BIGFIX. Maintaining Continuous Compliance with BigFix. Executive Summary

Transcription

1 Maintaining Continuous Compliance with BigFix Executive Summary Meeting regulatory and internal compliance guidelines is a de facto standard practice for IT operations and IT security teams in public and private organizations. IT organizations carry out internal audits on a regular basis plus audits of critical systems and infrastructure annually in accordance with regulations such as FISMA, HIPAA/HITECH, PCI, SOX, and many others. To keep up with the different internal and external compliance audit requirements, IT organizations often find themselves in a reactive mode addressing requirements on a project by project basis instead of as an ongoing, strategic business requirement. This approach brings with it security risks and much higher costs. IT operations and security teams can break away from this reactive cycle by developing and delivering a sustainable and cost-effective compliance program based on the BigFix Unified Management Platform. 1

2 BigFix Real-world Third Examples Party Solution Financial company Provider: with a CenterBeam highly-distributed infrastructure customized a top outsourced BigFix SCM IT and services reduced configuration company, CenterBeam cycle makes reduced it from possible six months for midsize to two weeks. businesses to achieve the National same retail level chain of IT reliability, leveraged security, BigFix SCM and Controls high touch gain customer infrastructure service visibility that and Fortune achieve PCI 500 configuration companies and enjoy. reporting By realizing requirements operational faster efficiencies while lowering costs a leveraged and environment, reducing overhead. CenterBeam is able to deliver enterprise-class Federal agency assessed services using products such compliance and automated as BigFix to the mid-market remediation of non-compliant with compelling economics. systems with BigFix s out-ofthe-box a satisfied checklists, customer eliminating and a provider ongoing security of the BigFix failures solution, and CenterBeam s mitigating threats CTO caused Shahin by Pirooz poorly configured says, We and consider badly BigFix managed to be systems. the benchmark end point policy platform. Designed for today s highly distributed public and private organizations, the BigFix solution addresses both the regulatory need for compliance and reporting, and the operational need to maintain centralized visibility and enforce security configurations on desktops, on or off the network, in real time. Through a comprehensive, role-based policy-driven approach, IT teams can quickly and easily measure their environment against defined compliance policies and maintain continuous compliance. By transforming the process from repetitive to continuous compliance, companies can quickly and easily reduce risk and cost and increase productivity. Challenges Compliance usually involves multiple IT teams dealing with point-in-time assessments, stale data, ineffective and inaccurate tools, internal politics, multiple consoles, and multiple infrastructures all leading to too much cost and extensive windows of vulnerability. IT security teams should continuously measure and assess the environment to determine if infrastructure is meeting internal and external compliance regulations, while operations teams should be tasked with ensuring systems are up and running to meet the needs of the organization. IT security teams typically have limited access to the systems within the infrastructure, making it difficult to accurately identify all the gaps in compliance. Meanwhile, remediation usually falls to a separate IT operations team that uses different toolset. This approach increases costs and risk and results in a time-consuming, resource intensive, and problematic approach to the assessment and audit cycle. Challenges include: Consistent results. IT departments have the task of showing that systems meet audit requirements. To address different requirements, teams often times work separately using different tools. Every tool works differently, yielding potentially different results, adding additional layers of complexity, increasing risk and the cost of doing business, driving further inefficiency and lack of consistency and clarity. This extends the process of identifying compliance gaps and remediating them to several weeks or even months. To overcome this, IT operations and security teams need a single tool that provides a unified and automated approach to discovering, assessing, remediating, and reporting on compliance. Endpoint visibility. Visibility is vital for assessing system status and meeting compliance requirements on all endpoints on or off the network. While past compliance efforts and tools focused primarily on servers, endpoint as the most susceptible to attack are the main targets of hackers. Gaining access to a workstation provides an open door to the server environment. Obstacles to visibility arise in distributed environments containing a range of desktop and laptop systems running many versions of Microsoft Windows for servers and workstations, Unix, Linux, and Macs. To protect all endpoints, teams need comprehensive, real-time visibility into the compliance state of all assets throughout the infrastructure and continuous automated enforcement of endpoint compliance policy regardless of network connectivity. 2

3 BigFix Meeting Regulation Third Party Requirements Solution BigFix understands Provider: that all customers want to be secure and meet CenterBeam their regulatory obligations. That is why a we top help outsourced customers IT every day services to meet certain company, requirements CenterBeam makes regulations it possible like: for midsize FISMA businesses to achieve the HIPPA same & level HITECH of IT reliability, security, SOX and high touch customer PCI service that Fortune FERC/NERC 500 companies enjoy. GLBABy realizing operational efficiencies And more in a leveraged environment, While not a dedicated CenterBeam governance, is able risk, & to compliance deliver enterprise-class (GRC) company, services BigFix offers using a number products of advantages BigFix in this to area the that mid-market cannot be such as with matched: compelling economics. Visibility. a satisfied Both deep customer and wide and - a customers can see thousands provider of the BigFix solution, of computers properties and our CenterBeam s CTO Shahin distributed scanning technology Pirooz typically says, uncovers We 15%-30% consider more BigFix assets to on be the the network benchmark than previously point identified policy end platform. Scalability. Single server to support up to 250,000 endpoints distributed across the globe with all types of connections Convergence and Cost Reduction. One vendor, one infrastructure to implement anti-malware, patch management, endpoint firewalls, NAC, configuration compliance, and vulnerability management across multiple OS platforms reduces costs and enables operationalization of daily security tasks Data accuracy. Secure does not always mean compliant, compliant does not always mean secure. In fact, too many tools can actually end up leaving organizations less of both and unaware of the fact. To verify the accuracy of all compliance data on and off the network, organizations need a single solution that accommodates the requirements of both the IT security and operations teams. One that accurately reports whether systems are truly patched (not just that the patch is present), configured correctly, and running up-to-date antivirus software. Policy-based assessment. IT departments face challenges in establishing and measuring against consistent policies throughout the entire organization when IT security and operations teams are using different tools to meet disparate goals and objectives. A unified approach is the only way to implement a proactive policy-based approach sharing and enforcing information across teams, defined policy based on accurate, realtime information. Scalable Remediation. sessment without remediation provides limited value to either team. Adding to the burden of discovering how to fix identified problems is the fact that different tools speak different languages and it is often difficult to bridge the language gap between them. Teams need a solution that not only pinpoints non-compliance among assets, but can also actually bring them into compliance. And this solution must scale to provide coverage for all endpoints fixed or mobile desktops, laptops, and servers, across all platforms, overcoming the challenge of touching every machine in a way that works without fail and without an enormous IT staff. Cost and Risk Reduction. IT security and operations teams have different goals and objectives when it comes to meeting internal and external compliance audit requirements, oftentimes resulting in divergent, costly approaches that come with increased security exposure. To keep costs low and eliminate risk, teams need a comprehensive approach to meeting compliance audit requirements. Achieving and maintaining continuous compliance through a unified approach is the best way for teams to eliminate challenges and reduce the cost and risk associated with managing compliance. Real-time Reporting and Continuous Compliance. With BigFix s unique architecture, endpoints report back anytime there is a status change and can be configured to continuously enforce endpoint policies 3

4 Solution Overview BigFix helps IT security and operations teams to become compliant, stay compliant, and prove compliance with the BigFix Unified Management Platform a unified assessment, remediation, and reporting tool that fosters communication and ensures accuracy of reporting against all internal and external compliance initiatives. BigFix provides a proven, consistent, accurate, cost-effective approach to assessment and remediation a single, centralized console view for comprehensive realtime visibility into the current configuration and compliance state of all managed endpoints. This approach yields pervasive visibility and control in large, complex, distributed environments and enables organizations to focus resources more effectively reducing the overall cost of compliance. The standard approach for assessing, measuring, evaluating, and remediating compliance issues typically involves vacillating between compliance and non compliance i.e., managing to point-in-time activities, such as audits, with little to no review in between. BigFix transforms this resource-intensive cycle by bringing consolidated real-time visibility and control to vital security and system management processes that support distributed server, desktop, mobile, and virtualized computer infrastructures at enterprise scale. To achieve this, the BigFix architecture implements a distributed single-agent, single-infrastructure approach to delivering anytime/anywhere security and system management services across distributed computing infrastructures. IT security and operations teams can automate a growing portfolio of compliance processes covering endpoint security, patch and software updates, security configuration management, PC power management, IT policy enforcement, asset management, and technical controls compliance with a single low-cost infrastructure. With the BigFix Unified Management Platform, IT operations and security teams have a real-time view of the infrastructure. Through this dynamic view of the configuration state, teams can immediately determine if the infrastructure is meeting all compliance regulations. This unified approach fosters information sharing across teams. It offers the opportunity for IT security and IT operations teams to make policy-based assessments for reporting and measuring. It also closes the loop on the remediation process as teams can take advantage of the centralized view to immediately confirm that fixed is really fixed. And the added benefit of continuous compliance is continuous security. By achieving and maintaining continuous compliance through the BigFix unified approach, all public and private organizations facing internal and external data security regulations can reduce security exposure, minimize business risk and increase productivity through IT automation and control freeing up teams to focus on other tasks. 4

5 BigFix SCAP Protocol Third Party Support Solution BigFix fully Provider: and completely supports each of the underlying CenterBeam protocols a top outsourced defined by SCAP: IT services Common company, Vulnerabilities CenterBeam and makes Exposures it possible (CVE) Standard for midsize identifiers businesses and dictionary to achieve for the security same vulnerabilities level of IT reliability, related to security, software and flaws. high touch customer service that Common Configuration Enumeration (CCE) Standard identi- Fortune 500 companies enjoy. By realizing operational fiers and dictionary for system efficiencies in a leveraged configuration issues related to environment, CenterBeam is security. able to deliver enterprise-class services Common using Platform products Enumeration such as (CPE) Standard BigFix to the mid-market identifiers and with dictionary compelling for platform/product economics. naming. a satisfied customer and a provider extensible of Configuration the BigFix solution, CenterBeam s Checklist Description CTO Shahin Format Pirooz (XCCDF) Standard says, We consider XML for BigFix specifying to be checklists the benchmark and for end reporting point results policy platform. of checklist evaluation. Open Vulnerability and sessment Language (OVAL) Standard XML for testing procedures for security-related software flaws, configuration issues, and patches as well as for reporting the results of the tests. Common Vulnerability Scoring System (CVSS) Standard for conveying and scoring the impact of vulnerabilities. The BigFix Approach BigFix provides a comprehensive solution to achieving and maintaining continuous compliance. The BigFix solution enables public- and privatesector organizations to see, change, enforce, and report on security policies and system configurations in real time on a global scale. Using this solution, IT organizations can implement critical security and vulnerability management functions for all endpoints from the unified management console. Powered by a resilient, highly responsive intelligent agent infrastructure, BigFix is purpose-built to support highly distributed environments. It does this by leveraging the BigFix Unified Management Platform, which includes the following components: The BigFix Agent the brains of the platform. Continuously assessing the endpoint and enforcing policy regardless of connectivity this single, multipurpose management agent represents a radical departure from legacy client server architectures and powers a resilient distributed intelligent infrastructure. The BigFix Server, which hosts the BigFix console, reporting/analysis dashboards, and policies. BigFix Policy Messages, also known as Fixlet messages, which communicate policy information between BigFix Agents and BigFix Server environments. Customers can use BigFix-provided policies, or customize their own. BigFix Relays, which act as communication and aggregation points and staging areas for BigFix Policy Messages and patch/remediation content. BigFix Relays can be installed on existing hardware, including desktops and multi-purpose systems. BigFix supports multiple operating systems including current and legacy versions of Windows, Linux, Unix, and Macintosh. Although some standards and regulations are focused primarily on Windows XP and Windows Vista, BigFix s multiple platform support enables organizations to easily scale standards and regulations expand over time. To support distributed environments and provide continual enforcement of policy, the BigFix Agent is a single agent that performs all policy analysis and enforcement continuously, whether assets are connected to the network or not. Because the lightweight BigFix Agent uses < 2% CPU on average, it imposes a minimal footprint on the system, avoiding performance concerns and challenges posed by legacy architectures and solutions. Additionally, the BigFix Agent interprets Fixlet message policy definitions to ensure that systems easily maintain their compliance to policies even as standards change over time. 5

6 The BigFix Console with role-based access control provides a single operational view into the agency infrastructure for comprehensive visibility and control. Operators can instantly see the configuration settings that need to be evaluated and the assets that are not compliant. Operators can schedule control and remedial actions within minutes, and receive immediate validation that the action has completed successfully. The system status is always available in real time. Operators can meet all reporting requirements by generating compliance reports and automatically forwarding to internal groups, as well as oversight agencies, such as NIST. Reports are produced both in visual form for display in the console and in XML Summary Meeting the regulatory need for compliance and reporting, in addition to the operational need to maintain centralized visibility and control, can be challenging and costly without a single, unified approach. BigFix delivers a revolutionary, cost-effective solution that offers public and private organizations a unified approach to achieving and maintaining continuous compliance while also maintaining effective visibility and control for all managed assets. The BigFix platform consolidates multiple policydriven security configuration management functions into a single-low cost system that is able to communicate, in real time, with all stationary and mobile endpoints. Using BigFix, agencies can certify that their applications are fully functional and compliant, manage access and privilege levels, automatically apply patches and software upgrades without modifying configurations adhering to compliance requirements, validate configurations, and monitor systems in real time to ensure that configurations do not undergo unauthorized change. Organizations can identify and report on deviations from compliance policies and create custom policy values for requirements like FISMA, HIPA, or PCI that meet or exceed defined security standards. BigFix increases security and productivity while dramatically lowering costs to public and private organizations. Hardware investment is minimal, with substantial time savings from centralized automation of software updates. With scalability that ranges from hundreds to hundreds of thousands of endpoints, BigFix can provide critical visibility and control functions for public and private organizations of almost any size. 6

7 BIGFIX BigFix: Breakthrough Technology, Revolutionary Economics Founded in 1997, BigFix, Inc. is a leading provider of high-performance enterprise systems and security management solutions that revolutionizes the way IT organizations manage and secure their computing infrastructures. Based on a unique architecture that distributes management intelligence directly to the computing devices themselves, BigFix is radically faster, scalable, more accurate and adaptive than legacy management software. From Systems Lifecycle Management, Security & Vulnerability Management to Endpoint Protection, BigFix solutions automate the most labor-intensive IT tasks across the most complex global networks saving organizations significant amounts of time, labor, and expense. BigFIx provides real-time visibility and control for millions of globally distributed computing devices. The BigFix customer list counts many of the world s largest and most prestigious organizations in every industry including financial services, retail, education, manufacturing, and public sector agencies. More information can be found at BigFix, Inc. BigFix and the BigFix Logo are registered trademarks of BigFix, Inc. Other trademarks, registered trademarks, and service marks are property oftheir respective owners