Integration of Qualys with HCL BigFix Insights for Vulnerability Remediation
0 likes74 views
The document discusses how HCL BigFix can integrate with Qualys to dramatically reduce the time it takes IT operations teams to remediate vulnerabilities discovered by security teams from weeks to just hours. It does this by automatically correlating vulnerabilities found in Qualys scans with the appropriate patches in BigFix, which IT operations can then quickly deploy to reduce the attack surface. This alignment of security and IT operations teams through automation can compress vulnerability resolution time by up to 96% and help organizations better prevent cyberattacks.
Integration of Qualys with HCL BigFix Insights for Vulnerability Remediation
- 1. HCL BigFix Align security teams using Qualys® with IT operations teams using BigFix and dramatically compress vulnerability resolution time. HCL BigFix Insights for Vulnerability Remediation Integration with Qualys Highlights • Dramatically reduce the gap between Security and IT operations, reducing time required to close discovered vulnerabilities • Automatically correlates vulnerabilities discovered by Qualys with the recommended remediation Fixlets using BigFix supersedence engine • Shrinks attack surfaces and closes the loop between vulnerability detection and remediation • Requires no additional agents or relays and has no impact on the endpoint or network performance Today, it can take days or weeks for IT Operations to remediate vulnerabilities found by IT Security, exposing organizations to potential attacks. As a result, mitigating the risk of cyberattacks continues to top CIO and CISO lists of concerns. Companies who detect vulnerabilities using Qualys® are focused on seeking out vulnerabilities across the organization. IT operations teams using BigFix® systematically find and deploy the right patch for each unique vulnerability identified by Qualys. In many cases, there is a communication gap between these two teams, resulting in excessive manual effort, spreadsheet errors and long windows of vulnerability. In fact, studies show that up to one-third of all detected vulnerabilities remain open after a year, and over one-quarter are never remediated. BigFix Insights for Vulnerability Remediation can reduce the time it takes for IT Operations to remediate vulnerabilities found by IT Security from days or weeks to minutes or hours. BigFix Insights for Vulnerability Remediation automatically correlates vulnerabilities discovered by Qualys with the most appropriate patch and configuration settings enabling organizations to quickly prioritize and deploy remediation actions, reducing the enterprise attack surface. Unlike other solutions. BigFix leverages the broadest set of remediation capabilities, both in terms of supported OS platforms and out of-the-box, certified remediations. BigFix Insights for Vulnerability Remediation is designed specifically for organizations who use BigFix Lifecycle, BigFix Compliance, or BigFix Remediate and who also use Qualys for vulnerability management. BigFix Remediate can resolve vulnerabilities faster... up to 96% faster!
- 2. Speed Remediation of Vulnerabilities - How it works BigFix Insights for Vulnerability Remediation speeds remediation by automating manual processes that are commonly seen in organizations. Automated correlation of vulnerability scan data from Qualys with available Fixlets along with simple, prioritized deployment workflows from BigFix speeds remediation of endpoint vulnerabilities across the enterprise. The operational flow is: 1. A Security Operator performs a scan using Qualys to identify the vulnerabilities across the enterprise. 2. The vulnerabilities or Common Vulnerabilities and Exposures (CVE®) identified by Qualys are automatically correlated with BigFix’s comprehensive patch data using the BigFix Advanced Patch Correlation Engine. The correlation engine: a) Correlating the asset between Qualys and BigFix. b) Correlating the asset vulnerabilities between Qualys and BigFix using CVEs. c) Identifying the BigFix Fixlet that mitigates the discovered vulnerability. 3. After correlation, staff can examine the information and take action. a) Data or Security Analysts can leverage Business Intelligence Reports, drilling down into the details to better understand the vulnerabilities and potential remediations. b) BigFix Operators can leverage the Vulnerability Remediation Dashboard to see vulnerabilities that can be remediated using available BigFix Fixlets, and more importantly, immediately target and deploy remediations. Using this operational workflow, organizations using Qualys can leverage BigFix Insights for Vulnerability Remediation to dramatically reduce the remediation time, manual errors and the attack surface. HCL BigFix hcl-software.com
- 3. A Case Study of BigFix for Insights Vulnerability Remediation Typically, an IT operations or Security specialist will spend 2-3 minutes researching the right remediation for each vulnerability. With potentially hundreds or thousands, that is a lot of time spent. BigFix Insights for Vulnerability Remediation automates this process with the Advanced Patch Correlation Engine which: What does this mean in business terms? An organization with 1,000 running vulnerabilities will spend up to 50 person-hours per assessment cycle researching and correlating available fixes to the correct assets. With BigFix Insights for Vulnerability Remediation, this time can be reduced to less than two hours by automating manual processes and reducing errors and associated rework. That is 96% less effort! IT organization can also quickly implement fixes and effectively prove compliance to auditors and executive stakeholders. With BigFix Insights for Vulnerability Remediation, IT Security and IT Operation teams can collaborate effectively to quickly remediate vulnerabilities discovered in a prioritized manner, providing significant operational and organizational value to the CIO and CISO. BigFix Insights for Vulnerability Remediation delivers signification business value by: • Aligning Security and Operations teams with intelligent automation • Compressing security vulnerability remediation times by an order of magnitude • Implementing fixes and proving compliance to all stakeholders • Reducing enterprise security risk, helping prevent cyberattacks BigFix Insights for Vulnerability Remediation Application The BigFix Insights for Vulnerability Remediation Application for Qualys provides actionable views of the correlated data from Qualys and BigFix. Each view helps IT and Security operators understand the magnitude and severity of the vulnerabilities in different ways to enable effective prioritization of remediation actions. Operators can leverage the interactive visualizations to filter and drill down to more detail associated with the correlated vulnerabilities and devices. Three Granular Views (1) Graphical overview/summary - Comprises three graphs or charts for a high-level visual overview to enable very quick prioritization across multiple contexts. The three graphs are shown in the top half of the image below and depicts: Top 10 Critical Exposures by CVE/Qualys ID - The first chart depicts the top ten critical exposures by either CVE or Qualys ID to help you quickly identify critical vulnerabilities with high exposures that can be remediated by BigFix. Vulnerabilities by Severity - The second chart depicts vulnerabilities with available Fixlets by Qualys severity score or by CVSS. Qualys’s severity score enables prioritization of vulnerabilities and the CVSS (Common Vulnerability Scoring System) is an industry standard for assessing the severity of vulnerabilities. Vulnerabilities by Date Published and Severity - The third chart augments the details provided in the Vulnerabilities by Severity chart. Specifically, this graph adds the date published (i.e. the date the vulnerability record was first added to the CVE List) for the top 10 vulnerabilities (2) Data view - Depicts vulnerabilities with available Fixlets, along with the number of affected devices in a tabular format. The data view provides the ability to search each column for a specific value, filter, or sort the values in column. The data view is shown in the bottom half of the image below. (3) Vulnerability view - From the Data view, select a specific vulnerability to view more detail including vulnerability metadata, available Fixlet content for remediation, applicable devices, and deployment statuses. hcl-software.com
- 4. About HCLSoftware HCLSoftware is a division of HCLTech (HCL) that operates its primary software business. It develops, markets, sells, and supports over 30 product families in the areas of Digital Transformation, Data Analytics & Insights, Al and Automation, and Enterprise Security. HCLSoftware has offices and labs around the world to serve thousands of customers. Its mission is to drive ultimate customer success with their IT investments through relentless innovation of its products. © Copyright 2023 HCL All product names, trademarks and registered trademarks are property of their respective owners hcl-software.com