extending qradar’s reach and simplifying incident response with bigfix
TRANSCRIPT
1 © 2015 IBM Corporation
Extending QRadar’s reach and simplifying incident response with BigFix
2© 2015 IBM Corporation
1.BigFix fixlet and vulnerability status messages passed to QRadar– Customer value: Actions that occur and vulnerabilities that exists on endpoints can be passed to QRadar for
correlation with other security events. BigFix patch status is relayed to QRadar in a very timely fashion and is stored in the asset database.
2.QRadar (QVM) assigns high-risk vulnerabilities (i.e. those determined via QRM policies) to BigFix for remediation or quarantine; also allows tracking should an exploit occur
– Customer value: Typical BigFix customers don’t have a way to figure out which patches should be assigned high priority. With this integration, high-risk vulnerabilities could be easily assigned to operations personnel as needed. BigFix administrators gain a way to know which patches should be considered for high priority “out of band” patching, and can initiate remediation immediately. This reduces risk of initial exploit, exploit propagation, and improves productivity.
– Typical QRadar customers don’t have a way to isolate vulnerable or compromised devices to limit potential exposures. With this integration, high-risk vulnerabilities could be easily isolated form the network allowing only BigFix communications. QRadar administrators gain a way to immediately react to possible exposures and have BigFix Administrators remediate the vulnerability. This reduces risk of initial exploit, exploit propagation, and improves productivity
Avai
labl
eIBM Qradar and IBM BigFix – Integration Use Cases
3 © 2015 IBM Corporation
Example - BigFix CVE Action Status