulnerability Manager discovers security vulnerabilities, adds context to them and provides information to assist the Risk Manager with prioritization and remediation.
BigFix works with QRadar to provide a form of closed-loop risk management. BigFix gathers deep state data on the endpoints that is used to improve QRadar asset database accuracy, strengthen risk assessments and enhance compliance reporting. BigFix ensures that QRadar’s asset database is kept up to date with the latest endpoint patch and vulnerability status which allows QRadar to gather information on endpoints that BigFix manages. BigFix comes with modules that address:
- Lifecycles
- Inventory
- Patching
- Compliance
- Protection
BigFix runs as an agent that continuously enforces policies with minimal systems impact. Once the initial policy is applied, the BigFix agent checks to ensure that the endpoint remains in compliance. If a patch or configuration is changed, BigFix automatically and autonomously re-applies the policy, ensuring that users or malware cannot compromise the endpoint policies. The agents communicate with a single server that can manage up to 250,000 endpoints and that can be viewed through a single console. It can automatically assess endpoints for required compliance configurations and can be set to quarantine non-compliant systems by disabling all access to and from them except for management control.
BigFix can also be used to deploy patches very quickly. Once an issue is discovered, a patch script gets built within a fixlet and it is tested manually. The fixlet is then sent to the BigFix server for distribution. The endpoints are analyzed to see which ones need the patches and BigFix is then used to deploy them. It is possible to remediate hundreds of operating systems instances with BigFix in the time it used to take to do 30 or 40. And it is done in a consistent, automated and prioritized manner. Additionally, BigFix provides near real-time visibility and control into patch compliance from a single management console.
Summary
Detecting and protecting against vulnerabilities can be a mammoth task. This is where integrated and automated solutions like BigFix truly shine. The ability to determine vulnerabilities, patch them quickly, enforce compliance for both patches and configurations and to do so in a streamlined and consistent manner is critical to any IT shop. Companies are being held accountable for security of their systems and especially of customer data. Having a risk mitigation and remediation strategy that rapidly takes care of vulnerabilities is now mission critical and it is something that can no longer be ignored. The growth in cloud, mobile, social media and web or portal based services and the sheer number of hackers out there puts this kind of security at the top of most C-level executives list of concerns. Having an integrated, modular based solution to this should be a fundamental part of any security plan.
References
Whitepaper on Managing Security Vulnerabilities and Risks
Schedule a consultation today to learn how IBM’s BigFix and QRadar can work together to secure your business.
If you liked this blog, you also might like: Closed-Loop Risk Management
Facebook | Twitter | LinkedIn | Instagram
IBM Security: QRadar Intelligence and Ops
IBM's integrated solutions harness security-relevant information from across your organization, and use analytics and automation to provide context and help you detect threats faster, identify vulnerabilities, prioritize risks, perform forensics analysis and automate compliance activities. 
-
IBM QRadar Security Intelligence Solutions Grow As Your Needs Grow
-
Organizations today need integrated security intelligence solutions that can grow as their business grows, both in terms of size and capabilities. The IBM QRadar Security Intelligence Platform meets these requirements by providing an integrated security solution that is highly scalable, and can expand it’s capabilities to meet increasingly hostile security challenges. This short video describes how IBM Security QRadar delivers scalability, visibility, vulnerability management, risk management, and performs forensics analysis to help you quickly and efficiently detect and respond to security threats. To learn more, please visit http://ibm.co/1HNzm2n
-
Video: Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
-
Security teams can be overwhelmed by a sea of vulnerabilities–without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. Cyberthreats need to be stopped before they cause significant financial and reputation damage to an organization. You need an endpoint security platform that can detect threats, prioritize risks and respond within minutes to shut down an attack or vulnerability that could compromise your endpoints.IBM BigFix seamlessly integrates with IBM QRadar to provide closed loop vulnerability management, accelerating risk prioritization and incident response to mitigate potential attacks giving you an integrated threat protection system to keep your endpoints and data secure.For more information, please visit http://ibm.co/1oSThIF
-
Report: IBM X-Force Threat Intelligence Report 2016
-
In the modern era of mega breaches, there seems to be an ever-upward trend of more attacks, more leaked records and more varied threats. Yet, by the numbers, 2015 was not a complete disaster. While significant interruptions, shifts in perspective and challenges to the security industry continue to evolve, there are some areas of slowed growth and even improvement. This paper takes a look at some of the notable highlights from 2015 and makes some projections at what we might glean for the future.
-
KocSistem Replaces Their SIEM & Deploys QRadar For Log Management & Regulatory Compliance
-
Many organizations are challenged with meeting regulatory compliance mandates. Watch this video and learn how Ko?Sistem, one of the largest IT services companies in Turkey, is complying with regulations using IBM Security QRadar. You will hear about how they removed a SIEM from another company and installed QRadar, and lowered costs, improved performance, and benefited from greater ease of use.For more information on QRadar, please visit: http://ibm.co/1DFd42q
-
The Next Era for Security – IBM QRadar Security Intelligence Platform
-
“IBM QRadar Security Intelligence Platform provides real-time transparency to see better into your organization than ever before,” says Steve Robinson, Vice President, IBM Security Division. Implementing the security information and event management (SIEM) dashboard, the IBM QRadar platform brings security operations teams full visibility through a single window. It also automates the tedious task of vulnerability management. Security teams can spend less time on manual tasks and more time on network security assessments. This means, according to Robinson, “QRadar will probably pay for itself right out of the gate.”For more information on Security Intelligence go to: http://ibm.com/software/products/us/en/subcategory/SWI60For more information on IBM Security: http://ibm.co/ibmsecurity
-
IBM Security Intelligence for the Cloud with QRadar
-
IBM QRadar Security Intelligence helps you monitor the cloud for security breaches and compliance violations using advanced security analytics. Using a flexible deployment architecture and connectors to popular cloud services, IBM QRadar Security Intelligence provides deep visibility of threats across both on-premise IT and hybrid cloud deployments.To learn more, please visit http://ibm.co/1DwamZk
-
How to Investigate Security Incidents Quickly and Easily
-
What’s behind a cyber attack? Gaining insight and clarity into the what, when and how of an enterprise security incident: IBM Security QRadar Incident Forensics helps you win the race against time when a security breach occurs by allowing you to rapidly and easily perform in-depth security incident investigations. It provides visibility and clarity to potentially malicious activity by thoroughly analyzing packets captured from your network, and in most cases can help resolve security incidents in minutes or hours instead of days or weeks. It is integrated with IBM Security QRadar solutions, allowing the same person who has visibility to logs and network flows to conduct searches and learn more about an incident. With QRadar Incident Forensics, security staffs can analyze many types of data, understand their relationships, re-trace the steps of an attacker, remediate damage, and reduce the chances of a recurrence. Learn more about QRadar Incident Forensics: http://ibm.co/QrSCg3
-
IBM Security QRadar and iSecure Work Together to Improve Customer Security
-
This short video describes the benefits that customers receive from the IBM Security QRadar and iSecure partnership. iSecure wraps their services around IBM’s QRadar products and helps clients address their security gaps. iSecure chose IBM because of the visibility QRadar provides to security exposures, and IBM’s continued investment in new capabilities such as vulnerability management, risk management, and incident forensics. iSecure also endorses IBM ability to provide a solution that combines multiple point products into a single, consolidated security solution.Learn more about IBM Security: http://ibm.co/ibmsecurity
-
Local Government Secures Their Data With QRadar
-
Securing people and funds is a challenge for the public sector. With these limited resources, IT departments must choose a security tool set that will be easy to implement as well as easy to manage. In this video, a local government explains why they chose IBM Security’s QRadar and how it has been a true asset to their work process.To learn more about QRadar, please visit http://ibm.co/1HNzm2n