The IBM BigFix team are pleased to announce the release of BigFix Detect.
BigFix Detect extends the BigFix portfolio and aims to help security professionals of any company to quickly and effectively identify compromised devices or applications. You can also identify anomalous behaviors, analyze security exposures, and remediate them quickly.
The capabilities and value provided by IBM BigFix Detect can be grouped into the following main three categories:
Detect
Leveraging behavioral anomaly detection, based on intelligence gathered from millions of endpoints worldwide, BigFix Detect identifies and alerts on advanced, evasive threats. In addition, BigFix Detect monitors for the existence of indicators of compromise (IOCs).
BigFix Detect supports importing external IOCs and IOC feeds in the following formats:
- Cyber Observable eXpression (CybOX)
- Structured Threat Information Expression (STIX)
Investigate
To enable security professionals to understand the scope and context of a threat, BigFix Detect assists in the Incident Response process by providing recommendations for possible investigation paths.
BigFix Detect records endpoint activity, providing search capabilities over the recorded data and traversing process trees.
In addition to historical search capabilities, BigFix Detect also enables the security professional to run ad hoc IOC evaluation queries.
Respond
BigFix Detect enables the user to contain and remediate attacks by suggesting relevant response actions in incident alerts and historical events. The user can then take an action directly from BigFix Detect.
BigFix Detect supports the following response actions:
- Quarantine file: remove the selected file and place it in quarantine so that malicious activity is stopped.
- Kill process: kill a malicious process identified by BigFix Detect.
- Fix registry keys: update registry keys that have been modified by malicious activity identified by BigFix Detect
- Apply patches: apply relevant available patches to selected devices or enterprise.
- Update software: update software packages for selected applications.
- Enable customized response to mitigate threat from patient zero and complete enterprise
- Ability to hunt with BigFix Query across enterprise in real time for key information and attributes on target endpoints
Documentation
The documentation available at https://ibm.biz/BdirdK covers the following areas in detail:
- Getting started information
- Setup and deployment process
- BigFix Detect architecture
- Detailed user guidance
- Troubleshooting and support