The Future of BigFix – Should I be Concerned?
By Dan Powers
Did you know IBM acquired BigFix in 2010 from Gateway Computers after deploying it internally? They were so enamored by the efficiency of the platform that they bought it. For the last 9 years, IBM has developed enhancements to the platform, rebranded BigFix to Tivoli Endpoint Manager (TEM), and then to IBM Endpoint Manager (IEM) only to rename it back to BigFix by popular demand. Then, in December 2017, HCL assumed responsibility for BigFix development and support. Why? HCL had used BigFix for client projects since 2003, way before IBM’s purchase in 2010. So, as a BigFix customer and partner, HCL acquiring BigFix is of no concern. In fact, it is exciting! And, they wouldn’t have purchased BigFix at a price of $1.8 Billion (yes with a “B”), if they thought there was no value in it.
What are things we might expect out of HCL? Of course, only time will tell, but let’s look at a few recent (and older) integrations with the platform in terms of endpoint management and security. The first two are not a surprise.
QRadar Integration: Provides the ability to leverage patches to be applied, anti-virus deployment status, compliance status, software installed, processes running, etc. to the SIEM is a powerful augmentation to QRadar.
Resilient Integration: Ability to search for Indicators of Compromise (IOC) in IBM Resilient across all endpoints via BigFix helps quickly identify the scope of any incident. Investigations are enhanced with data from the BigFix agent on all endpoints. And response to any incident can happen quicker by leveraging a playbook from Resilient into BigFix.
Carbon Black Integration: At one point, a rumor about IBM BigFix was that Carbon Black would replace Trend Micro offered in the Protection module (when trend left). Although it didn’t happen, integration between BigFix and Carbon Black did, and the result was enabling BigFix to remediate issues found and identified by Carbon Black.
So, all three integrations above were initiated by IBM, which makes sense, since two were owned by IBM and one was closely related to IBM products. However, when we look at recent additions, they are mostly done at HCL. To me, these are more “open”, in a sense, to 3rd party applications.
Windows Defender Integration: Enabling Windows Defender Core services on the Windows 10, updating Defender signatures from the cloud along with consistent monitoring of Defender status provides tighter integration and value between BigFix and Windows 10 operating system.
More recent additions in the security realm are the following:
It seems the integration strategy under HCL is looking at expanding the ecosystem far beyond other IBM products and making concentrated effort to provide real-time security features within the product and other existing enterprise tool sets.
As we look deeper into the BigFix core platform, we can see a noted uptick for security. For example, let’s look at inventory, which by itself is invaluable to control not only the software installed, but track the usage and compliance in terms of software license: Saving many organizations money from penalties (software audits) but also simply on software/subscriptions that simply where not being utilized. Now along with this data, the inventory system also provides integration with the IBM X-Force for file reputation along with reporting on National Vulnerability Database (NVD) and Common Vulnerabilities and Exposures (CVE) content – providing vulnerability data on existing and running Software throughout your environment!
The Compliance module, which traditionally dealt to harden your endpoints by leveraging Defense Information Systems Agency (DISA), Security Technical Implementation Guide (STIG) and Center for Internet Security (CIS) checklists has also had an increased effort to provide more checklist not just for operating systems but also enterprise applications. Recently, it has integrated the patch module (included with Compliance) into the reporting analytics allowing historical patching and direct integration with 3rd party Vulnerability tools and malware tools.
The new Patch enablement helps bridge the reporting between Patching and Compliance along with integration between tools such as Rapid7/Qualys etc. It also shows a real-time view into your organization and the risk across your devices. Being able to drill down or look at groups of system helps your operations team work closer with the security team to identify and resolve issue quicker by matching CVE data to specific patches to resolve the issue.
As the date gets closer for HCL’s official acquisition of BigFix, it will be extremely interesting where HCL will take the product. Recent additions of Raspbian OS (Raspberry Pie) as a supported endpoint, only adds to BigFix being the only platform that natively supports all devices found in an enterprise environment. Will HCL add support for mobile devices? Add more IoT devices like Raspbian? One of the missing components is mobile devices to make BigFix a true Unified Endpoint Management (UEM). BigFix currently supports more native OS platforms than any other endpoint management solution out there today. So, it makes sense that mobile devices would be the most logical next step. IBM purchased MaaS360 and offered an integration into BigFix but failed to merge the two products into a single management platform. If HCL can do this, with printer and the Raspbian support, BigFix would manage ANY device that exists in our new IoT world, from a single platform.
I have enjoyed BigFix as a product and working with IBM for the last 9 years, IBM provided great value and opportunity to enhance the product. But knowing that HCL has been working with BigFix since 2003 and not hindered by existing mind set and focus IBM has had the last few years. I for one, am extremely excited to see what happens in Q4 of this year, with the release of BigFix Version 10!!