extending qradar’s reach and simplifying incident response with bigfix

3
1 © 2015 IBM Corporation Extending QRadar’s reach and simplifying incident response with BigFix

Upload: luigi-delgrosso

Post on 22-Jan-2017

251 views

Category:

Software


2 download

TRANSCRIPT

Page 1: Extending QRadar’s reach and simplifying incident response with BigFix

1 © 2015 IBM Corporation

Extending QRadar’s reach and simplifying incident response with BigFix

Page 2: Extending QRadar’s reach and simplifying incident response with BigFix

2© 2015 IBM Corporation

1.BigFix fixlet and vulnerability status messages passed to QRadar– Customer value: Actions that occur and vulnerabilities that exists on endpoints can be passed to QRadar for

correlation with other security events. BigFix patch status is relayed to QRadar in a very timely fashion and is stored in the asset database.

2.QRadar (QVM) assigns high-risk vulnerabilities (i.e. those determined via QRM policies) to BigFix for remediation or quarantine; also allows tracking should an exploit occur

– Customer value: Typical BigFix customers don’t have a way to figure out which patches should be assigned high priority. With this integration, high-risk vulnerabilities could be easily assigned to operations personnel as needed. BigFix administrators gain a way to know which patches should be considered for high priority “out of band” patching, and can initiate remediation immediately. This reduces risk of initial exploit, exploit propagation, and improves productivity.

– Typical QRadar customers don’t have a way to isolate vulnerable or compromised devices to limit potential exposures. With this integration, high-risk vulnerabilities could be easily isolated form the network allowing only BigFix communications. QRadar administrators gain a way to immediately react to possible exposures and have BigFix Administrators remediate the vulnerability. This reduces risk of initial exploit, exploit propagation, and improves productivity

Avai

labl

eIBM Qradar and IBM BigFix – Integration Use Cases

Page 3: Extending QRadar’s reach and simplifying incident response with BigFix

3 © 2015 IBM Corporation

Example - BigFix CVE Action Status