By Dan Wolff, Director of BigFix Product Management and Product Marketing.

We have a problem folks. Nearly one-third of all detected enterprise vulnerabilities remain open after a year, and one quarter are never remediated1. This leaves corporate networks exposed to malicious attack from outside or even insider threats.  

The vulnerability remediation gap is a universal challenge.

Why is this happening? Why can’t enterprises effectively address this problem? A few reasons come to mind:  

  • The sheer volume of reported vulnerabilities: Larger organizations can have tens of thousands of active vulnerabilities at any one time. It’s a mountain that is hard to climb.
  • Lack of prioritization schemes: A common way to address the problem is to determine which vulnerabilities are most urgent, and deal with those first. This is easier said than done with limited options available for effective prioritization.
  • Patching can break and disrupt systems: Imagine telling the owners of business critical services that their servers must be taken down to patch. Or that end users need to reboot their systems. Remediation can be disruptive.
  • IT operations (patching) is usually a different team: Security teams using vulnerability scanners usually operate separately from IT Operations, speak a different language and have different goals.
  • Finding the right patch for the right SW on the right endpoint is HARD: The correlation required to align software, OS, location, etc. is not easy and is error prone. 
  • …as well as resource constraints: There are never enough people to carry out business requirements. Period. 

The vulnerability remediation gap can cause catastrophe.

In the summer of 2017, the security team at a top 3 credit rating corporation detected that several unpatched and misconfigured servers had the known Apache Struts vulnerability, which had a live exploit deployed in the wild. Due to lack of prioritized remediation, there was atwo-month gap in applying the patch, resulting in the exposure of 143M customer records (40% of all US citizens). As a result, the entire C-Suite was fired as well as $1.4B in cleanup cost and $1.3B set aside to resolve consumer claims. 

Why is this so hard? 

Typically, a skilled IT Operations or Security specialist will spend at least 2-3 minutes researching the right remediation for each vulnerability. With potentially hundreds or thousands, it can be a full time job.

What does this mean in real terms? An organization with 1,000 running vulnerabilities will spend up to 50 person-hours per scan cycle researching and correlating available fixes to the correct assets.  

On April 6th, HCL BigFix announced Insights for Vulnerability Remediation

The BigFix Insights for Vulnerability Remediation application is included in the BigFix Lifecycle and BigFix Compliance suites. This new technology integrates with and others to crush the vulnerability remediation gap, align security and operations teams and dramatically reduce the corporate attack surface faster than ever before. 

BigFix Insights for Vulnerability Remediation leverages Tenable’s Vulnerability Priority Rating (VPR) which combines Tenable-collected vulnerability data with third-party vulnerability and threat data and uses proprietary data science algorithms to focus customers on the top 3% of vulnerabilities that are most likely to be exploited in the near future.

BigFix Insights for Vulnerability Remediation automates the vulnerability remediation process with no fewer than four correlation engines which: 

  1. Correlate endpoint ID with the Tenable endpoint ID 
  2. Correlate the found vulnerability to a Fixlet  
  3. Identify and assign the superseded (latest) remediation 
  4. Correlate the BigFix endpoint to the latest Fixlet 

With BigFix Insights for Vulnerability Remediation, the organization with 1,000 vulnerabilities can remediate in less than two hours by automating manual processes and reducing errors and associated rework. Now, this IT organization is able to quickly implement fixes and effectively prove compliance to auditors and executive stakeholders. With BigFix Insights for Vulnerability Remediation, IT Security and IT Operation teams are able to collaborate effectively to quickly remediate vulnerabilities discovered by Tenable, providing significant operational and organizational value to  the CIO and CISO. That value is realized through: 

  • Aligning Security and Operations teams with intelligent automation.
  • Compressing security vulnerability remediation times by an order of magnitude.
  • Reducing enterprise security risk.

And all of this with no additional agent and no performance impact. Better yet, BigFix coveryour entire environment with over 12 operating systems and nearly 90 variations. 

 A final word

Legacy vulnerability management processes are no match for today’s complex IT landscape – which includes cloud, mobile, web, IoT and OT assets. They fail to deliver what is most important: fixing gaps as quickly as you find them. It is time to change the conversation. 

BigFix is here to help! 

For more information

1 Persistent Vulnerabilities, Their Causes and the Path Forward, Tenable Research, June 2020.

Comment wrap
Further Reading
Automation | September 3, 2021
Remediate Vulnerabilities for Remote Workers with Tenable and HCL BigFix 
BigFix Insights for Vulnerability Remediation for Tenable is an integration solution that  reaches beyond the company’s firewall to scan laptops of employees who are working from home and connected to the internet via Tenable Agents.
Automation | August 31, 2021
BigFix Mobile gets a 3rd Android Enterprise certification from Google!
BigFix Mobile is now one of only 48 solutions that are certified to support three Android Enterprise management sets: Work Profile Management, Full Device Management and Dedicated Device Management.
Automation | August 27, 2021
Automate BigFix endpoints with Python
With BigFix, developers have the freedom to choose whatever approach they like for automation, including Python, PowerShell, Perl, Javascript or other scripting languages.