The 1980’s kids’ TV show GI Joe closed with the famous lines, “Now you know. And knowing is half the battle.” That’s never more true than in cyber security. When the network is at risk, it’s critical to know what you’d dealing with in terms of end point users. The newest update to IBM’s BigFix (called BigFix Detect) allows for some really useful security insights.
IBM has been around from the beginning, and after their purchase of BigFix Inc. in 2010, they’ve been using the original platform to continue adding value to the security needs of businesses. BigFix is a software system that provides security across networks by detecting problems and deploying patches to control and manage problems. It also provides anti-malware control, personal firewalls, and behavior monitoring. The platform also performs its own self-quarantine functions and provides removable device control. Overall, BigFix is an exceptional tool that has become a genuine market force in the cyber security world.
Their newest offering, Detect, is a radical new addition to the security platform. First, the code is completely native to BigFix meaning that IBM owns the content of the module, and that it was designed and coded directly for use within the BigFix framework, to leverage the already impressive tools that BigFix provides. Second, the support team for the module is already in place and is already fully prepared to help with any specific needs.
The module includes some pretty useful tools. For starters, they offer the ability to detect devices on the network. This is huge. A user can now see everything you need to deal with. The patching system and management is still excellent, and Detect offers a new tool that allows a user to build and deploy software content to a number of OS’s in a very user-friendly way. Further, the new module allows for the manager to find and correct any malicious activity based on behavior rather than signatures. This is a huge feature enhancement given the large number unique malicious software bugs that are being created every day. The system also allows a user to investigate what has been tagged as malicious and thus caused the alert. If the action is indeed malicious, the user is able to quarantine, kill the process, and use the built in patches to fix the software hole, and all within the single machine that has been attacked. If a system-wide patch is needed, the user is able to build and deploy the patch with a few simple commands in plain English. All the communication and data analysis is done in the cloud and allows for complex ML analysis for behavior, and even in a situation where access is tight, a user can still access the BigFix port, allowing for data analysis.
Overall, the new module for big fix is looking to be a huge advantage to the IBM BigFix suite. The new tools, visibility, and usability promise to keep this software at the cutting edge of cyber security.