The BigFix team is pleased to announce the initial release of BigFix CyberFOCUS Analytics! This offering is included in the BigFix Lifecycle, Compliance, and Remediation suites. This application will enable Business executives, IT Security and Operations teams to collaborate much more effectively in an effort to discover, measure and manage ongoing threats and vulnerabilities. The initial release of BigFix CyberFOCUS Analytics correlates vulnerabilities from two perspectives.
The CISA Know Exploited Vulnerabilities catalog (reference here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog) provides an enhanced mitigation perspective in alignment to vulnerabilities known to have active exploits as well as patched mitigations.
MITRE ATT&CK® (reference here: https://attack.mitre.org/) provides an enhanced mitigation perspective in alignment with threat actor landscape (Advanced Persistent Threat - APT) to associated vulnerability and BigFix Fixlet content within BigFix.
This allows for enhanced and enriched prioritization perspective as the organization looks to mitigate vulnerabilities and threats.
Additionally, BigFix is introducing a concept we are calling “Protection Level Agreements” or PLA’s. This release includes several default PLA’s that allow organizations to measure and manage ongoing mitigation efforts in alignment with Business specifications.
The main features of this release are as follows:
- 3 Out of the box Data Visuals to help organizations visualize and prioritize risk mitigation efforts:
- CISA Known Exploited Vulnerabilities (KEV)
- MITRE APT Groups
- Protection Level Agreements
- Ability to export data supporting the CIS KEV and MITRE APT data visuals
- Interactive interface that allows relative drilldowns to assist in security and mitigation analysis
- The report supports native Web Reports filtering capabilities to limit the scope of endpoints and/or Content
How to enable, along with additional information about this release:
Known limitations and Issues.
Currently there is no capability to export supporting PLA data (this capability will be delivered in an upcoming release)
The report is currently limited to External content only and specifically excludes Vulnerabilities for Windows Systems and BigFix Labs. Custom content sites are not evaluated within this release.
This report has been qualified on Chrome Firefox & Safari. Internet Explorer is specifically not supported.
The Report may take some time to load depending on customer environment variables. Variables that affect report run time include:
- System Resources - Web Reports
- Number of Fixlets within the environment
- Number of endpoints within the environment
- Number of vulnerabilities
For additional context, we have done numerous performance tests, and average load times depending on these variables typically are within 1 min – 5 mins. Environments varied from 20K – 384K endpoints. The report presents a progress bar to inform the user of progress. The report will render once the progress bar has reached 100%
Certain browser and environment configurations may cause the report to “stutter” when hover over events occur with hyperlinks that have tool tips. This has been noted and experienced with Firefox or Chrome under rare circumstances. Should this occur, the user should attempt to use another browser.
The CISA chart, when viewed by CVE release date, shows no date on the X-axis. The left portion of the X-axis can be considered “Then” while the right portion of the X-axis can be considered “Now”
The CISA KEV CVSS field is based upon CVSS v3. Some of the vulnerabilities associated in the CISA KEV predate CVSS v3, and thus do not have CVSS v3 metadata to provide.