Published on 28 Oct 2012
“ With IBM BigFix we will be able to guarantee that all of our endpoints are patched appropriately, and we will be able to provide solid proof that we have a regular, fully documented patch process in place. This will be a huge step in helping us to move closer to full PCI DSS compliance. ”
Neil Wakefield, System and Process Change Manager, The Co-operative Food
The Co-operative Food
The Co-operative Group Ltd. is a British consumer cooperative, wholly run and owned by its members. It is the largest organisation of its kind in the Europe, with over six million members. The group comprises a diverse range of businesses, the largest of which is The Co-operative Food: a chain of food and convenience stores employing some 70,000 people.
The Co-operative Food wanted to develop a more unified approach to patch management, in an effort to improve compliance with PCI DSS standards and enhance security across its retail network.
The IBM BigFix solution helps the company to centralise and streamline the patching process, delivering more effective patch management for an endpoint environment comprising some 19,000 devices.
Near-real-time, automated patch discovery and management helps ensure that endpoints maintain appropriate patch levels. Integrated reporting helps demonstrate compliance with PCI DSS requirements.
IBM products and services that were used in this case study.
IBM BigFix Lifecycle
Automation, Business Resiliency, Enabling Business Flexibility
IBM, the IBM logo, ibm.com, and BigFix are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml References in this publication to IBM products, programs or services do not imply that IBM intends to make these available in all countries in which IBM operates. Any reference to an IBM product, program or service is not intended to imply that only IBM’s product, program or service may be used. Any functionally equivalent product, program or service may be used instead. All customer examples cited represent how some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions. This publication is for general guidance only. This document is current as of the initial date of publication and may be changed by IBM at any time. It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. WGC12440-GBEN-00