BigFix Detect is now available

eamonnlarkin · March 30, 2017, 7:25pm

The IBM BigFix team are pleased to announce the release of BigFix Detect.

BigFix Detect extends the BigFix portfolio and aims to help security professionals of any company to quickly and effectively identify compromised devices or applications. You can also identify anomalous behaviors, analyze security exposures, and remediate them quickly.

The capabilities and value provided by IBM BigFix Detect can be grouped into the following main three categories:

Detect
Leveraging behavioral anomaly detection, based on intelligence gathered from millions of endpoints worldwide, BigFix Detect identifies and alerts on advanced, evasive threats. In addition, BigFix Detect monitors for the existence of indicators of compromise (IOCs).

BigFix Detect supports importing external IOCs and IOC feeds in the following formats:

Cyber Observable eXpression (CybOX)
Structured Threat Information Expression (STIX)

Investigate

To enable security professionals to understand the scope and context of a threat, BigFix Detect assists in the Incident Response process by providing recommendations for possible investigation paths.

BigFix Detect records endpoint activity, providing search capabilities over the recorded data and traversing process trees.

In addition to historical search capabilities, BigFix Detect also enables the security professional to run ad hoc IOC evaluation queries.

Respond

BigFix Detect enables the user to contain and remediate attacks by suggesting relevant response actions in incident alerts and historical events. The user can then take an action directly from BigFix Detect.
BigFix Detect supports the following response actions:

Quarantine file: remove the selected file and place it in quarantine so that malicious activity is stopped.
Kill process: kill a malicious process identified by BigFix Detect.
Fix registry keys: update registry keys that have been modified by malicious activity identified by BigFix Detect
Apply patches: apply relevant available patches to selected devices or enterprise.
Update software: update software packages for selected applications.
Enable customized response to mitigate threat from patient zero and complete enterprise
Ability to hunt with BigFix Query across enterprise in real time for key information and attributes on target endpoints

Documentation

The documentation available at https://ibm.biz/BdirdK covers the following areas in detail:

Getting started information
Setup and deployment process
BigFix Detect architecture
Detailed user guidance
Troubleshooting and support

swap041 · March 31, 2017, 2:16pm

How about the licensing ? Can we enable this product with having Bigfix Lifecycle and Security Licenses.

Or is this separate license ?

gearoid · March 31, 2017, 2:27pm

It’s a separate license/entitlement.

anthony.delbuono · April 6, 2017, 3:59pm

I passed the information to my management. I really hope they consider looking into the product. I will make the call its going to be BIG!!!

murtuza · April 6, 2017, 4:31pm

Thank you Anthony, let us know how we can help.

techadmin · April 27, 2017, 6:55pm

@murtuza is there a trial or something to try it out before purchase?

murtuza · April 28, 2017, 3:01am

Hi, we are planning to release trial for Detect but that will be later. If you are interested send me a note to murtuza@us.ibm.com and we maybe able do something depending on what your plans are.

ann · June 8, 2017, 4:47am

How much is the product price

techadmin · June 8, 2017, 12:35pm

@murtuza I have sent an email note months back and I will send out a reminder today.

murtuza · June 8, 2017, 2:29pm

Hi, sorry may have missed your note… What are you looking for.

murtuza · June 8, 2017, 2:30pm

Hi Ann, just sent you an email.

ann · June 9, 2017, 2:18am

I want to know that the price of BigFix detect product?

techadmin · June 9, 2017, 12:39pm

A trial to test before purchase and also is there any discounts for the early birds?

mgamal · August 24, 2017, 2:46pm

As IBM partner, we have got NFR license for BigFix and we need to demonstrate BigFix detect capabilities.
We need any example to simulate BigFix detect in action.

thomasdietrich · April 17, 2019, 2:47pm

Is BigFix Detect still a product? I’m looking for a way to isolate endpoints using BigFix, and Detect seemed like a good solution. However, I can’t seem to find anything about the tool that is current. Is it still alive? Has it transitioned to a new name?

rupertclayton · April 17, 2019, 3:12pm

IBM announced end of marketing for BigFix Detect on 21 November 2017 and end of support was 10 July 2018: https://www-01.ibm.com/software/support/lifecycleapp/PLCDetail.wss?q45=S706385E51455V41

If you’re looking for EDR solutions, you may want to consider CarbonBlack or Palo Alto Traps, both of which have integration with BigFix.

steve · April 22, 2019, 10:29pm

We do have quarantine capabilities via IPSec as part of BigFix Compliance. Look for the “BigFix Client Compliance *” sites that are available with that solution.