[This post was updated in March 2023.]
HCL is pleased to announce the availability BigFix CyberFOCUS Analytics for BigFix Remediate, BigFix Lifecycle and BigFix Compliance.
What Problems Does BigFix CyberFOCUS Analytics Target?
The BigFix CyberFOCUS Analytics solution is designed to impact big unresolved problems that are the intersection of SecOps, ITOps and the C-Suite.
- The CEO is responsible for managing cyber risk, but how do you do that by making business decisions?
- SecOps is constantly learning about new threats that are targeting the organization, but it’s hard to partner up with ITOps to stop the threats.
- ITOps knows that SecOps has a bunch of priorities, but they can’t easily analyze what’s going on, or track progress, or partner with SecOps.
What Is BigFix CyberFOCUS Analytics?
It is a way to help SecOps and ITOps team up to remediate vulnerabilities more efficiently:
The BigFix CyberFOCUS Analytics solution is a unified set of analytics, built into the BigFix Vulnerability Remediation Solution, that takes BigFix-unique information and data (e.g. whether security patches were applied, if patch content is available), and combines it with threat information so that SecOps and ITOps have a novel way to collaborate and align together when proactively protecting against adversarial threats. It is designed to help SecOps and ITOps to reduce the friction between the two teams by answering questions for threats that are time urgent, based on information that only BigFix knows. For example, the CVE Remediation Simulator in CyberFOCUS Analytics tells you which CVEs have the highest value and LEAST BUSINESS DISRUPTION for the effort in remediating a group of CVEs that are ALL considered “Critical” to patch against a threat. This helps SecOps and ITOps to team up on game plans against adversarial threats.
It is a way to help SecOps and ITOps and the CEO team up to manage cyber risk based on business decisions:
The BigFix CyberFOCUS Analytics solution also helps SecOps and ITOps to work together, empowering them to maintain revenue flow and operational resilience and stay within the cyber risk tolerance for protection defined by the CEO and the Board. It also provides Protection Level Agreements that:
- Links business goals and cyber risk, measuring them based on exploitable vulnerability exposure time.
- Is based on tools and processes that can be controlled by remediation processes and BigFix automation.
- Provides automated high-quality metrics and analysis that can be trended.
What Does BigFix CyberFOCUS Analytics Comprise?
It comprises several new sets of analytics:
- Advanced Persistent Threat CVE Analyzer confirms priority exposures to CVEs known to be used by MITRE ATT&CK Groups based on whether BigFix patched the CVEs; includes the CVE Remediation Simulator to do instant, real-time ‘what if’ analysis of changes in your vulnerability attack surface to prescribe remediations having the most protective power with the least effort; and correlates the BigFix Patch Content needed and the unpatched devices regarding the CVEs in question to provide immediate protection.
- CISA KEVs Exposure Analyzer confirms priority exposures to CVEs in CISA’s Known Exploited Vulnerabilities Catalog based on whether BigFix patched the CVEs, compares your environment to the CISA-directed due dates for the CVEs and your performance against those due dates, provides information on a number of devices exposed and device vulnerability density, and correlates the BigFix Patch Content needed and the unpatched devices regarding the CVEs in question.
- Protection Level Agreement Analyzer confirms performance against measurable cyber risk control points in reducing exploitable vulnerability exposure time that clearly link to business goals.
BigFix CyberFOCUS Analytics also includes capabilities previously delivered as BigFix Insights for Vulnerability Remediation which integrates BigFix with leading vulnerability management sources of vulnerability data to guide BigFix users on how to apply the best patch and configuration settings to remediate discovered vulnerabilities, and thus reduce risk and improve security.
How Do I Get BigFix CyberFOCUS Analytics?
The BigFix CyberFOCUS Analytics solution is available for all customers who have entitlements for BigFix Remediate, BigFix Lifecycle and BigFix Compliance.
How Do I Get More Information?
Learn more by visiting BigFix CyberFOCUS