HCL SW Blogs
Select Page

HCL is pleased to announce the availability of the preview of BigFix CyberFOCUS Analytics 1.0 for BigFix Remediate, BigFix Lifecycle and BigFix Compliance.  

What Problems Does BigFix CyberFOCUS Analytics Target?  

The BigFix CyberFOCUS Analytics solution is designed to impact big unresolved problems that are the intersection of SecOps, ITOps and the C-Suite.  

  • The CEO is responsible for managing cyber risk, but how do you do that by making business decisions?  
  • SecOps is constantly learning about new threats that are targeting the organization, but it’s hard to partner up with ITOps to stop the threats.  
  • ITOps knows that SecOps has a bunch of priorities, but they can’t easily analyze what’s going on, or track progress, or partner with SecOps.  

What Is BigFix CyberFOCUS Analytics?

It is a way to help SecOps and ITOps team up to remediate vulnerabilities more efficiently: 

The BigFix CyberFOCUS Analytics solution is a unified set of analytics, built into the BigFix Vulnerability Remediation Solution, that takes BigFix-unique information and data (e.g., whether security patches were applied, if patch content is available), and combines it with threat information so that SecOps and ITOps have a novel way to collaborate and align together when proactively protecting against adversarial threats. It is designed to help SecOps and ITOps to reduce the friction between the two teams by answering questions for threats that are time urgent, based on information that only BigFix knows. For example, the CVE Remediation Simulator in CyberFOCUS Analytics tells you which CVEs have the highest value and LEAST BUSINESS DISRUPTION for the effort in remediating a group of CVEs that are ALL considered “Critical” to patch against a threat. This helps SecOps and ITOps to team up on game plans against adversarial threats.   

It is a way to help SecOps and ITOps and the CEO team up to manage cyber risk based on business decisions:  

The BigFix CyberFOCUS Analytics solution also helps SecOps and ITOps to work together, empowering them to maintain revenue flow and operational resilience and stay within the cyber risk tolerance for protection defined by the CEO and the Board. It also provides Protection Level Agreements that:

  • Links business goals and cyber risk, measuring them based on exploitable vulnerability exposure time.  
  • Is based on tools and processes that can be controlled by remediation processes and BigFix automation.  
  • Provides automated high-quality metrics and analysis that can be trended.

What Does BigFix CyberFOCUS Analytics Comprise?

 It comprises three new sets of analytics:  

    1. Advanced Persistent Threat CVE Analyzer confirms priority exposures to CVEs known to be used by MITRE ATT&CK Groups based on whether BigFix patched the CVEs; includes the CVE Remediation Simulator to do instant, real-time ‘what if’ analysis of changes in your vulnerability attack surface to prescribe remediations having the most protective power with the least effort; and correlates the BigFix Patch Content needed and the unpatched devices regarding the CVEs in question to provide immediate protection.  
    2. CISA KEVs Exposure Analyzer confirms priority exposures to CVEs in CISA’s Known Exploited Vulnerabilities Catalog based on whether BigFix patched the CVEs, compares your environment to the CISA-directed due dates for the CVEs and your performance against those due dates, provides information on a number of devices exposed and device vulnerability density, and correlates the BigFix Patch Content needed and the unpatched devices regarding the CVEs in question. 
    3. Protection Level Agreement Analyzer confirms performance against measurable cyber risk control points in reducing exploitable vulnerability exposure time that clearly link to business goals.

How Do I Get BigFix CyberFOCUS Analytics?  

The BigFix CyberFOCUS Analytics solution is available for all customers who have entitlements for BigFix Remediate, BigFix Lifecycle and BigFix Compliance, and will be generally available in December 2022.

How Do I Get More Information?

Learn more by visiting BigFix CyberFOCUS

Comment wrap
Further Reading
Large-scale Ransomware Campaign
Automation | February 8, 2023
Large-scale Ransomware Campaign exploits a two-year-old VMware Vulnerability
The attack campaigns appear to be exploiting CVE-2021-21974 for which a patch has been available since February 23, 2021. Systems running ESXi versions 7.0, 6.7 and 6.5 are currently being targeted and pose the greatest threat.
Zero Trust Security
Automation | February 6, 2023
Zero Trust Security: How To Get Your Endpoints Ready
The attacks that exploited the Log4J vulnerability illustrated that malicious actors work quickly to find new ways of compromising organizations. This trend has been growing for several years, making it clear that organizations need to detect and respond to threats much faster than traditional, perimeter-based approaches allow. That’s why both the government and the private sectors have been embracing the paradigm shift to Zero Trust security.
Continuous Business Benefit Realization with HCL BigFix
Automation | December 13, 2022
Continuous Business Benefit Realization With HCL BigFix
With all my discussions with clients and partners, IT organizations of all sizes are continually challenged to reduce costs and simplify operations.
Filters result by