Threat landscape as threat evolved to typical blended self-mutating bots, traditional endpoint AV approaches became less effective. Evolving IT business models have increased risk to clients and infrastructure - Partnering with other companies for Joint Development projects - Outsourcing of internal network - increased pace of Acquisitions and Divestitures. Tivoli Endpoint Manager built on bigfix technology patch availability typically 3-14+ days patch availability within 24 hours 92% compliance within 5 days (ACPM only) 98% within 24 hours.
Threat landscape as threat evolved to typical blended self-mutating bots, traditional endpoint AV approaches became less effective. Evolving IT business models have increased risk to clients and infrastructure - Partnering with other companies for Joint Development projects - Outsourcing of internal network - increased pace of Acquisitions and Divestitures. Tivoli Endpoint Manager built on bigfix technology patch availability typically 3-14+ days patch availability within 24 hours 92% compliance within 5 days (ACPM only) 98% within 24 hours.
Threat landscape as threat evolved to typical blended self-mutating bots, traditional endpoint AV approaches became less effective. Evolving IT business models have increased risk to clients and infrastructure - Partnering with other companies for Joint Development projects - Outsourcing of internal network - increased pace of Acquisitions and Divestitures. Tivoli Endpoint Manager built on bigfix technology patch availability typically 3-14+ days patch availability within 24 hours 92% compliance within 5 days (ACPM only) 98% within 24 hours.
David P Merrill Threat Landscape As threat evolved to typical blended self-mutating bots, traditional endpoint AV approaches became less effective Nature of most bots seen in current landscape do not lend themselves to signature-based detection methods Malware continues to be a primary security concern for all enterprises - Sensitive data loss, intellectual property, customer data - Login credential loss and subsequent use of enterprise infrastructure for malicious purposes Service availability issues 2 Malware has become a multi-billion dollar business - Malware development has evolved as any software development (Toolkits, portable exploit code, etc) Problem Statement Swimming with Sharks Evolving IT business models have increased risk to clients and infrastructure Partnering with other companies for Joint Development projects Outsourcing of internal network Increased pace of Acquisitions and Divestitures Continued increase in percentage of workers connecting from/working in unprotected infrastructure Number of non-standard endpoints can be a key concern Increased business assets in areas of the world that are increasingly known for malware development. 3 4 5 Tivoli Endpoint Manager, Built on BigFix Technology Patch Management Inventory Asset Management Software Distribution Patch Mgmt Remote control Operating System Deployment Security Configuration Vulnerability Mgmt Patch Mgmt Asset Discovery DSS SCM Client manager for Endpoint Protection Network Self Quarantine Power Management 6 The Shark Cage Without Cage With Cage Patch availability typically 3-14+ days Patch availability within 24 hours 92% compliance within 5 days (ACPM only) 98% within 24 hours EZUpdate sometimes misses application of patches on required machines Detected about 35% of participants missing at least one previous patch Compliance model, completely reliant on user 90% of Windows requirements can be automatically remediated Exceptions at machine level Exceptions at setting level 7 8 BigFix Challenge: Updated Timeline December January February March April May June July Asia BES live Install Americas relays Europe BES live Install Europe relays Install Asia relays Americas BES live Global client code deploy Activate Asia client Activate Americas client Activate Europe client Freeze Freeze Freeze Green = accomplished tasks IBM currently using TEM for Sec Config and Patching across all Windows clients globally, Mac and Linux added in 2H11 >470K clients installed globally 1H 11 : Met challenge from CIO and SWG Execs to complete deployment in 6 months BES = BigFix Enterprise Server Strategic Perspective: Whats next.Things that Matter Endpoint Management Convergence Matters. Why does this matter? Cost Compliance and reporting Enablement of role-based security management Proliferation of tactical mobile security tools and point products Served purpose Ultimately inefficient and complex Consistency across all endpoints Tablets and smartphones are really just computers Same data at risk Extend security standards Roles Configuration policies 11 Questions? Definitions Malware = Malicious Software Endpoint Security Control ISS solution OEMed from BigFix that provides real-time security configuration and patch management (among other capabilties) ITMS = IBM Threat Mitigation Service, includes IPS-based detection PLUS network detection to find traffic flows to known command-and-control servers associated with botnets (AKA ThreatFlow) Bots short for robot, malware that usually consists of multiple components, controlled out a bot herder the owner and controller of a botnet, typically invisible to user, poorly detected by definition- based security tools Botnet a network of bot compromised machines typically used to perform various activities by its owner. Activities include SPAM, click-thru fraud, DDOS Tickets = ManageNow tickets, in the context of this presentation typically used for the disconnection of compromised endpoints 12