HCL SW Blogs
Select Page

By Dan Wolff, Director of BigFix Product Management and Product Marketing.

We have a problem folks. Nearly one-third of all detected enterprise vulnerabilities remain open after a year, and one quarter are never remediated1. This leaves corporate networks exposed to malicious attack from outside or even insider threats.  

The vulnerability remediation gap is a universal challenge.

Why is this happening? Why can’t enterprises effectively address this problem? A few reasons come to mind:  

  • The sheer volume of reported vulnerabilities: Larger organizations can have tens of thousands of active vulnerabilities at any one time. It’s a mountain that is hard to climb.
  • Lack of prioritization schemes: A common way to address the problem is to determine which vulnerabilities are most urgent, and deal with those first. This is easier said than done with limited options available for effective prioritization.
  • Patching can break and disrupt systems: Imagine telling the owners of business critical services that their servers must be taken down to patch. Or that end users need to reboot their systems. Remediation can be disruptive.
  • IT operations (patching) is usually a different team: Security teams using vulnerability scanners usually operate separately from IT Operations, speak a different language and have different goals.
  • Finding the right patch for the right SW on the right endpoint is HARD: The correlation required to align software, OS, location, etc. is not easy and is error prone. 
  • …as well as resource constraints: There are never enough people to carry out business requirements. Period. 

The vulnerability remediation gap can cause catastrophe.

In the summer of 2017, the security team at a top 3 credit rating corporation detected that several unpatched and misconfigured servers had the known Apache Struts vulnerability, which had a live exploit deployed in the wild. Due to lack of prioritized remediation, there was atwo-month gap in applying the patch, resulting in the exposure of 143M customer records (40% of all US citizens). As a result, the entire C-Suite was fired as well as $1.4B in cleanup cost and $1.3B set aside to resolve consumer claims. 

Why is this so hard? 

Typically, a skilled IT Operations or Security specialist will spend at least 2-3 minutes researching the right remediation for each vulnerability. With potentially hundreds or thousands, it can be a full time job.

IVR Blog 1

What does this mean in real terms? An organization with 1,000 running vulnerabilities will spend up to 50 person-hours per scan cycle researching and correlating available fixes to the correct assets.  

On April 6th, HCL BigFix announced Insights for Vulnerability Remediation

The BigFix Insights for Vulnerability Remediation application is included in the BigFix Lifecycle and BigFix Compliance suites. This new technology integrates with Tenable.sc and others to crush the vulnerability remediation gap, align security and operations teams and dramatically reduce the corporate attack surface faster than ever before. 

BigFix Insights for Vulnerability Remediation leverages Tenable’s Vulnerability Priority Rating (VPR) which combines Tenable-collected vulnerability data with third-party vulnerability and threat data and uses proprietary data science algorithms to focus customers on the top 3% of vulnerabilities that are most likely to be exploited in the near future.

BigFix Insights for Vulnerability Remediation automates the vulnerability remediation process with no fewer than four correlation engines which: 

  1. Correlate endpoint ID with the Tenable endpoint ID 
  2. Correlate the found vulnerability to a Fixlet  
  3. Identify and assign the superseded (latest) remediation 
  4. Correlate the BigFix endpoint to the latest Fixlet 

IVR Blog 2

With BigFix Insights for Vulnerability Remediation, the organization with 1,000 vulnerabilities can remediate in less than two hours by automating manual processes and reducing errors and associated rework. Now, this IT organization is able to quickly implement fixes and effectively prove compliance to auditors and executive stakeholders. With BigFix Insights for Vulnerability Remediation, IT Security and IT Operation teams are able to collaborate effectively to quickly remediate vulnerabilities discovered by Tenable, providing significant operational and organizational value to  the CIO and CISO. That value is realized through: 

  • Aligning Security and Operations teams with intelligent automation.
  • Compressing security vulnerability remediation times by an order of magnitude.
  • Reducing enterprise security risk.

And all of this with no additional agent and no performance impact. Better yet, BigFix coveryour entire environment with over 12 operating systems and nearly 90 variations. 

 A final word

Legacy vulnerability management processes are no match for today’s complex IT landscape – which includes cloud, mobile, web, IoT and OT assets. They fail to deliver what is most important: fixing gaps as quickly as you find them. It is time to change the conversation. 

BigFix is here to help! 

For more information

1 Persistent Vulnerabilities, Their Causes and the Path Forward, Tenable Research, June 2020.

Comment wrap
Further Reading
BigFix on Cloud
Automation | February 20, 2023
Accelerate Your Endpoint Management with BigFix on Cloud
As endpoints continue to grow in volume and diversity, managing and securing them has become more complex and time-consuming.
Oracle Increases Prices for Java
Automation | February 8, 2023
Oracle Increases Prices for Java – Look to BigFix for a Solution
To help our customers navigate this Oracle change, BigFix Inventory can identify which machines have Oracle Java to avoid unexpected license compliance issues.
Large-scale Ransomware Campaign
Automation | February 8, 2023
Large-Scale Ransomware Campaign Exploits a Two-Year-Old VMware Vulnerability
The attack campaigns appear to be exploiting CVE-2021-21974 for which a patch has been available since February 23, 2021. Systems running ESXi versions 7.0, 6.7 and 6.5 are currently being targeted and pose the greatest threat.
Filters result by