Enforce continuous security compliance for all endpoints
IBM BigFix Compliance enforces continuous security compliance throughout your organization for all endpoints both on and off the corporate network.
BigFix enforces continuous configuration compliance with security and regulatory policies on every endpoint including out-of-the-box support for PCI-DSS, DISA STIG and more. An intelligent agent on every endpoint monitors, manages and reports on the status of every endpoint in real-time regardless of OS type or location.
Any endpoints found to be out of compliance can be automatically remediated and brought back into compliance, whether they are on or off the corporate network. Or, they can be quarantined completely to prevent the spread of malware to the broader network.
With BigFix Query you can accurately identify and inspect endpoints through a user friendly web interface and simple, intuitive questions. You can learn which policies are enforced and which applications and services are installed; examine files and system configuration settings to help you identify additional security threats.
IBM BigFix Compliance:
- Enforces continuous security compliance using an intelligent agent on the endpoint that assesses and remediates issues in real-time.
- Provides Payment Card Industry Data Security Standard (PCI-DSS) compliance with BigFix Compliance Payment Card Industry (PCI) Add-on.
- Manages hundreds of thousands of endpoints, both physical and virtual, regardless of location, connection, type or status.
- Delivers a broad range of security functions and gives you the ability to add other targeted functions as needed, without adding infrastructure or implementation costs.
- Makes the most of BigFix technology. This single-infrastructure approach distributes decision-making to the endpoints.
Enforces continuous security compliance
- Provides accurate and real-time visibility into and continuous enforcement of security configurations and patches.
- Provides security and compliance analytics which identify, manage and report on policy exceptions and deviations. Also shows trending and analysis of security configuration changes.
- Is faster and more efficient. The intelligent agent provides continuous compliance with automated audit cycles measured in minutes rather than weeks.
- Enables automated, highly targeted processes that provide control, visibility, and speed to effect change and report on compliance.
Provides Payment Card Industry Data Security Standard (PCI-DSS) compliance
- Designed to help with the enforcement and compliance reporting needed to satisfy the latest PCI-DSS requirements.
- PCI- DSS configuration and policy compliance checks, as well as specialized dashboards, simplify the monitoring and reporting of PCI compliance.
- Continuously and automatically manage system configuration and currency to improve endpoint security and integrity.
- Help to protect organizations from the malicious or unintentional loss of confidential customer and financial information while lowering operational and security administration costs.
Manages hundreds of thousands of endpoints
- Supports a large variety of endpoints. These include servers, desktop PCs, “roaming” Internet-connected notebooks, smartphones, tablets and other mobile devices, as well as specialized equipment such as point-of-sale (POS) devices, ATMs and self-service kiosks.
- Provides endpoint management for major operating systems, third-party applications and policy-based patches.
- Helps discover endpoints that you might not have known were in your environment.
Delivers a broad range of security functions
- Patch management includes delivering patches to endpoints for Microsoft Windows, UNIX, Linux and Mac OS; and for application vendors including Adobe, Mozilla, Apple, Java and more.
- Security configuration management provides a library of out-of-the-box technical controls. They can help you achieve security compliance by detecting and enforcing security configurations.
- Vulnerability management helps you discover, assess and remediate vulnerabilities before endpoints are affected. If the endpoint is found to be out of compliance, the software can place it in network quarantine until compliance is achieved.
- Multivendor endpoint protection management gives administrators a single point of control for managing third-party endpoint security clients from vendors such as Computer Associates, McAfee, Sophos, Symatec and Trend Micro. Endpoints can be migrated from one solution to another with “one-click” software removal and reinstall.
Makes the most of BigFix technology
- Places an intelligent agent on each endpoint. This single agent performs multiple functions including continuous self-assessment and policy enforcement with minimal impact on system performance.
- Includes near real-time and continuous reporting and analysis from the intelligent agent on your organization’s endpoints.
- Allows agents to be configured as a relay between other agents and the console. This relay function allows the use of existing servers or workstations to transfer packages throughout the network, reducing the need for servers.
- Supports the Fixlet Relevance Language. This published command language enables customers, IBM Business Partners and developers to create custom policies and services for endpoints managed by IBM BigFix.