BigFix-HCL BigFix CyberFOCUS Analytics Head banner

BigFix CyberFOCUS Analytics: Streamline Vulnerability Remediation for Effective Cyber Risk Reduction

BigFix-Streamline Vulnerability Remediation for Effective Cyber Risk Reduction

video 2:43

HCL BigFix CyberFOCUS Analytics

BigFix CyberFOCUS Analytics: Streamline Vulnerability Remediation for Effective Cyber Risk Reduction

HCL BigFix CyberFOCUS Security Analytics is a new feature capability designed to help IT Operations team discover, prioritize, and patch critical vulnerabilities and reduce cybersecurity risk in real time by utilizing advanced security analytics tools.

Unlike siloed processes based on disparate teams and tools, HCL BigFix delivers a single, integrated solution that eliminates the inefficiencies in passing data from multiple tools to the different teams who are responsible for enterprise security.

HCL BigFix CyberFOCUS Security Analytics is included with HCL BigFix Lifecycle, HCL BigFix Compliance, and HCL BigFix Remediate. By leveraging endpoint information that only HCL BigFix knows, HCL BigFix CyberFOCUS Security Analytics provides the ability to simulate vulnerability remediations, suggest the most impactful remediations to execute, define and manage Protection Level Agreements (PLAs), and analyze CISA Known Exploited Vulnerability exposures.

Advanced Persistent Threat Mapping and Vulnerability Remediation Simulator


The Vulnerability Remediation Simulator displays the vulnerabilities present in your environment, grouped by today’s more critical Advanced Persistent Threat (APT) families. This is important since 78% of companies experience downtime as a result of an APT attack (1). It simulates the impact of patching and remediations on the attack surface. As an example, the before and after reports shown below simulate how remediating CVE-2021-28655 will affect the APT exposure across the organization.

In the latest release of HCL BigFix CyberFOCUS Security Analytics, prescriptive remediations are provided by the Vulnerability Remediation Simulator to help administrators quickly know what remediations will reduce the overall APT exposure and improve the organization's security posture the most. Prescriptive remediations provide HCL BigFix administrators with new, intelligent expertise that improves their ability to quickly reduce security risk and threat exposure.

BigFix-Simulated Exposure AFTER remediation

Simulated Exposure AFTER remediation


(1) https://purplesec.us/resources/cyber-security-statistics/#APTs

HCL BigFix Insights for Vulnerability Remediation


Organizations using industry-leading vulnerability scanners can boost their effectiveness at managing vulnerabilities and enhance security monitoring by integrating with HCL BigFix. HCL BigFix Insights for Vulnerability Remediation enables IT and Security Operations to improve the organization’s security posture by significantly compressing the time between the discovery and remediation of vulnerabilities.


The report below shows vulnerabilities discovered by Tenable or Qualys together with the associated vulnerability attributes. It also shows four vulnerabilities are selected for remediation.

BigFix-vulnerabilities discovered

The report below shows the correlated HCL BigFix content (fixes) that will remediate the discovered vulnerabilities. It also shows that two fixes have been selected to be deployed.

BigFix-discovered vulnerabilities



HCL BigFix CISA Known Exploited Vulnerability Exposure Analyzer


Another innovation is the HCL BigFix CISA Known Exploited Vulnerability Exposure Analyzer, which maps your vulnerabilities to the constantly updated CISA Known Exploited Vulnerabilities list which defines the most critical threats in the world.
Using the CISA Known Exploited Vulnerability Exposure Analyzer, IT Operations can identify the most urgent and significant security gaps while also ascertaining which assets have the highest exposure across multiple dimensions including time. Using the report below, the largest circle represents the highest exposure (across multiple dimensions including time) which has not been remediated by the CISA-specified due date.


BigFix-HCL BigFix CISA Known Exploited Vulnerability Exposure Analyzer

In report below, that critical vulnerability has been remediated and no longer appears on the graph.


BigFix-CISA KEV report

Access to the CISA KEV report and the detection and remediation content requires the Known Exploited Vulnerabilities Content Pack Add On.

Initiative Report


The new HCL BigFix CyberFOCUS Initiative Report provides advanced capabilities to analyze the attack surface against a group of vulnerabilities (CVEs) within your environment. It provides the required flexibility to select a custom list of CVEs and combination of computer groups for an accurate, in-depth analysis of the security compliance of critical part of the IT environment, while continuously monitoring the progress of vulnerability mitigation efforts. This report provides valuable insights to improve your vulnerability management strategy, allowing for easier collaboration, coordination, and remediation for a more intelligently secure environment.


Initiative Report

An initiative is a collection of CVEs that make up a vulnerability mitigation or patching campaign. An initiative allows organizations to measure vulnerability exposures across a set of CVEs you provide, or it will use one of the built-in initiatives. A super group is a collection of computer groups taken from your HCL BigFix environment. Computer groups within the super group can be given an alias for easy readability in the report and the same computer group can be used in multiple super groups.


Initiative Report 1

The CyberFOCUS Initiative Report is a powerful and versatile tool that can help organizations of all sizes improve their cybersecurity posture. By providing clear and concise insights into vulnerability exposure, remediation progress, and team performance, the Initiative Report enables IT admins to make informed decisions, streamline operations and reduce risk.

Define and Manage your Protection Level Agreements (PLAs)


HCL BigFix CyberFOCUS Security Analytics introduces a new concept we call the Protection Level Agreement (PLA). A PLA is set of baselines that combine asset criticality, CVE criticality, desired patch levels, and compliance standards, and event management against agreed-to organizational service levels.

In the report below, Protection Level Agreements has been defined for 10 critical areas. The dots indicate the patch performance targets defined and agreed to by IT and business stakeholders. The bars on the chart show actual patch performance, and in this example, some targets are being met (grey bars in the image below) while others are exceeding the agreed-to targets (purple bars in the image below) providing a clear view to business stakeholders into performance against goals.



BigFix-Protection Level Agreements

Summary

With HCL BigFix CyberFOCUS Security Analytics software, IT and Security Operations have a set of powerful tools that enables them to align their efforts to remediate vulnerabilities fast. IT Operations can, for the first time, simulate the business impact of remediation actions to focus on the highest exposure threats; Security Operations using leading vulnerability management tools supercharge their effectiveness by more quickly correlating discovered vulnerabilities with available remediations; and IT Operations can also take a more active role in Enterprise Security by defining and measuring their performance to agreed-to business objectives. HCL BigFix CyberFOCUS Security Analytics supercharges vulnerability management and reduces cyber risk.


Benefits

BigFix-Improve Endpoint Security

Improve Endpoint Security

HCL BigFix can help IT and Security Ops discover, prioritize, and remediate vulnerabilities fast, effectively reducing the attack surface and mitigating insider threats.

BigFix-Speed Remediation

Speed Remediation

Remediating vulnerabilities quicky is of paramount importance, especially when confronted with zero-day vulnerabilities.

BigFix-Integrate with Leading Vulnerability Scanners

Integrate with Leading Vulnerability Scanners

By integrating with Tenable and Qualys, HCL BigFix helps you compress the time between vulnerability discovery and remediation.

BigFix-Leverage Threat Information

Leverage Threat Information

By leveraging threat intelligence feeds from various sources, along with the ATTACK knowledge base and known exploited vulnerabilities published by CISA, organizations more aggressively reduce vectors of attack.

BigFix-Simulate the Impact of Remediations

Simulate the Impact of Remediations

Simulate the impact of remediating specific vulnerabilities on the enterprise attack surface using entity behavior analytics to minimize associated business disruptions and mitigate the greatest security threats.

BigFix-Measure Performance Against Goals

Measure Performance Against Goals

Use Protection Level Agreements to measure remediation and patching efforts against agree-to targets defined by business stakeholders and IT Operations.