[email protected] - Tivoli Sales BigFix Lead Italy
Tivoli Endpoint Manager
built on BigFix technology
Convergenza di Security, Operation e gestione energetica
per postazioni di lavoro e server
clusit version
Milano - Marzo 2011
© 2010 IBM Corporation
il Mercato : posizionamento del LifeCycle Mgmt
Gartner report datato Gennaio 2011 prima di integrazione Tivoli :
il mercato: “maturo, da 2.2 miliardi di dollari” per la “gestione di configurazioni ed il
supporto di attivita’ da system administration per sistemi client”
il valore: risposta “per automatizzare l’ amministrazione ed il supporto di postazioni di
lavoro che altrimenti sono svolti manualmente”
convergenza di Operations e Security
“il Patching e’ il miglior esempio di un
security process che si e’ trasferito nel
campo delle Operations”
“BigFix integra la security e la
gestione della configurazione nella
stessa infrastruttura.”
univocita’ di BigFix nella architettura:
“l’intelligenza e’ nell’ endpoint”
BigFix “scalabile a decine/centinaia
di migliaia con relativamente pochi
servers”
source: Gartner report here
© 2010 IBM Corporation
2
BigFix ieri
BigFix Inc. Founded in 1997; over 700 customers, acquired by IBM on on
July 19, 2010
More than 8 million PCs, servers, and devices under management
Multiple large scale deployments (200,000+ endpoints)
Support for multiple platforms, including Windows, UNIX, Linux, Mac and
virtual operating systems
Holds 10 technology patents; 17 patents pending worldwide
Integrated into the Tivoli Automation and Security portfolios
new IBM Tivoli Endpoint Manager built on BigFix technology announced on
January 25, 2011
Visionary in Gartner January 2011 PC Lifecycle Management and December
17 2010 Endpoint Protection Platform Magic Quadrants
© 2010 IBM Corporation
3
BigFix oggi
la soluzione IBM per la compliance del software e della sicurezza
di tutti i computer aziendali dal laptop al server
con caratteristiche di scalabilita’ massiva , tempo reale, singolo agent , policy-driven.
IBM Tivoli Endpoint Manager
for
lifecycle
management
for
security and
compliance
• Asset Discovery
• Asset Discovery
•
•
for
Patch Management
patch
management
for
Power Management
power
management
malware
protection
core protection
Web reputation,
BigFix
module
client-side firewall
powered
by
Core
Protection
TrendMicro
Module
powered by
TrendMicro
SW use analysis
add on
lifecycle = Asset Discovery, Patch Mgmt, HW/SW Inventory, Software Distribution (#) ,
Remote Control P2P (*), OpSys Deployment (*)
Security = Asset Discovery, Patch Mgmt, Security Configuration Mgtm, Vulnerability
Mgmt, Decision Support SCM, Client Mgr Endpoint, Protection, Network Self
Quarantine
Note:
(#) new repository feature
(*) new features from Tivoli products
© 2010 IBM Corporation
4
clienti che hanno scelto BigFix
BigFix Customer
1-5
Managed Devices
Largest Chip Manufacturer
350,000
Largest Global Retailer
240,000
Largest US managed care
230,000
US School District 1
226,000
Large Asian Petroleum
180,000
Large US Telco
166,000
Wall-Street Firm 1
130,000
Large Asian Railways
120,000
US Agency 1
111,000
US School District 2
110,000
Wall-Street Firm 2
110,000
US Agency 2
100,000
Wall-Street Firm 3
100,000
© 2010 IBM Corporation
5
5
perche’ un cliente sceglie BigFix
il Valore
visibilita’ e controllo in tempo reale
un singolo agente vede tutto e fa tutto
scalabilita’ senza precedenti
1 server per piu’ di 250K endpoints
estesa copertura out-of-the-box
14 OpSys supportati + smartphones, multiuso
on-network, off-network
170K policies pre-configurate
130K SW signatures pre-configurate
valore al cliente in tempi molto rapidi
RETAIL
“BigFix semplifica i processi e riduce il numero di fornitori
da gestire - saving money, riduce lo stress e migliora la
qualita’ dek servizio che possiamo fornire all’
organizzazione”
Michael Schaefer
Sr. Wide Area Network Analyst
EDUCATION (K-12)
“Abbiamo avuto $4.2M solo di risparmio energetico [con
BigFix Power Management] veramente notevole, but ed
e’ solo l’inizio”
si installa in qualche ora !!
risolve specifici problemi in pochi minuti
i bisogni indirizzati
Quali sistemi sono collegati in rete e come sono
configurati ?
quando e’ necessario applicare patch e come sapere
che e’ installata e correttamente ?
Quanto velocemente posso rispondere a nuove
esposizioni di sicurezza ?
Tom Sims
Director, Network Systems
FINANCIAL SERVICES
“E’ una gara impari [tra BigFix e la competizione]”.
L’abilita’ di risolvere problemi diversi
sfruttando un agente multi-funzione, attraverso una
singola console e’ stata la ragione motivante per la
scelta BigFix da parte di BGC. Ed infine, la velocita’ di
BigFix e’ stata un altro motivo fondamentale”
Come ridurre I costi di compliance dei miei sistemi da
laptop a servers ?
© 2010 IBM Corporation
Chris Marino
SVP of Global IT Procurement
6
perche’ un cliente sceglie BigFix
I tre aspetti del Systems Management che BigFix indirizza
– Visibilita’ e controllo in tempo reale
• Centralized visibility and reporting of all assets
• Seconds and minutes view of hardware/software configuration and
policy compliance
• Real-time, granular control of configuration changes
• Immediate knowledge of configuration change results
• Visibility and control of mobile/remote computers over public networks
– Scalabilita’ in 3 dimensioni
• Single server, single console view of the enterprise
• Multi-site, geographically distributed deployment
• single agent , single TCP/UDP port
– Semplicita’ d’uso
• Zero-effort assessment
• Customization by IT operations
– Versus Plan, Build, Run structures
– Versus customization by Development/Eng groups
• 4 days to receive full product training
• Instant on System Management and Security solutions
1-7
© 2010 IBM Corporation
7
Perche’ un cliente sceglie BigFix - caso reale large client
Prima di BigFix
8
Dopo BigFix
Disponibilita’ Patch tipica in 3-14+ giorni
Disponibilita’ Patch in 24 ore
92% compliance in 5 giorni
98% in 24 ore
Soluzione custom a volte non riesce ad
applicare le patches sulle macchine target
Ha identificato circa il 35% delle macchine
target con almeno una patch non applicata
dalla soluzione custom
Modello di compliance, completamente
affidato all’utente
90% dei requisiti di patch Windows possono
essere automaticamente risolti
Eccezioni a livello di macchina
Eccezioni a livello di policy setting
92% compliance in 5 giorni
98% in 24 ore
© 2010 IBM Corporation
8
BigFix come somma di prodotto + servizio cloud
Siti BigFix USA provider di contenuti
Patch
SW Dist.
Power
SCM
Anti-Malware
SW Asset Mgt. OS Prov.
Other …
Internet
Descrizione e Benefici
Le applicazioni vengono distribuite via
abbonamenti a siti di contenuto (fixlet)
(modello simile ad “iTunes”)
il contenuto passa dal BigFix server al
target attraverso l’infrastruttura
Nessuna re-installazione dal cliente
Velocita’ e distribuzione automatizzata
Rapido per POC e facile per testing
Modello flessibile per future espansioni
cliente
9
© 2010 IBM Corporation
9
BigFix unique “Fixlet” and “Relevance” language
Fixlet messages are instructions to interrogate the hardware and
software properties of managed clients and perform a management
“Action” in case
Fixlets are written in “Relevance” : a custom made language for
managing endpoints
Relevance results in 100+ faster than any other environment
Suitable for IT operations and security groups
Relevance expressions are designed to be human-readable.
the language provides access to thousands of methods and
properties known as “BigFix Inspectors”
Relevance
Language vs WMI
showing 100+
faster execution
1-10
© 2010 IBM Corporation
10
BigFix Message Architecture
BES Console
BigFix
BigFix Fixlet
Fixlet
Publishing
Publishing Servers
Servers
Autom
atic co
n
BES
BES Clients
Clients
tent re
trieval
(HTTP
)
BES
BES Server
Server
BES
BES Clients
Clients
BES
BES Clients
Clients
BES
BES Relay
Relay
BES
BES Relay
Relay
The
TheBES
BESServer
Serverretrieves
retrieves
Fixlets
Fixlets(Policies)
(Policies)from
from
BigFix Fixlets Publishing Servers
BigFix Fixlets Publishing Servers
automatically.
automatically.
BES
BES Relay
Relay
© 2010 IBM Corporation
BES
BES Clients
Clients
11
BigFix Message Architecture
BES Console
BES
BES Clients
Clients
BES
BES Clients
Clients
BigFix
BigFix Fixlet
Fixlet
Publishing
Publishing Servers
Servers
BES
BES Server
Server
BES
BES Clients
Clients
BES
BES Relay
Relay
BES
BES Relay
Relay
The
TheBES
BESServer
Servernotifies
notifies(UDP)
(UDP)
its
clients
immediately
of
its clients immediately of
new
newFixlets
Fixletscontent
content
BES
BES Relay
Relay
© 2010 IBM Corporation
BES
BES Clients
Clients
12
BigFix Message Architecture
BES Console
BES
BES Clients
Clients
BES
BES Clients
Clients
BigFix
BigFix Fixlet
Fixlet
Publishing
Publishing Servers
Servers
BES
BES Server
Server
BES
BES Clients
Clients
BES
BES Relay
Relay
BES
BES Relay
Relay
The
Thenotification
notificationpropagates
propagates
throughout
the
enterprise
throughout the enterprise
within
withinminutes
minutes
BES
BES Relay
Relay
© 2010 IBM Corporation
BES
BES Clients
Clients
13
BigFix Message Architecture
BES Console
BES
BES Clients
Clients
BES
BES Clients
Clients
BigFix
BigFix Fixlet
Fixlet
Publishing
Publishing Servers
Servers
BES
BES Server
Server
BES
BES Clients
Clients
BES
BES Relay
Relay
BES
BES Relay
Relay
BES
BESClients
Clientsretrieve
retrievethe
theFixlets
Fixlets
upon
connection,
and
upon connection, and
defined
definedintervals
intervals
BES
BES Relay
Relay
© 2010 IBM Corporation
BES
BES Clients
Clients
14
BigFix Message Architecture
BES Console
BES
BES Clients
Clients
BES
BES Clients
Clients
BigFix
BigFix Fixlet
Fixlet
Publishing
Publishing Servers
Servers
BES
BES Server
Server
BES
BES Clients
Clients
BES
BES Relay
Relay
BES
BES Relay
Relay
BES
BESClients
Clientscontinuously
continuously
Evaluate
and
Evaluate andenforce
enforce
Received
Receivedpolicies
policies
BES
BES Relay
Relay
© 2010 IBM Corporation
BES
BES Clients
Clients
15
Patch relevance: an example
Competitor steps to identify patch relevance
–
–
–
–
–
Use an existing report or write SQL script to identify an asset group
Download the latest Baseline Analyzer or Inventory Tool
Schedule and run Baseline Analyzer on asset group
Identify computers needing patches by running reports or SQL scripts
All these steps are manual
The process in BigFix is completely hands-free
– BES Server automatically subscribes to new Fixlets
– BES Server notifies BES Agents of new Fixlets
– BES Agents retrieves the Fixlets from the Server
• If an Agent is offline, it will automatically retrieve the Fixlets upon the next reconnect
– BES Agents continuously assess the Fixlets against the hosts
– If a patch is required, the BES Agents notify the Server immediately
– BES Console reflects data automatically
1-16
© 2010 IBM Corporation
16
Power Management
Centralized, policy-driven power management of distributed computers
scalable from individual machines to entire global enterprises
Fine-grained controls for hibernation/standby, subsystem-only shutdown,
and save-work-before-shutdown options
Saves up to $50 per year per TEM-managed device depending on local
electricity costs and net energy savings achieve
Wake-on-LAN support
synchronizes systems
maintenance processes
with power conservation
Opt-in programs
encourage end-user
participation as well as
Wake-on-Web feature to
allow for end-users to
remotely connect and turn
on their own systems
© 2010 IBM Corporation
17
Security Configuration Management : highlights
Cosa e’:
un insieme di benchmarks (chiamati da BigFix checklists o baselines) per valutazione e
gestione delle configurazioni di sicurezza di workstations e servers.
SCM e’ uno dei pochi prodotti certificato dal National Institute of Standards and
Technology (NIST) conforme a Security Content Automation Protocol (SCAP) per la
definizione e verifica dei profili di sicurezza e bonifica eventuali discrepanze.
Valore per il cliente:
gli IT managers usando i benchmarks SCM sono certi di applicare le policy di security a
tutti I sistemi aziendali e ne documentano lo stato di compliance in tempo reale tramite
Web Reports
Gli Auditors possono usarlo come strumento per determinare lo stato di compliance.
la gestione di configurazioni aziendali particolari e’ possibile e dinamica tramite
meccanismi di Clients Subscription a Custom Sites
out-of-the-box assessment e remediation per:
– DISA STIG (Standard Technical Implementation Guides)
– FDCC (Federal Desktop Core Configuration)
– SANS Top 20
– altri standards come FISMA, PCI via custom configuration controls per Windows e UNIX
© 2010 IBM Corporation
18
Security Configuration Management : reporting
The SCM solution
includes a graphical
dashboard that
provides an overview
of security posture and
its details.
© 2010 IBM Corporation
19
Security and Compliance Analytics: reporting
Cosa e’:
SCA (pka DSS SCM), a component of Security and Compliance, is a
web-based application for security and risk assessment
generates the reports which can be filtered, sorted, grouped, exported,
printed, emailed, and customized
Reports:
Overviews
of Compliance Status and History
Checklists
Compliance Status ,History
Checks
Compliance Status, Values, History
Exceptions
Management, Status, History
Computers
Compliance Status, Values, History
Computer Groups
Compliance Status ,History
© 2010 IBM Corporation
20
BigFix: tre clienti e tre utilizzi particolari
recupero di laptop rubati o smarriti
printer usage monitoring
added value services by Orange
© 2010 IBM Corporation
21
Grazie del vostro tempo !
© 2010 IBM Corporation
22
Scarica
  1. No category

BigFix - Security Summit

Una scuola di tutti e di ciascuno

Una scuola di tutti e di ciascuno

Direttiva ministeriale 27 dicembre 2012

Direttiva ministeriale 27 dicembre 2012

LIFc e MIUR strategie per l`inclusione_Colombi

LIFc e MIUR strategie per l`inclusione_Colombi

BES T

BES T

Presentazione a cura di Sergio CARLESSO

Presentazione a cura di Sergio CARLESSO

Casi complessi di alunni con BES: come gestirli a livello

Casi complessi di alunni con BES: come gestirli a livello

Sarti - Asal Associazione Scuole Autonome del Lazio

Sarti - Asal Associazione Scuole Autonome del Lazio

Mazzoli

Mazzoli

BES - Home - Istituto San Giuseppe Lugo

BES - Home - Istituto San Giuseppe Lugo

Presentazione di PowerPoint

Presentazione di PowerPoint