Closing the Vulnerability Management Gap with BigFix and QVM
I-Lung Kao 310000BGWS Visits (8504)
Fixing vulnerability is a big challenge
It is common knowledge that effectively and constantly addressing vulnerabilities is a top priority security issue for organizations. Hackers will exploit vulnerabilities that exist in operating systems, middleware or application software through techniques such as phishing or spoofing to inject malware or seize unauthorized privileges to steal valuable information. And they do this quickly.
According to the Verizon 2015 Data Breach Investigation Report, about half of newly reported vulnerabilities were exploited in less than a month after they were reported. This is because hackers know many organizations cannot effectively patch new vulnerabilities across the enterprise in sufficient time. Identifying the right patches to fix vulnerabilities and prioritizing patching or taking other remediation actions effectively on a large scale are big challenges for an organization.
Effective vulnerability remediation is needed
Many businesses today deploy an on premise or cloud-based vulnerability scanning solution to discover vulnerabilities on machines across their network. Some scanning solutions also include capabilities that assess the risk of each discovered vulnerability (in addition to the CVSS associated with the CVE), or the risk of the device where the vulnerability is discovered, considering factors such as network topology, machine current state, or the business value of the data or function of the machine.
While many vulnerability scanning solutions are effective in discovering vulnerabilities and providing decent risk assessment, most still lack capabilities to provide guidance on how the vulnerabilities should be remediated – or an enterprise scale remediation tool to actually fix them.
IBM QRadar Vulnerability Manager (QVM)
IBM QRadar Vulnerability Manager (QVM) solution is built on top of the IBM QRadar security intelligence platform to detect vulnerabilities across a variety of devices on the network. Vulnerabilities collected can enhance the QRadar asset profile and, in turn, the effectiveness of its security analytics.
QVM is also fully integrated with QRadar Risk Manager (QRM) that assesses each device’s risk posture based on a broader context including network topology and communication activities. Another benefit of QVM is the ability to collect and consolidate vulnerabilities scanned by other vulnerability scanners. That way, QVM serves as a centralized focal point for vulnerability collection, reporting and prioritization for the entire organization.
IBM BigFix provides an enterprise-scale endpoint management and security solution to help organizations continuously monitor endpoints’ configurations, installed software, operating system or application patches, and report policy compliance postures across all the devices—based on either out-of-the-box or custom policies.
BigFix can also be used to also fix any non-compliance promptly by changing an endpoint’s configuration state, applying appropriate patches, removing malware files, or stopping suspicious processes. This continuous monitor-report-fix cycle of BigFix can effectively eliminate the windows of opportunity for attacks.
Closing the gap of vulnerability management
A powerful combination of BigFix and QVM solutions means IBM can now help close this vulnerability management gap. Organizations can use QVM to scan vulnerabilities across devices, assign a risk score to each asset (device) based on correlations with a broader context provided by QRM, and then send the discovered vulnerabilities and asset risk scores to BigFix. Then, for each vulnerability found and prioritized by QVM, BigFix can subsequently identify the appropriate patches. The IT team can immediately use BigFix to apply relevant patches. The patch applying results are incorporated to and shown on the QRadar console.
For the vulnerabilities that do not have a patch available, IT Ops can temporarily quarantine the machine – isolating it from the network – using the same BigFix tool.
Organizations using other vulnerability scanners will also benefit
The integration between BigFix and QVM will also provide this vulnerability remediation value to the organizations that are using non-QVM vulnerability scanners. The vulnerabilities discovered by another scanner can be collected and consolidated by QVM and risk-assessed with combination of QRM, if desired. The consolidated vulnerabilities and risk scores are then sent to BigFix for remediation.
BigFix treats the vulnerabilities originally discovered by another scanner exactly in the same way. The appropriate patches or quarantine actions are made available. IT Ops can just focus on fixing these vulnerabilities without a concern on how the vulnerabilities were discovered.
Enabling collaboration between the IT Ops and Security teams
Security and the IT Ops teams may not have efficient communication or strong collaboration efforts, mainly because the each has different job skills and focuses on different activities. But another reason may be that there is no tool effective enough to enable the data to flow from one team to the other.
Vulnerability management, consisting of vulnerability discovery, prioritization and remediation, requires collaboration between the two. This latest integration between BigFix and QVM helps to enable:
If you would like to get more information about this integration, please check out the IBM Security Intelligence webinar specific on this topic: