endpoint security management thumbnail

video 2:43

HCL BigFix CyberFOCUS Analytics

HCL BigFix CyberFOCUS Security Analytics is a new feature capability designed to help IT Operations team discover, prioritize, and patch critical vulnerabilities and reduce cybersecurity risk in real time.

Unlike siloed processes based on disparate teams and tools, HCL BigFix delivers a single, integrated solution that eliminates the inefficiencies in passing data from multiple tools to the different teams who are responsible for enterprise security.

HCL BigFix CyberFOCUS Security Analytics is included with HCL BigFix Lifecycle, HCL BigFix Compliance, and HCL BigFix Remediate. By leveraging endpoint information that only HCL BigFix knows, HCL BigFix CyberFOCUS Security Analytics provides the ability to simulate vulnerability remediations, suggest the most impactful remediations to execute, define and manage Protection Level Agreements (PLAs), and analyze CISA Known Exploited Vulnerability exposures.

Advanced Persistent Threat Mapping and Vulnerability Remediation Simulator


The Vulnerability Remediation Simulator displays the vulnerabilities present in your environment, grouped by today’s more critical Advanced Persistent Threat (APT) families. This is important since 78% of companies experience downtime as a result of an APT attack (1). It simulates the impact of patching and remediations on the attack surface. As an example, the before and after reports shown below simulate how remediating CVE-2021-28655 will affect the APT exposure across the organization.

In the latest release of HCL BigFix CyberFocus Security Analytics, prescriptive remediations are provided by the Vulnerability Remediation Simulator to help administrators quickly know what remediations will reduce the overall APT exposure and improve the organization's security posture the most. Prescriptive remediations provide HCL BigFix administrators with new, intelligent expertise that improves their ability to quickly reduce security risk and threat exposure.

Simulated Exposure AFTER remediation

Simulated Exposure AFTER remediation


(1) https://purplesec.us/resources/cyber-security-statistics/#APTs

HCL BigFix Insights for Vulnerability Remediation


Organizations using industry-leading vulnerability scanners can boost their effectiveness at managing vulnerabilities by integrating with HCL BigFix. HCL BigFix Insights for Vulnerability Remediation enables IT and Security Operations to improve the organization’s security posture by significantly compressing the time between the discovery and remediation of vulnerabilities.


The report below shows vulnerabilities discovered by Tenable or Qualys together with the associated vulnerability attributes. It also shows four vulnerabilities are selected for remediation.

vulnerabilities discovered

The report below shows the correlated HCL BigFix content (fixes) that will remediate the discovered vulnerabilities. It also shows that two fixes have been selected to be deployed.

Vulnerability Remediation



HCL BigFix CISA Known Exploited Vulnerability Exposure Analyzer


Another innovation is the HCL BigFix CISA Known Exploited Vulnerability Exposure Analyzer, which maps your vulnerabilities to the constantly updated CISA Known Exploited Vulnerabilities list which defines the most critical threats in the world.
Using the CISA Known Exploited Vulnerability Exposure Analyzer, IT Operations can identify the most urgent and significant security gaps while also ascertaining which assets have the highest exposure across multiple dimensions including time. Using the report below, the largest circle represents the highest exposure (across multiple dimensions including time) which has not been remediated by the CISA-specified due date.


CISA-KEV-Left

In report below, that critical vulnerability has been remediated and no longer appears on the graph.


CISA-KEV-Right

Access to the CISA KEV report and the detection and remediation content requires the Known Exploited Vulnerabilities Content Pack Add On.

Define and Manage your Protection Level Agreements (PLAs)


HCL BigFix CyberFOCUS Security Analytics introduces a new concept we call the Protection Level Agreement (PLA). A PLA is set of baselines that combine asset criticality, CVE criticality, desired patch levels, and compliance standards against agreed-to organizational service levels.

In the report below, Protection Level Agreements has been defined for 10 critical areas. The dots indicate the patch performance targets defined and agreed to by IT and business stakeholders. The bars on the chart show actual patch performance, and in this example, some targets are being met (grey bars in the image below) while others are exceeding the agreed-to targets (purple bars in the image below) providing a clear view to business stakeholders into performance against goals.



PLA Report

Summary

With HCL BigFix CyberFOCUS Security Analytics, IT and Security Operations have a set of powerful tools that enables them to align their efforts to remediate vulnerabilities fast. IT Operations can, for the first time, simulate the business impact of remediation actions to focus on the highest exposure threats; Security Operations using leading vulnerability management tools supercharge their effectiveness by more quickly correlating discovered vulnerabilities with available remediations; and IT Operations can also take a more active role in Enterprise Security by defining and measuring their performance to agreed-to business objectives. HCL BigFix CyberFOCUS Security Analytics supercharges vulnerability management and reduces cyber risk.


Benefits

Improve Endpoint Security

HCL BigFix can help IT and Security Ops discover, prioritize and remediate vulnerabilities fast, effectively reducing the attack surface.

Speed Remediation

Remediating vulnerabilities quicky is of paramount importance, especially when confronted with zero-day vulnerabilities.

Integrate with Leading Vulnerability Scanners

By integrating with Tenable and Qualys, HCL BigFix helps you compress the time between vulnerability discovery and remediation.

Leverage Threat Information

By leveraging the ATTACK knowledge base and known exploited vulnerabilities published by CISA, organizations more aggressively reduce vectors of attack.

Simulate the Impact of Remediations

Simulate the impact of remediating specific vulnerabilities on the enterprise attack surface to minimize associated business disruptions and mitigate the greatest security threats.

Measure Performance Against Goals

Use Protection Level Agreements to measure remediation and patching efforts against agree-to targets defined by business stakeholders and IT Operations.