Latest Articles

Secure DevOps | October 2, 2019
Culture is Key For Security
Today, there's a direct connection between consumer trust, user experience and revenue and it is clear that a security culture is critical to success.
Automation | October 2, 2019
HCL BigFix Inventory 9.2.16 Validated Equivalence to IBM License Metric Tool (ILMT)
BigFix Inventory V9.2.16 is now available, delivering increased value and demonstrating HCL’s commitment to both HCL and IBM customers. There are three key features of HCL BigFix Inventory V9.2.16: Equivalence to IBM License Metric Tool (ILMT). Enhanced reporting, granting better license cost optimization and analytics to help your organization better understand how much of your licensed software is actually being used. Enhanced API, allowing new data to enable integrations. IBM announced on September 24th 2019, that HCL BigFix Inventory V9.2.16 has been verified equivalent to IBM License Metric Tool (ILMT) V9.2.16 for IBM Virtualization Capacity reporting. Organizations that use BigFix Inventory to meet the requirements for IBM Virtualization Capacity licensing may now upgrade their environments to V9.2.16. This release of BigFix Inventory demonstrates HCL’s dedication to our customers, by continuing to deliver a validated alternative to ILMT while providing all of the additional benefits of HCL BigFix Inventory. Malgorzata Jablonska, Senior Development Manager of BigFix Inventory, emphasized, “We understand sub-capacity customers require the latest releases of BigFix Inventory to be validated by IBM before upgrading their environment, and we will continue to work with IBM to validate future HCL BigFix Inventory releases.” With HCL BigFix Inventory, your organization can maintain an up-to-date inventory of software assets that are installed in your infrastructure, gather information about your hardware, and ensure license compliance of your enterprise. With BigFix Inventory, you always know what software you have, where it is deployed, and how it is used. For more information, visit For more information about IBM’s validation of HCL BigFix V9.2.16, visit
Automation | October 2, 2019
Harden Your Servers with BigFix Compliance
BigFix Compliance is used effectively to harden servers reducing security risk.
Secure DevOps | September 30, 2019
How to Balance Speed and Security in Your Application Security Program
In today’s ever-evolving digital trust landscape, the term DevOps has become synonymous with speed. If you want to compete, you need to build quality code quickly. Yet as quickly as companies are able to innovate, the bad guys are constantly developing new ways to exploit vulnerable applications. With that in mind, business leaders and security managers need an application security solution that integrates into the software development life cycle (SDLC) to maintain speed to market. However, there is a delicate balance between security and speed, and striking it is an exercise in understanding your objectives and risks and empowering your developers to lead the charge. Understand Your Application Security Objectives If your priority is to simply check the box, so to speak, to satisfy regulatory requirements, it’s important to consider that compliance does not always equal security. That’s not to say achieving compliance is a fast or easy task, but if your goal is to prevent a breach by writing secure software, you need to go beyond just compliance. Most regulatory requirements are painted with a broad brush and don’t take the nuances of your application into consideration. Compliance is a point-in-time endeavor to check a specific set of requirements that could quickly become irrelevant given the lightning-fast pace of application development. That’s why instituting security throughout the development pipeline is crucial to delivering secure code on time. When security is baked into your application’s DNA from the start, compliance should come easy. Furthermore, you can set yourself apart from the rest of the market by establishing security policies based on the needs of the business. What Makes a Balanced AppSec Program? There’s a common misconception that only certain types of application testing can match the speed of Agile or DevOps methodologies. Because of this, many organizations will settle for...
Digital Solutions, Marketing & Commerce | September 30, 2019
Introducing HCL DX 9.5: Future-Proof Your Business through Powerful Simplicity
You know that the future of your business relies on the technology decisions you make today. And you know you need a digital experience transformation platform that is robust enough, secure enough, and modern enough to evolve and meet the needs of your business — as well as all your business users and customers. The digital experiences you create power your mission-critical business applications. And, as anyone who has tried to do this at scale, with information and data that comes from multiple sources and systems, allowing multiple people and teams to access, edit, and publish — you know it’s hard and it’s complex. And with the ever-increasing demands from the market, and your audience, and the people who need you, you can’t afford to jury-rig piecemeal solutions. You need powerful simplicity to boost your future business - and HCL Digital Experience (DX) 9.5 can you give this, and a whole lot more! More modern ways to solve evolving business challenges Hopefully, you have read about the benefits of both Docker and Kubernetes in our recent blog— greatly simplifying implementation, deployment, and maintenance — making it much easier, faster, and more affordable to grow and expand. You’ve also heard about the evolving new and modern user experience which will make creating and managing web experiences faster and easier, as well as empower more business users with out-of-the-box digital experience examples. Finally, HCL DX 9.5, through more open and accessible APIs, provides developers greater agility in blending complex content, data, and systems — serving internal customers (employees), business to business, and external customers. All together, with HCL DX 9.5 you can adapt to market changes quickly, while keeping a consistent, reliable, modern multichannel experience — for any user. Flexible power that scales We want you to learn, along with other top-level...
Automation | September 25, 2019
BigFix Patch Tuesday Webinar – September 2019
September is the first month of the Fall season and as more leaves start to rain down, apparently so do more patches from Microsoft. September Patch Tuesday has brought with it a whopping 80 vulnerabilities including 17 which are categorized as “Critical”. In this month’s BigFix Patch Tuesday Webinar, we discussed what these patches mean, why they carry such a high severity, and how BigFix is helping our clients optimize their planning and deployments to achieve high levels of compliance even in the smallest of maintenance windows.  The most severe vulnerabilities are referred to as “zero day” vulnerabilities, and Microsoft addressed two of those this month, CVE-2019-1214 and CVE-2019-1215. Both have been exploited prior to Microsoft providing a patch and exist due to improper handling of objects in memory by the respective drivers/service. In each case, the vulnerability exists as an Elevation of Privileges (EoP) where an attacker may not be able to gain access directly, but deployed alongside a separate attack, they could then gain administrative rights and significantly compromise the endpoint.  Here are the CVE specifics:  CVE-2019-1214 – Elevation of Privileges with the Common Log File System Driver  CVE-2019-1215 – Elevation of Privileges impacting the Windows Socket 2 IFS Layer service (ws2ifsl.sys service) to disrupt network connectivity  While both vulnerabilities exist on all versions of Windows Desktop and Server operating systems, 1214 has been primarily seen attacking older operating systems which creates more urgency and precedence on an organization’s Windows 7 migration plans.  As of February 2020, we will no longer have access patches for Windows 7. Continue to keep a close eye on the patches coming out over the next several months; we expect to see an uptick in patches for Windows 7 endpoints as attackers know their window of opportunity could expand greatly as Windows 7 approaches end of support.  Microsoft also continues to see their Remote Desktop Protocol (RDP) service...

Upcoming Event

No upcoming events