Welcome to the BigFix Blog, where you can read the perspectives from network and service assurance experts. This Blog provides insights into the endpoint management solution, as well as technical details about specific IBM products.
Hi All, We've just released a new Fixlet site to deploy and
manage Proventia Desktop and IBM Security Server Protection for Windows.
The site is named "Client Manager for Host Protection". "Client Manager for Host Protection" includes the following key capabilities: - Deploy and upgrade Server Protection and Proventia Desktop agents - Report on Server Protection and Proventia Desktop agent status and version Note
that as with other Client Manager content, this site is not a
replacement for the SiteProtector... [More]
SCM Content has been updated for the DISA UNIX Checklists! * Only the Linux OS's are affected by this update -- here are the new versions of the checklists: Self-Parameterizing Checklists: DISA STIG Checklist for AIX 5.1 ---------- now site version 6 DISA STIG Checklist for AIX 5.2 ---------- now site version 5 DISA STIG Checklist for AIX 5.3 ---------- now site version 5 DISA STIG Checklist for AIX 6.1 ---------- now site version 5 DISA STIG Checklist for HPUX 11.00 --- now site version 5 DISA STIG Checklist for HPUX... [More]
We are looking to retire the following legacy sites in March 2012: Patches for RedHat Enterprise Linux Patches for RedHat Enterprise Linux (Outdated RPMs) Before anyone starts to panic, keep in mind that we replaced these sites with the Patches for RHEL 3|4|5 sites in 2009. The Patches for RHEL sites were developed to make our patch content easier to deploy by supporting RPM dependency resolution. By retiring the legacy Red Hat sites, we will be able to clear up confusion around the two different sets of content, reduce the maintenance... [More]
It is a well-known statement in the endpoint security field that the only way to protect a device, aka endpoint, from malicious attacks is to keep it switched off. This method, though very effective, is not very practical. Therefore a different solution is required for endpoints that are attacked and compromised. The best way to cope with potential exposures and security risks is to avoid an incident to occur in the first place (Prevent). However, prevention itself has demonstrated not to be bulletproof. Therefore, if an attack is successfully... [More]
The IBM Endpoint Manager team is releasing 9.1 Patch 5 and 9.2 Patch 1 of the IBM Endpoint Manager platform. These new versions address security updates, including the POODLE vulnerability, and fixes from older versions of OpenSSL. The new patches use OpenSSL 1.0.1.j. IBM recommends upgrading whenever possible to take advantage of optimizations and bug fixes. Because these vulnerabilities are not of a critical nature, the upgrade should not be done in haste, but as part of a planned upgrade process. Upgrade fixlets are available... [More]
Patching Windows clusters is largely a manual effort that is time-consuming and leaves plenty of room for error. If a mistake is made in patching your “mission critical applications” it can cost $50k, $100k or for some customers $Millions per outage. Depending on what versions of Windows you’re using, there’s little-to-no tooling to help you with this important task, and unfortunately it’s not one you can delay due to the exposure to your organization of not having the latest security patches... [More]
The IBM Endpoint Manager SSL Heartbeat Vulnerability (CVE-2014-0160) Scanner, developed by the IEM AVP Team, is being made available to customers to assist in identifying potentially vulnerable systems through a distributed and automated approach. Customers can find the latest version of the scanner in the Bigfix Labs site version 35. The Scanner has 2 different operating modes available: - Filesystem scan to locate executables and libraries that may contain affected versions of OpenSSL (including applications embedding OpenSSL) -... [More]
IBM Endpoint Manager is pleased to announce the release of a Mobile Device Management Patch. New Features: Option for iOS devices: messages arriving from the Console can now play a sound. Fixed Issues: Web Report, "Mobile Device Security Overview" correctly includes blacklisted apps. Enterprise App Management dashboard: Android apps append to recommended app lists. Three dashboards updated for compatibility with upcoming 9.1 (SHA256) release. Required Actions: Upgrade components... [More]
I am proud to announce that a new IBM License Metric Tool 9.0 is published and available! IBM® License Metric Tool 9.0 replaces the IBM Endpoint Manager for Subcapacity Reporting 9.0 and is available additionally on Passport Advantage for all ILMT customers. IEM customers can download the new application from IBM License Reporting (ILMT) v9 fixlet site. IBM License Metric Tool 9.0 offers the following enhancements: Compliance with SP 800-131a cryptographic standards Support for IBM Endpoint Manager version 9.1 Usability... [More]
IBM is pleased to announce the release of Enrollment and Extender Patch for Mobile Device Management: Site Version 86 Release Features Updated the Enrollment and Apple iOS Management Extender to replace a certificate that is due to expire on January 24th, 2014. This certificate impacts the IBM Endpoint Manager Mobile Client. After the certificate expires, Recommended Apps and sending messages through the client will not function fully until the certificate is replaced. Required Actions Update all... [More]
IBM is pleased to announce we will be releasing Enrollment and Extender Patch for Mobile Device Management next week: Release Features Updated the Enrollment and Apple iOS Management Extender to replace a certificate that is due to expire on January 24th, 2014 . This certificate impacts some functions of the IBM Endpoint Manager Mobile Client including Recommended Apps and sending messages through the client. Required Actions Update all Enrollment and Apple iOS Management Extenders in your deployment by running... [More]
IBM Endpoint Manager for Patch Management for Solaris now supports Solaris 11 11/11 and 11.11. The Patch Management team released a new site called “Patches for Solaris 11”, which contains Fixlet content for patching Solaris Support Repository Updates (SRUs) on Solaris 11 endpoints. Supported Versions of IBM Endpoint Manager: IBM Endpoint Manager 8.2 and later Published Site Version: Patches for Solaris 11, version 19 New Dashboard: Solaris Image Packaging System Repository Management dashboard... [More]
IBM is pleased to announce the availability of IBM Endpoint Manager for Software Use Analysis app. level 9.0! IBM® Endpoint Manager for Software Use Analysis 9.0 is the first of a series of deliveries aimed to provide capabilities that were part of IBM Tivoli Asset Discovery for Distributed product to allow customers to be able to use IBM Endpoint Manager to report on IBM capacity licensing usage (aka IBM Sub-Capacity). Customers can download the new application level from the IBM Endpoint Manager for Software Use Analysis fixlet site.... [More]
Hey just a heads up, we're currently investigating reports of the latest version of flash player (11.8.800.168) breaking things in our flash based dashboards. The version before that (11.8.800.94) is still okay. As soon as we have a fix we'll be posting about it here.
This week, I have a confession to make. I hate Apple…or at least, I used to. I started my career as a hardware guy…selling PCs no less. So to me and anyone else selling Windows-based PCs, Apple was the evil empire. At that time, their OS was awesome, and their hardware was junk. Yet creative types and education customers would still buy their gear, even when our ThinkPads were way better products. Fast forward a few years. Apple has come out with the iPod, iPhone and iPad, and essentially,... [More]