Welcome to the BigFix Blog, where you can read the perspectives from network and service assurance experts. This Blog provides insights into the endpoint management solution, as well as technical details about specific IBM products.
It is a well-known statement in the endpoint security field that the only way to protect a device, aka endpoint, from malicious attacks is to keep it switched off. This method, though very effective, is not very practical. Therefore a different solution is required for endpoints that are attacked and compromised. The best way to cope with potential exposures and security risks is to avoid an incident to occur in the first place (Prevent). However, prevention itself has demonstrated not to be bulletproof. Therefore, if an attack is successfully... [More]
The IBM Endpoint Manager for Security and Compliance Analytics team is pleased to announce the release of a 1.5 patch. This patch release provides fixes that address the following vulnerabilities: · CVEID: CVE-2014-0191 · CVEID: CVE-2014-3566 · CVEID: CVE-2014-6585 · CVEID: CVE-2014-6587 · CVEID: CVE-2014-6591 · CVEID: CVE-2014-6593 · CVEID: CVE-2014-8892... [More]
The IBM Endpoint Manager team is releasing 9.1 Patch 5 and 9.2 Patch 1 of the IBM Endpoint Manager platform. These new versions address security updates, including the POODLE vulnerability, and fixes from older versions of OpenSSL. The new patches use OpenSSL 1.0.1.j. IBM recommends upgrading whenever possible to take advantage of optimizations and bug fixes. Because these vulnerabilities are not of a critical nature, the upgrade should not be done in haste, but as part of a planned upgrade process. Upgrade fixlets are available... [More]
Patching Windows clusters is largely a manual effort that is time-consuming and leaves plenty of room for error. If a mistake is made in patching your “mission critical applications” it can cost $50k, $100k or for some customers $Millions per outage. Depending on what versions of Windows you’re using, there’s little-to-no tooling to help you with this important task, and unfortunately it’s not one you can delay due to the exposure to your organization of not having the latest security patches... [More]
Have you ever tried to make a large withdrawal from an ATM only to be declined? It’s probably because there are automatic safeguards in place for large withdrawals to prevent misuse and financial damage—in case a merchant makes an error charging you more than they are required to; or if your card and access details were compromised and fell into the wrong hands. You’ll likely have to get approval from the bank manager in person in order to make a large withdrawal. This allows the bank to verify that only authorized individuals... [More]
The IBM Endpoint Manager SSL Heartbeat Vulnerability (CVE-2014-0160) Scanner, developed by the IEM AVP Team, is being made available to customers to assist in identifying potentially vulnerable systems through a distributed and automated approach. Customers can find the latest version of the scanner in the Bigfix Labs site version 35. The Scanner has 2 different operating modes available: - Filesystem scan to locate executables and libraries that may contain affected versions of OpenSSL (including applications embedding OpenSSL) -... [More]
IBM Endpoint Manager is pleased to announce the release of a Mobile Device Management Patch. New Features: Option for iOS devices: messages arriving from the Console can now play a sound. Fixed Issues: Web Report, "Mobile Device Security Overview" correctly includes blacklisted apps. Enterprise App Management dashboard: Android apps append to recommended app lists. Three dashboards updated for compatibility with upcoming 9.1 (SHA256) release. Required Actions: Upgrade components... [More]
IBM announces the availability of IBM Endpoint Manager for Remote Control 9.1.0. The content in the Tivoli Remote Control Site has been modified to support the release of the new IBM Endpoint Manager for Remote Control 9.1.0. The full build number for the Remote Control components for this release is 9.0.1.0026. Changes: - The deployment tasks have been updated to install the 9.1.0 components. - The upgrade tasks have been updated to upgrade the installed components to the 9.1.0 version. - The IBM Endpoint Manager for Remote Control Server... [More]
I am proud to announce that a new IBM License Metric Tool 9.0 is published and available! IBM® License Metric Tool 9.0 replaces the IBM Endpoint Manager for Subcapacity Reporting 9.0 and is available additionally on Passport Advantage for all ILMT customers. IEM customers can download the new application from IBM License Reporting (ILMT) v9 fixlet site. IBM License Metric Tool 9.0 offers the following enhancements: Compliance with SP 800-131a cryptographic standards Support for IBM Endpoint Manager version 9.1 Usability... [More]
IBM is pleased to announce the release of Enrollment and Extender Patch for Mobile Device Management: Site Version 86 Release Features Updated the Enrollment and Apple iOS Management Extender to replace a certificate that is due to expire on January 24th, 2014. This certificate impacts the IBM Endpoint Manager Mobile Client. After the certificate expires, Recommended Apps and sending messages through the client will not function fully until the certificate is replaced. Required Actions Update all... [More]
IBM is pleased to announce we will be releasing Enrollment and Extender Patch for Mobile Device Management next week: Release Features Updated the Enrollment and Apple iOS Management Extender to replace a certificate that is due to expire on January 24th, 2014 . This certificate impacts some functions of the IBM Endpoint Manager Mobile Client including Recommended Apps and sending messages through the client. Required Actions Update all Enrollment and Apple iOS Management Extenders in your deployment by running... [More]
IBM Endpoint Manager for Patch Management for Solaris now supports Solaris 11 11/11 and 11.11. The Patch Management team released a new site called “Patches for Solaris 11”, which contains Fixlet content for patching Solaris Support Repository Updates (SRUs) on Solaris 11 endpoints. Supported Versions of IBM Endpoint Manager: IBM Endpoint Manager 8.2 and later Published Site Version: Patches for Solaris 11, version 19 New Dashboard: Solaris Image Packaging System Repository Management dashboard... [More]
IBM is pleased to announce the availability of IBM Endpoint Manager for Software Use Analysis app. level 9.0! IBM® Endpoint Manager for Software Use Analysis 9.0 is the first of a series of deliveries aimed to provide capabilities that were part of IBM Tivoli Asset Discovery for Distributed product to allow customers to be able to use IBM Endpoint Manager to report on IBM capacity licensing usage (aka IBM Sub-Capacity). Customers can download the new application level from the IBM Endpoint Manager for Software Use Analysis fixlet site.... [More]
Hey just a heads up, we're currently investigating reports of the latest version of flash player (11.8.800.168) breaking things in our flash based dashboards. The version before that (11.8.800.94) is still okay. As soon as we have a fix we'll be posting about it here.
This week, I have a confession to make. I hate Apple…or at least, I used to. I started my career as a hardware guy…selling PCs no less. So to me and anyone else selling Windows-based PCs, Apple was the evil empire. At that time, their OS was awesome, and their hardware was junk. Yet creative types and education customers would still buy their gear, even when our ThinkPads were way better products. Fast forward a few years. Apple has come out with the iPod, iPhone and iPad, and essentially,... [More]