Products

INTRODUCTION TO HCL BIGFIX ENDPOINT MANAGEMENT SOLUTION

1. Current challenges

Managing endpoint devices is currently a major challenge for many organizations and enterprises. Collecting information about the number of devices, operating systems, and their security status often takes a lot of time and effort, with many questions being raised such as:

• How many workstations, servers, and mobile devices do we have?
• Which operating system versions are running on those devices?
• Have they been updated with patches?

With traditional approaches, it takes days to weeks to answer the above questions, yet the answers are often incomplete and not entirely accurate. At the same time, this cannot meet the stringent requirements from board members and supply chain partners who clearly understand the business risks and costs of disruption and data loss when critical patches are not identified and remediated in a timely manner.

Typically in 2021, the exploit code for the vulnerability in Apache Log4j was widely published on the Internet and the Log4J-related vulnerability caused a major security crisis not only in Vietnam but also globally and the damage it caused was incalculable. Statistics showed that more than half of organizations and enterprises globally were probed by hackers, and more than 60 Log4J exploit variants were created within 24 hours. Most popular vendors such as Microsoft, Cisco, VMware,... confirmed their products were affected by the Log4J vulnerability. This vulnerability allowed hackers to easily gain remote control of attacked systems. Therefore, the need for a solution capable of automatically discovering, mitigating and remediating security vulnerabilities in a timely manner for applications on all endpoint devices, servers, clouds and user devices, at a large scale is extremely essential.

Comprehensive process for endpoint vulnerability management

2. Introduction to Endpoint Management Platform

Today, as many organizations and enterprises are gradually losing control with the increasing emergence of new Endpoint devices such as servers, workstations, applications, and mobile devices,… IT security teams face many difficulties in keeping up with configuration, patch updates, and ensuring compliance for new devices when they are onboarded into the system. This increases the risk of attacks due to vulnerabilities on systems that have not been patched or are misconfigured. Therefore, timely updates are crucial to stay ahead of attackers, and building an effective device management strategy and process will help organizations protect their infrastructure.

Endpoint management solution is one of the most effective solutions to protect endpoint devices and manage critical business assets. Endpoint Management follows these principles:

• Provide comprehensive visibility
• Easy administration
• Maintain continuous compliance
• Provide measures and mechanisms to manage roaming devices
• Scale and integrate with existing infrastructure
• Provide a single management interface to manage the entire endpoint infrastructure

3. Introduction to HCL BigFix

HCL BigFix is a centralized platform providing real-time visibility, scalability, and continuous endpoint policy enforcement. The HCL BigFix platform enables customers to discover and track endpoint software license inventory, manage device lifecycle, and continuously monitor and ensure managed devices comply with enterprise security policies and industry regulations automatically.

HCL BigFix provides customers with processing and remediation of vulnerabilities across the entire customer infrastructure with hundreds of thousands of automated fixlets for patching security vulnerabilities in the customer environment. HCL BigFix includes the following main functional modules:

• User Workspace Management – A platform for managing workstations, laptops and mobile devices with high automation capabilities to remediate security vulnerabilities and minimize risk immediately, helping organizations and enterprises build the most effective patching strategies against CVEs used by MITRE APT.
• Secure Infrastructure Automation – supports IT departments in securing and managing all customer assets. BigFix operates across all environments including on-prem, virtualized or cloud, with BigFix's automation mechanisms helping customers maintain compliance continuously.
• Software Asset Management – A tool that helps customers significantly reduce the time required to conduct comprehensive software asset inventory for license reconciliation or compliance purposes. Provides valuable detailed information about:
  • What does the organization currently own?
  • What the organization has installed but does not own
  • Software usage frequency
• CyberFOCUS Security Management - HCL BigFix CyberFOCUS Security Analytics is a new feature designed to help IT Operations teams detect, prioritize and patch critical vulnerabilities as well as reduce cybersecurity risks in real time. By leveraging information collected on endpoints, HCL BigFix CyberFOCUS Security Analytics enables customers to simulate security vulnerability remediation measures, recommend the most impactful remediation measures for implementation, identify and manage Protection Level Agreements (PLAs) as well as analyze exposure to known exploited vulnerabilities from CISA

3. Solution features

3.1 HCL BigFix Inventory

BigFix® Inventory is a comprehensive solution that helps customers significantly reduce the time required to perform comprehensive software asset inventory. BigFix Inventory provides useful features for managing environments including both physical and virtualized. It helps customers discover software installed in their infrastructure, provides analytics on consumption data, and allows customers to generate reports.

• Hardware – BigFix Inventory displays detailed hardware information integrated with third-party applications
• Software discovery and identification - BigFix Inventory scans customer infrastructure to identify software installed on monitored computers. Furthermore, BigFix Inventory can extend discovery capabilities by allowing customers to create custom signatures to help manage software that BigFix has missed or not yet discovered
• Monitor software usage levels - BigFix Inventory leverages the capabilities of the BigFix platform to display statistical data on software usage. Furthermore, BigFix has the ability to calculate license usage of enterprise software licenses

3.2. HCL BigFix Compliance

HCL BigFix Compliance is an effective solution that helps customers protect endpoints and maintain continuous compliance with security standards while maintaining minimal impact on endpoint device operations. It not only helps improve labor productivity and enhance user experience but also provides valuable assistance to customers in enforcing compliance policies to minimize security risks and strengthen system audit capabilities.

HCL BigFix Compliance is a rapidly deployable, easy-to-operate solution that supports diverse environments from servers, desktop PCs, internet-connected mobile devices, virtualized servers, cloud-based systems, to specialized devices such as point-of-sale terminals, ATMs, and self-service kiosks. With built-in AI Agent  enhancing effectiveness in ensuring compliance with automated audit cycles, what previously took days or weeks can now be accomplished in minutes with AI Agent.

3.2.1. Security configuration management

BigFix Compliance with security configuration management tools helps organizations and customers maintain continuous compliance with industry standards using checklists and a set of configuration checks related to multiple security standards and guidelines such as CIS, DISA STIG, FDCC, USGCB and PCI DSS 4.0. Furthermore, with BigFix Compliance customers can easily create custom checklists through over 35,000 out of box checks based on cybersecurity best practices. After checklists are applied to endpoint machines, BigFix can continuously assess and update endpoint security status, helping organizations and customers quickly identify remediation as soon as configuration vulnerabilities appear.

3.2.2.    Security analysis with CyberFOCUS

BigFix CyberFOCUS Analytics is a tool that enables organizations and businesses to continuously search for cybersecurity threats and proactively prevent them. Leverage the latest intelligence sources (MITRE, NSA and CISA) to develop asset risk analysis.

• CyberFOCUS Analytics identifies and tracks specific security vulnerabilities related to threats from Advanced Persistent Threats (APT) groups and simulates vulnerability remediation measures, categorizes security vulnerabilities by APT groups, where customers can simulate the impact of these vulnerabilities on their attack surface while minimizing potential downtime during the patching process.

• BigFix CISA KEV Exposure Analyzer is a tool integrated into HCL's BigFix platform to analyze and assess the system's exposure level to known and exploited security vulnerabilities listed in CISA's Known Exploited Vulnerabilities Catalog. This tool helps customers understand and manage cybersecurity risks by providing detailed information about the number of exposed devices, vulnerability density, and security gaps that need to be addressed. It also compares the organization's environment against CISA-directed due dates (deadlines designated for remediating specific security vulnerabilities listed in CISA's Known Exploited Vulnerabilities Catalog) and evaluates the organization's performance against CISA-directed due dates.

• BigFix CyberFOCUS Security Analytics introduces a new concept called Protection Level Agreements. This is a set of fundamental standards combining asset criticality, CVE (Common Vulnerabilities and Exposures) severity, desired patching level and compliance standards defined based on service levels agreed upon by business and IT Operation stakeholders. The Protection Level Agreement report shows defined objectives and achieved performance against those objectives.

3.2.3. Isolate non-compliant endpoints

Most customers need strict control over how endpoints can access the enterprise internal network. BigFix Compliance can isolate endpoints based on status or configuration against a pre-established and customized policy. If an endpoint is detected as non-compliant, BigFix Compliance can place that endpoint in quarantine until it complies. A quarantined endpoint can still be managed by BigFix for remediation, but all other network access is disabled.

This process ensures that endpoints with multiple unsafe or non-compliant risks cannot access the enterprise network and minimizes security risks for the organization and enterprise, while still allowing administrators to perform necessary interventions and remediation measures to address endpoint issues and restore them to a compliant state.

3.2.4. Compliance analysis

The compliance status of all endpoints against deployed policies will be continuously collected, aggregated, and reported. Built-in reports display current status and trends to provide comprehensive analysis for Security, IT Operations, and Compliance teams. With BigFix's compliance analysis and assessment capabilities, customers can track their compliance maintenance effectiveness and quickly identify exposures and security risks. BigFix provides the following report types:

• Security configuration reports -  display current status and historic trend on each endpoint, checklists, and check.
• Patch reporting  - provides comprehensive view and history of patching activities and patch compliance across all endpoints managed by BigFix. Patch reporting also tracks the time each patch is released and applied to each endpoint to help organizations demonstrate compliance maintenance.
• Vulnerability reporting - focused on endpoint monitoring and reporting's vulnerability posture is the result of patching actions. This allows organizations to identify risks and demonstrate compliance.

These reports are important tools that help organizations not only monitor and continuously improve their cybersecurity posture but also ensure compliance with legal and industry requirements.

3.3. BigFix Lifecycle

HCL BigFix Lifecycle is an effective tool that helps customers easily find and resolve issues within minutes across all endpoints. With the ability to discover, secure and manage hundreds of thousands of endpoints and support over 100 different operating system versions including desktops/laptops/mobile/server/VMs/IoT devices

3.3.1. Software Distribution

For organizations and enterprises facing challenges in remotely installing and distributing software to endpoint devices due to high-latency and low-bandwidth networks, poor visibility into distributed assets, and the need to support roaming devices.

With HCL BigFix architecture, organizations and enterprises can improve software distribution processes from a single control point. HCL BigFix architecture allows IT teams to control bandwidth so software packages can be delivered without impacting network performance and depending on network size and speed.

Some significant cost-saving and time-saving features of BigFix Software Distribution include:

• Dynamic and policy-based bandwidth control to push large files through distribution networks without affecting enterprise bandwidth.
• Support for roaming endpoints with pre-caching relay infrastructure.
• Intelligent software distribution based on endpoint characteristics.
• Software distribution wizards và user self-provisioning
• Low-cost scalability with minimal infrastructure requirements.

3.3.2. Operating system deployment

BigFix Bare Metal Server, part of the Lifecycle Management toolkit, provides a comprehensive, holistic solution for rapidly deploying new workstations and servers on the network from a single centralized location. This solution helps customers not only save time and money, but also promotes a standardized, approved OS installation process and reduces risks associated with non-compliant or insecure configurations.

3.3.3 Remote Desktop Control

BigFix Remote Desktop Control is a feature or software integrated into HCL's BigFix system, allowing administrators to control and support remote computers, including desktops, laptops, and servers running on Windows, Linux, and macOS operating systems when they receive support requests from users.

This feature allows administrators to manage and repair systems efficiently, helping to reduce the large workload for the technical support department and improve work performance. Administrators can use features such as remote diagnostics, chat function with users, and file transfer to help resolve issues related to servers and personal computers. This feature helps customers save time and money by resolving issues quickly remotely via Internet connections instead of onsite to handle issues.

3.3.4. Server Automation

BigFix Server Automation is a feature or software in HCL's BigFix system, designed to automate workflows related to managing and deploying servers in the corporate network.

With BigFix Server Automation, administrators can automate operating system deployment, server configuration, software installation and updates, and perform other server management tasks. This helps reduce the time and effort required for server management and ensures system consistency and security.

Some important features of BigFix Server Automation include:

• Automated operating system deployment: Enables automation of operating system deployment to new or existing servers in the network.
• Server configuration management: Allows automatic management and maintenance of server configurations, ensuring consistency and security of servers.
• Software update and management: Automate the installation and update process of software on servers, helping to ensure that servers are always updated with the latest and most secure software versions.
• Remote server management: Allows administrators to manage and control remote servers, even when they are not operating on the same network.

3.3.5. Power Management

BigFix Power Management is designed to manage and monitor power saving policies on computers in customer infrastructure.

This feature allows organizations and enterprises to manage and apply established energy-saving policies using online dashboards, guides, and reports. Some features of BigFix Power Management include:

• Monitor and report on computer energy usage, including energy consumption measurement, energy saving potential, and carbon emissions.
• Provide energy-saving strategies by using power profiles, customizable office hours settings and weekend time settings.
• Provides advanced Wake-on-LAN features including functions such as Last Man Standing, Wake-on-LAN Medic and recurring wake schedules.
• Support detection and prevention of PC Insomnia to ensure computers do not consume unnecessary power when not in use.

BigFix Power Management helps organizations save energy and effectively reduce their environmental impact, while providing the necessary information to monitor and manage energy usage across the entire computer network.

3.4.BigFix Remediate

BigFix Remediate is designed to help organizations automate the vulnerability patching process and improve system security through automation capabilities.

This feature provides the following capabilities:

• Automate vulnerability patch deployment: BigFix Remediate automates the deployment of vulnerability patches for all devices in the customer's infrastructure, helping ensure that computers and servers are protected from security vulnerabilities. Ensures that each endpoint receives appropriate patches based on specific configuration, operating system and other related factors. This approach helps minimize the risk of compatibility issues and ensures that the patching process is effective while improving the organization's overall security posture.
• Manage vulnerability patching procedures and processes: BigFix Remediate provides tools and features to automatically manage and deploy vulnerability patching processes and procedures, helping reduce the time and effort required for patch deployment. Optimizing the remediation process helps reduce patch deployment time from weeks to just a few hours.
• Reporting and analysis: BigFix Remediate provides tools and features to monitor and analyze the status and performance of vulnerability patching processes, helping organizations better understand security issues and adjust security measures effectively.

3.5. BigFix Runbook AI

HCL BigFix Runbook AI is an extension of the BigFix platform, developed by HCL Technologies. Runbook AI delivers automated management and troubleshooting capabilities on endpoint devices through artificial intelligence (AI) and machine learning ML

With BigFix Runbook AI, IT teams can create and automate runbook workflows based on rules, predefined scenarios and standard actions. This tool enhances response capabilities and reduces incident resolution time, thereby increasing efficiency and minimizing security risks for endpoint systems.

BigFix Runbook AI uses artificial intelligence to automatically analyze, detect and respond to security incidents and system management. It also provides reports and analytics to improve performance and responsiveness in endpoint device management. This helps optimize IT team workflows and enhance automation in managing and protecting the organization's endpoint systems.

3.6.BigFix AEX

BigFix AEX is an AI virtual assistant platform capable of self-learning and adapting to user requirements through intelligent interactions by leveraging Natural Language Processing and Machine Learning. Users can use AEX to perform:

• Self Service – Allows users to receive answers to questions and resolve issues without contacting the IT helpdesk
• Natural Language Processing (NLP) and Machine Learning (ML) technologies help simulate human interactions, learn and adapt to user needs through intelligent conversations.
• Provides dozens of built-in integrations with enterprise applications such as chat, email and other typical IT solutions like ServiceNow and Microsoft Teams

4. Deployment Model

BigFix is a platform that enables management of over 250,000 physical and virtualized devices across private and public networks including servers, desktops, roaming devices such as laptops, phones, POS machines, ATMs and self-service kiosks. This platform supports Windows, Unix, Linux and MacOS including the following components:

• A single intelligent agent – An agent installed on computers that need to be managed and occupies very limited resources (under 10MB RAM). It helps continuously assess the endpoint's status against configured policies and can operate without requiring network connectivity.
• A single console – BigFix provides a single management interface to manage all Bigfix applications.
• Server – Manages all policy-based content and allows operators to monitor in real-time and control all devices in the environment
• Relay Server – A component that helps manage distributed devices and policy content; instead of client machines directly accessing the server, relay servers can be used to reduce server load, and relay servers can connect to other relay servers to increase performance
• Web Reports – used to aggregate information to build reports

4.1. Hardware requirements for Server on Windows

4.2. Hardware requirements for Server on Linux

4.3. Hardware requirements for the Client

  Sonic Technology Solutions Joint Stock Company – Official distributor of HCLSoftware security solutions in the Vietnamese market.