How BigFix and Carbon Black Can Protect Your Business Despite Microsoft’s February Patch Release Failure
Microsoft announced that it was scrapping its February Patch Tuesday security patch release, causing ripples throughout the IT world. The most concerning aspect around this is that many of the vulnerabilities these patches were going to resolve are being actively exploited. This places businesses in the regulatory dense financial and healthcare sectors in a state of severe risk. A business can quickly turn this into a win through the utilization of advanced SIEM tools like BigFix and Carbon Black.
Locking Down the Fort With SIEM Tools
It’s no secret that next-gen SIEM is a key component in securing an organization’s IT assets. As cyberattacks increase both in frequency and complexity, the development of security postures have also been evolving to meet the ever changing field of security risks. In banking and financial services organizations, things quickly become complex when the sheer number of device and operating system platforms used to conduct day to day business seems almost limitless. This can lead to an almost infinite number of breach possibilities for those in the financial industry.
The impetus then must be on locking down your IT assets as much as possible. While applying security patches always has and always will be a key piece of any security posture, Microsoft’s failure to deliver much needed vulnerability patches in February illustrates why this cannot be your only strategy.
Implementing next-gen SIEM products into your security posture brings a complete and technologically advanced to the table. Products such as Carbon Black’s Cb Response 6 or IBM’s BigFix can use data analytics and event management to detect and neutralize network threats and vulnerabilities.
Invoke Endpoint Security Responses
A great place for financial organizations to start is to implement a client side tool that actively seeks and destroys any security threats that your endpoints may encounter. The latest next-gen offering from Carbon Black, Cb Response 6 is just the tool for this need. The Cb Response platform is unlimited in terms of scalability, and has a very unique ability to mediate potential threats in near instant fashion while allowing for future investigation thanks to its own storage repository of event data.
A key facet of this product that Champion loves to point out to our clients is its use of Carbon Black’s “streaming prevention” technology. This technology is a game changer for next-gen SIEM products in that it acts as an algorithmic event processing center. It gives the Cb Response product the ability to learn and update its own risk policy based on the day to day activities of device activity. The Streaming Prevention technology is what allows Cb Response 6 to detect abnormal device or network activity, and remediate it by multiple means, ranging from blocking the abnormal process from running to isolating all potentially affected systems from the rest of the network.
Vulnerability Tracking and Patch Management
Cb Response 6 on its own is a powerful next-gen SIEM tool, but you shouldn’t stop there. The eventuality that needs to be faced in light of Microsoft’s vulnerability miss is that your devices will still be open to being compromised as the reported vulnerabilities become more effectively exploited. You will need to set and maintain patching standards as well as device priorities, especially when coming from a place of being behind the curve in the timely patching of vulnerabilities.
It is here that the patch and vulnerability management capability of IBM’s BigFix enters the discussion. BigFix’s patch management monitors Microsoft patch releases and issues an alert as well as a report to indicate to you which systems are in need of the security patch. The great aspect around this is that you can create your own priority patching groups within BigFix, so that any released security updates are deployed to the devices that need them the most first. This mode of vulnerability resolution can be applied to third party applications, such as Adobe or Java products, to further ensure that devices in your infrastructure that are identified as being a priority have their vulnerabilities resolved as quick as possible.
An additional functionality of BigFix that we take advantage of is the ease in which BigFix and Cb Response integrate with each other. This gives you a nearly real-time picture and response time to any unpatched and vulnerable endpoints on your network, as well as the ability to remediate or isolate endpoints as deemed necessary. When this integration is combined with the automated client rule responses, which presents an organization with very granular controls over mediation steps, your security posture vastly improves and makes you less dependent on the timeliness of security patch releases.
Security Posture Expertise
The recent waves that were caused by Microsoft’s decision to skip it’s standard Patch Tuesday release of vulnerability patches in February has sent many organizations on a path of reducing their dependence on these patches. By leveraging next-gen SIEM tools like BigFix and Cb Response 6, and organization can create a security posture that gives it a hardened endpoint and infrastructure base from which it can operate.
This can be a complex process and requires a level of detail that can result in an infrastructure aspect being missed. This is where Champion can come in to help. Contact us today to learn more around how Champion’s SIEM expertise and engineering capabilities can create a proactively secured infrastructure.