Webinar Recording
New Methods to Accelerate Endpoint Vulnerability Remediation
IT endpoints are no longer just workstations and servers confined to corporate headquarters, branch offices, customer sites, and data centers, they can now be just about anything located anywhere, from employee homes to airports, hotels and in the cloud. But every endpoint represents a potential entry point for cyber attackers, and needs to be managed.
Log in and watch the full video!
Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.
I have an account
Log inRegister your account to start 30 days of free trial access
RegisterSubscribe to become a client
Choose a package
Welcome to our copy. A cold webinar, new methods to accelerate endpoint with Notability remediation. This webinar is supported by HCL software to speakers. Today are Dan Wolf. Who's director of solutions and product marketing at HCL software. And me Martin Kuppinger I'm principal Analyst Analyst at Ko, a cold Analyst. Before we start, I wanna give a quick overview of upcoming events and I wanted do a little bit of housekeeping, and then we'll directly dive into the topic of today's webinar and the topic I thinks very clear it's about how do we deal with all these risks we have from the endpoints, which are, was the end point being the typically entry point for our tackles, which are really at the forefront of everything we do in security. And so this is what we are we'll discuss today. Let's get started. We have a couple of upcoming events.
First one will be in on March 23rd will be a virtual event. You can try and for free, which is about zero trust and zeroing in on zero trust. Following that we will have mid-May our European identity and cloud conference purchase the largest gathering around these sea in Europe. And I would dare to say the most relevant identity management conference globally to don't miss to join our European identity conference, which we run this year, the first time in Berlin, and you can join onsite or you can join remotely. Having said this have a little bit of a look at the housekeeping aspect. So we are controlling audio. You don't need to care about your audio.
We will do two polls, one at the beginning, one more towards the end of my part of the presentation, we will then look at the results of these pulses in during the Q and a session. And that is the third pattern of our webinar. After the presentations, the more questions we have the better it is. I really always love to have very lively, very interactive Q a sessions. And for sure, you will be available to access a recording of the webinar and to get access to the Slidex, which we will make available short term after the webinar with that let's get started. And before we go look at the agenda, I want to, to start the first poll. And this poll is when you look at the end points about the end point management aspect. And the question is to you is, do you already have a, have a central solution for managing end points in place? So three, three options, no, or yes, I have a central solution or I have something to manage, but it is more one for mobile, one for PC or something like that. So curious about your answers and let's get started.
So I give you another 10 seconds or so
Come on. The more it would, the better it is. Okay. I think then become close the poll second, you, and now without further I do, let's jump into the topic of today. Endpoint security. I'll talk in a, in the first part a little bit about closing the front door for attackers and take a little bit of broader perspective of what, what all is required. And then in the second part, then we'll, we'll talk about really how to enable an organization to manage every endpoint and help in remediation. So how to do the practice that's set on the third element or third part of our webinar will be the Q and a session. So let's get started with looking at some technology terms, primary em, unified endpoint management, and E P P endpoint protection platforms. And you will see in the next few minutes, there are a couple of other terms around that, but I I'd like to concentrate on, on these two.
So unified endpoint management is, is a discipline, which has evolved over time from client life cycle management and software deployment and other technology. So this is really the history, so to speak. And I remember some 20, maybe 25 years ago, I started really researching some of these platforms. And since then a lot of things have changed, but a lot of things still still exist, but really is the big change is that unified endpoint management not just takes an administrative perspective. It integrates a security element into that, which is it's not about just the life cycle, like onboarding, provisioning, patching, stuff like that. Patching already. You could come to security anyway, but it, and handling the applications. It's really about unifying input management across all types of endpoints and all the required capabilities. And this is really what, what, what makes a huge difference. Clearly the capabilities of products differ a little for vendor to vendor, but the end it is, is really managing the device, managing the applications, the content, supporting, understanding which assets you have and boost I, and Dan will touch this topic because if you don't know what you have, you struggle with security.
And, you know, I remember conversations with C and then there was right after one of the more prominent incidents we have experienced the past couple of months and years. And, and when, when did they, they say, okay, it took us the first week and to identify which systems may be affected, then we know we are in trouble. We need to fix this because only when we know about our endpoints about what is on the endpoint only then we are able to act fast in the security spaces, all the actions we need to do and to take around security. So unified endpoint management, a set of disciplines, it is an important essential market. We just recently have covered in the update of our leadership compass and unified endpoint management. So it is one of the areas we are researching because there's strong security angle within unified endpoint management.
And then we have this other area, which is endpoint protection platforms, which are our platforms that, that are really more focused on the, the specifics of endpoint protection. So this is in fact it is the traditional good old antivirus, anti malware and steroids, a little bit it's trust evolution in that space you're observing. And you'll see in a minute that EPP again, then right now, converges into a broader endpoint protection detection response. So not only saying, okay, there's a problem, but acting on the problem. But things like features like, like multi engine scanning, monitoring of crypto APIs, preventing exploits. So looking at where can go things wrong, looking at known exploits and stuff like that. And for instance, shutting down process, this is look, then really goes more into the depths of EPP and maybe look at UAM. Some of the vendors have quite a lot of these features.
Others have more focus more on the patching side, on the security setting side, etcetera, both I think are really well approaches we have. And clearly there are all these other function like hardening firewall and stuff like that. And in some ways, these both segments overlap and we need both no doubt about it. And it's very clear UAM as a technology is nothing which stands alone separate from, from all the other stuff. It is that it is something which closely related to, to many other technologies we see. And some of them you will find in the, so of some of the vendors, others might be more require a separate product, but yet we have endpoint security and it's sort of evolution into E P D R. There's an overlap to it, service management. There's also a need for integration to it. Service management. It is close to workplace delivery where is more on the, the, the platform and workplace than more on, on the application side there's asset license in contract management, which you frequently find to a certain extent within these solutions sometimes less or sometimes more enterprise mobility management actually should be part of UEM.
So you shouldn't have the need to have two different types of solutions here. It should be really RA closely integrated. And so this is, this is really the space we are looking at and the question, and, and I believe strongly that these technologies are really super important to, to deal better with all the challenges we are facing in cybersecurity specifically when it comes to the point, because at the end, as I've said, the end point is always something which is at the forefront of security and maybe look at this C CSF sort of cybersecurity framework and beyond then I think this becomes very, very clear. So just recently took an hours word block post, but looking at, at this CSF on one side and the defend framework, it's interesting when you look at these frameworks that they has quite quite a bit of similarity, they have also quite a bit of differences.
So in this unified identify and unified hard protectors in this detect suppose respond is imposed with going very much detail recovers in this again. And, and this is more, more focused on, on really lining to, to other standards and, and ice 27,001. Cetera, while MIRI goes is very much into the technical details into technical actions. If you combine the two, then, then you probably have a very good foundation for doing things right. And in that foundation, this is where I, I wanna focus on is you, you need to, to understand what, which technologies you have and, and which you need. And when you take all these technologies, the, the right hand column get out there, salvage are before the attack, like identify how to protect during the attack, like detect and respond. And after the attack, like recover and improve and to be really good, it's a little bit about, but like building a sandwich, you need everything.
You need a bread, the cheese, you need to add the ham and you need another slice of bread. So only if you, if you bring in all these things together, or you can go for other type of sandwich, if you are eating or vegetarian, but at the end of the day, it is a good sandwich consists of various things. And so the risk sandwich, so to speak is something where you need to bring together. All of these things. And UEM comes in at quite a number of places like identify. So what is at risk, if you know your end points and for that space, then your better in acting on that hardening setting, the right configurations, cetera, responding like patching. So bringing in the right patch then will elaborate on this in a few minutes or recover resetting recreating systems, etcetera. All of these things are about unified endpoint management or when, when you flip sort of the perspective and it means without unified endpoint management, you definitely will massively struggle in implementing a comprehensive risk framework.
So you will have a pretty uninteresting, incomplete sandwich and so better go for the full sandwich. And that requires multiple technologies, but UAM is a very central one and instead is also a very central technology to the entire zero trust topic. So when we look at zero trust and we, we have, I think everyone of you has heard a lot about zero trust and trust today. I had a discussion about a little bit of zero trust, fatigue, and, and I said, you know, I think the point is that zero trust fatigue, the point is we must go more to act level. So how do we really make it work? And this is I think the point I I'd like to talk a little bit about it. And clearly action in two minutes is big promise. But what, what we need to understand is it's paradigm zero trust.
It is a element which has a couple of technologies, identity management, em, which are important. It starts with the user. It's good to get, to get equip. The device is more difficult. We know. So if it's not your own corporate own device, things get more complicated, but also they are solutions. And we need to manage device because right here on this side, the left hand side of this graphic, this is the front door. This is where techers tend to come in. We have to network how to control these days. Where are your users sitting in the age of work from home? Which networks are they using? But the systems and applications are clearly, again, are something and the data as well and data micro side of the endpoint. It might reside essentially all of these things we need to look at, but when it's about a device, this is the point I want to make.
Then it's about unified endpoint management. So if you want to, to start your journey or continue your journey towards zero trust, and it is about understanding which technologies you need, which set of technologies, which deliver value, which fits to the zero trust idea of having that trusted component, but something which helps you in verification and building trust and unified endpoint management helps you. It helps you understanding what do you have? What is the status? Can I trust it? What you need, what do I need to do? And then also actually fixing things when things go wrong. So when do we look at, how can we remediate the, the security challenges that come, or that are associated with the end point, and then, and when we move forward to, to zero trust, then, then we need to think about how to better manage how to better protect the end point. So that is my story for today.
I have another poll here, and that is, that is what I'm, I'm really curious about because I, I, I feel from, from all I see and hear from, from the outer space, so to speak that still a lot of organizations struggle with the asset management piece. So having something in place, which gives them a state of insight into the endpoints. That's my question today for endpoints. Clearly it goes beyond that is about insight into everything. You have, the cloud services, the infrastructure service, your data senses that are having the insight and knowing what is going on, what is state, what do you have because only we only can protect what we know. So the question to you, Paul, do you have a central repository and asset management in place that gives you insight into the state of all endpoints? Yes or no. Another 10 seconds and please respond. Okay. We can close. Thank you very much for, for, for delivering your answers. And without that, and, and without further ado, let's head over to Dan and make them the presenter of today. Dan, welcome.
Thank you very much, Martin. I very much enjoyed your, your presentation. The whole, the risk sandwich I think is extremely relevant and it's actually quite new thinking. I think for many people, you know, many security teams focus strictly on, on endpoint protection, for example, and, and, you know, the latest kind of shiny object, whether it's EDR or whatever. And they kind of forget the old tried and true methods of you need to patch. You need to close all the doors and windows. So the criminals can't get in. And I think your, your risk sandwich model and, and the zero trust model are extremely relevant in with today's problem. Wanna extend that conversation? Cause we all know there's, there's vulnerabilities that exist in the marketplace, in, in any enterprise and many times there's great visibility into those as well, but the enterprise is struggle to get them remediated, to get them patched.
This is really a, a universal challenge surveys of, of over 300 enterprises show that nearly a third of all, detective vulnerabilities remain open after a year and a quarter are never remediated. Only 10% of organizations address all open vulnerabilities within a year of discovery and security leaders are really not confident that they're they're remediating vulnerabilities quickly. Many times is due to, you know, silos and things like that. I'll get into that. The causes here in, in a moment, and then 60% have had a, some kind of data breach for, for a, that was caused by a vulnerability that, or a patch was even available. This is a huge problem you you've heard of in many, many cases of data breaches, you know, in the us Equifax data breach, which exposed over a hundred million, you know, critical personal information to, to, to attackers is this discipline example.
Another one right now is log four, J you probably heard of this, you know, December 9th, this was made aware it's, it's a massive vulnerability in a common Apache Java application that is built into thousands of enterprise applications. It's a logging function. It simply logic to log processes and actions that are happening in application. So very broad deployment of this vulnerability, very easy for an attacker to get at, get at it without authentication. It was first reported in December 9th. There was, you know, literally thousands of exploits for second happening. It, it achieved the very rare 10 out of 10 score as a CVSs score is hardly ever happens because of the severity of this and the prevalence. You know, the FTC is just a government federal trade commission can as a legal authority pursue companies that that don't take reasonable steps to mitigate this. There's also a lot of attacks, you know, and exploit is only, is only used as part of a broader attack, whether it's ransomware or stealing personal information or whatever, but here's just some of the big brand name attacks, you know, ransomware families, Trojans, reverse bash shell, these particular attacks or threat families that around for a long time, they're now have implemented lawn Boche exploits, which make it makes it easier for these, these attacks to work.
So this is a big problem and really illustrated of the challenge happening, cuz log the answer to log four J is very simple. It's patching, patching, patching, and products like big fix. My product is, is essential to dealing with things like log four J and just vulnerabilities in general before, during and after the attack, why is this happening? Why is this big problem with, with all this? And, and so for example, there's, you know, there's the sheer volume of vulnerabilities. Many of our customers have, you know, millions, one customer has 6 million running vulnerabilities across all our enterprise applications across servers and, and client devices and so forth. Ineffective prioritization of those vulnerabilities is also a problem. When you have a huge volume, you have to make choices. And it's, it's very difficult to have prioritization on what's most important around our critical assets and so forth.
Patching is hard. It can break and disrupt systems. There'll be downtime, service disruption, which if you're running, you know, simple as email server or web application, you know, you don't wanna bring those down unless you absolutely have to. It operations is usually different than the security team and you think they would all be in one, one set of goals. But many times the security team is finding things, you know, in the case of Equifax, they found the Apache stress vulnerability. And for whatever reason, the it operations team didn't patch it and the results were catastrophic. And as we all know, resource constraints as well that everyone doesn't have enough people or time or skills, and this, this makes the problem more acute. So how does this look in real life? So, so when security Analyst scans the network using, you know, vulnerability management tools, he's, he's finding, you know, scans, they take a long time, there's a lot of data they'll send over spreadsheets over to it, operations.
And then the work really starts. You have different teams with different platforms, whether it's windows or Linux or servers or cloud researching each vulnerability one a time to find the right, the right patch to, to deal with those. And many times there's a, a later patch that consolidates me and the other patchs you have to find those. And, and you can take, we regularly have organizations that we work with that are taking 20 to a hundred hours a month to, to deal with this. Then once the, the, the patches have been been defined, then you have to create the, the fixes, the, the actual implementation of the fix to go out and patch those servers schedule and so forth. And this can take weeks or months to do so this is really an untenable situation this whole time from left to right here, you're vulnerable, vulnerable, some attacks, especially at zero bay attack.
Like we see with log four J. Now what we've done with, with HCL big fix our product was, is input management solution UEM. And other solution is that we've taken in by integrating directly with the security Analyst, using tools that callus and tenable to directly bring in those, the scan information to review and prioritize patch actions to correlate with four different engines. The, the, the vulnerability found with the right patch automatically create, we call fix list, which is the automation and patching package that goes out deploying mediate. So we basically reduces that from weeks or months to minutes and hours. So it's much less effort. There's fewer errors. We didn't even didn't mention that. But up here in this upper process, it's very error pro. Especially if you have less skilled people, we can make mistakes. And so by automating that with our intelligent automation and big fix, we can, we can create fewer errors and this, but the main goal of lowering risk by reducing that meantime to remediation you lowered your risk.
So here's a little bit of view on this with, for example, with our, our partner tenable, you can see that scan information, oops, sorry. Scan information comes in. All the APIs it's automated into big fixed insights, which is our data analytics platform. We, we compare that with available fixed packages. We go through our four patch, correlation engines to, you know, identify the right IP with the right software, etcetera. Then we have a great prioritization engine via dashboard that allows the administrator make choices about what's gonna happen first. So we create this radiation, our, our baselines and fix lists, and then it, we deploy those. So what, what this actually does is, you know, if you look at, you know, two minutes of work for vulnerability processing, a thousand vulnerability, that's actually pretty aggressive, pretty quick, based on a lot of is different, different vulnerability, more complicated to, to research, yeah.
Say 33 hours with that same 1000 with this method, we really reduced that to minutes. And so this has been a large unsolved problem in it. And the response from our customers has just been tremendous to this. Let me show an example what that, what that prioritization looks like. So here's one of several dashboards that you can, you can view, you can see your top five vulnerable devices. So you probably wanna address those first and also import different priority grading methodologies. This one is the 10 vulnerability priority grading. We also bring in their asset criticality, which, which allows you to prioritize by the criticality asset, cause you have sense information, critical database of information. So, and then there's their cyber risk exposure rating as well, but also include the CVSs, which is a standard rating capability. So you go, you can go in and drill into any of these, including this lower chart, which allows you to see, you know, fix list by date published.
So if you've got a critical high severity vulnerability that has been out for a long time, you've got, say 6,000 instances of that. That's probably something you want to go address pretty quickly. We find this in our new customers. Once we come in and discover their devices, discover their vulnerabilities. And it's just, it's very eye opening to actually see where your vulnerabilities are and now it operations can work to clear these up. So this, this chart is very clear from left to right? And, and your organization is in a much better posture and you can, and you can really support that. The second column of the zero trust model that Martin was talking about, which is making sure all your devices are patched. And it's actually the first addressing the first part of the model of, you know, of addressing your security posture before, during, after the attack.
This is all about the before part. So with this, you know, this four intelligent automation engines that we, that we use to speed vulnerability mediation occur at the endpoint ID with tenable core, the vulnerability to one of our big fix fix list. We identify the superseded patch, the latest superseded remediation, which is very, this is probably the most secret sauce of what we got easy AI methods to make sure that the right patch is recommended. And then we correlate the big fix endpoint of the latest lets fix it, no additional agent, no performance impact to the user or the server. And with we cover more operating systems than any other similar product to nearly a hundred different operating systems of variations across munix and, and any other, any other platforms this a little bit on, on what big fix does overall, you know, we're a leading endpoint management platform.
We play in UEM unified endpoint management, which typically in the Analyst community is, is, is talked about really as clients, you know, employee devices, big fix does this much more than we, we manage, you know, servers cloud as well as mobile devices and client devices as well. First and foremost, I think, you know, Martin described it really well. You have to know where your devices are. You have to know what's out there. So discovery is extremely important. We also have a hard software inventory capability with our big fix inventory product. So you can, you can interrogate and manage the licenses for over hundred thousand of software times. Big fix is a, is a, and is heart and automation platform. You can automate distribution automate the hardening that's that, you know, phase one of before, during and after the attack, patching compliance, reporting and so forth, you can then manage, you know, any device, every device, desktop server, cloud mobile.
We have end user self-service capabilities for distributing software. We without desktop control, which is an essential part of M any power management, but also integrate with 12 over, over 12 different market leading products like ServiceNow for I TSM tenable, qu Q and vulnerability remediation, really the, sort of the capstone of our more recent developments where we can correlate these vulnerabilities from the industry, leading vulnerability management solutions, and really close that gap and reduce your tax surface faster than any other methodology probability also have extensive compliance reporting, you know, PCI CIS, which is broadly used. And we have this unique ability to eliminate configuration drift with what we call continuous compliance. The intelligence of the compliance standard in your patch policies is stored at the end point. So then that, that becomes enforced no matter, regardless of the communication channel, back to the manage console, other systems require a callback, but now in this case, if you've got an endpoint user, you know, mobile user who tries to, you know, disable endpoint AV or protection and continuous compliance with big fix will push it back, turn it back on and reset those setting to so forth.
And finally we have our open data analytics platform, which we call big fix insights, which does largely do historical training reporting and, and integrate data from across your enterprise. Any other system, we can put this data together. And actually the, the last chart I showed you was, was an example of that with the insights, vulnerability remediation prioritization. So the big fix team could help, you know, visit big fix.com. You can schedule a download, big fix or insights for vulner mediation. We can really help you quantify your current remediation and how we can reduce that and understand your risk of critical and vulnerabilities. So that's all I had Martin, and maybe we can go back and let's answer some questions.
Okay, great. I'm happy to receive answers from the audience. So again, the call to action. So to speak to everyone in the audience to, to raise your questions, then take your, your talk. I think one, one of the things such as interesting, you answered most of my questions I had anyway, I think we, we should up some points again. And one is you brought up this sample of look for three and as we all probably have learned, look Forche is something which is sitting very deep down in the system. In some ways it's just a library, which is used by software components. Yes. And so it's very interesting question to, to me is do you detect sort of out of the box device, by default to that level of detail is something you need to configure so that, you know, okay. Here's lock for trade here's it's lock for J so how do you tackle such a charge?
Yes, it's a very good question. And we do detect it in several ways. One is we detect the service, the service running. We detect the service on disc. We typically if it's called log JCS, but we also detected based on just the binary footprint and binary signature, we've also, we have an extensive methodology for our customers and even incorporate some open source tools that can fill some of the gaps that every other product has. For example, we use the log Presso scanner for, for scanning deep into jar files and other types of storage files that are just sitting on discs, but they have long four J vulnerabilities looking in them. So if you visit big things.com right on the homepage, there's a log four J remediation center, which has lots of resources, which show how you can discover, mitigate and remediate these solutions. Now with, with this case, many, since so many, you know, packaged software offerings from manufacturers have embedded log four, J you really have to wait for them to rebuild their entire stack, including the, the newest version of log four J which does not have the ability. And so we, we stand ready when those, when those new packages are ready, we deliver those to our customers. Usually within 24 hours in encapsulating, a fixer, we manage over 500,000 different fix for various things. Live four J is top of mind. So we are delivering those patches for, for key software as they become available. So it's a, it's really a all hands on deck, but really, really feeds into the whole notion of addressing before, after.
Okay. Then you already started answering maybe my next question. My follow up question would have been, so, so how do you deal? Don't you take, look for chase. So, okay. There was the problem identified then there was the first, another, another, so on plus all the patches of software, which depends lot for chain. So we had at various levels, quite a number of patches in the last couple of weeks. And we are by far at the end of, of this patching journey. So it also means that there might be okay, I need to patch that and I can that, or I have dependencies you also product this term of superseded. I think it was recommendations. Maybe you can, can talk a little bit more about how you deal with these scenarios, where one patch, so to speak follows the other.
Yeah, that's a really good question. And, you know, as you, one of the things that anybody can do is you can go look at a particular vulnerability. Particular is CDSS and there'll be a link to, to a minor or Microsoft notation and it'll show you, okay, here's a patch that deals with that CVSs, but what's not spoken of is there's usually a patch that came out later, especially for older ones that actually combine patches for several things, for a particular piece of software. That's what we call the superseded patch. And it's not always obvious based on literature available to a researcher to a security or it operations person on what that superseded patch is. And that's some of the magic that our research teams do is when a per particular, particular vulnerability that may have occurred, you know, a year and a half ago, there's probably a better patch than the original one that was recommended. So hopefully that answers your question.
Yeah. That, that answers the question. So, so, so what you're saying is also you are helping with, with your team, you're helping the customer so that by guiding them to what, to apply, which patches to apply and doing this very, very fast so that people can, can patch more or less, right. When the patch is available, so to speak and they, they are guided in using the right patch.
Yes. Yes. And, and, you know, that's just one of the four correlation engines. It's, it's quite tedious to actually, cause you gotta pick a vulnerability management tool, like quality tenable is gonna say, oh, this IP address with this software has this vulnerability. Well, you bring that into it. Operations, you have to say, okay, well, based on my systems, what, which system is that, which software is that? And you have to correlate those two that's quite difficult and especially for a lot of vulnerabilities. And so then you have to associate the right patch to like fix it, which is our automation script that does many things, including patch, you know, and the restart and everything else. So there's, there's a lot to it. I think people that generally don't realize the, the severe work involved in it, operations and actually patching critical, especially survey based systems where you may have to reboot the system and are, and are complex, you know, stacks of, of operating system and software and networking and so forth. So yeah, it's, it's a big job.
Got it. Got, got it. You just mentioned tenable and you also talked about a few other integrations you have out of the box. What, what I'm also curious about is understanding. So, so you mentioned some of the out of the box decorations. Maybe you also can elaborate a little bit on the, the way you do that, the types of APIs, the way you integrate with others. Because as we all know, aside of what you deliver out of the box, there are dozens of different security tools, a number of different it, service management tools, it solutions, et cetera, to integrate with. And probably every, every customer environment looks a little different. So there might be integration needs beyond what is supported out of the box.
Yes, absolutely. And because every, every enterprise has an ecosystem of products and, and today, if, if the products are not integrated, there's maybe discussing passive spreadsheets. There's a lot of manual work, a lot of errors. And by, by integration using APIs, you can automatically exchange information. Let's say the case of obtainable Analyst we're using APIs to, to bring in and, and initiate these correlation engines automatically. So all that work is handled behind the scenes using essentially, which is artificial intelligence to, to make the process much, much more quick in the case of another integration, which is very popular, is our integration with ServiceNow for it, service management. Yes. And so there's a, a function in those they call CMDB, which is how the services team will inventory. What exists on an endpoint software, hardware setting, CPU settings, you know, is it, is it, is it under warranty, those types of things. And we have an integration with that where we automatically provide extensive levels of information about an endpoint because of our position on the endpoint to CMDB, that just gives a much richer set of knowledge to the, to the services manager who may be trying to do some service particular client or a server. So that's, that's another example of how, how integration dramatically speeds the effectiveness of it organizations.
Okay. Maybe used the opportunity to look at, at the pulse. And I bring up the results from, from the first first poll we did. That was the question about Western is a central solution for managing endpoint in place. And, and it's interesting that, so, so roughly one out of four answer vs. We have one central solution and approximately the same amount of participants said, no, we don't have any. And then the rest a little bit more than half says, oh, we have a couple of solutions in place. And I, I think this is an interesting perspective on, on the state of still of the, of organizations showing to my, my perspective that there's strong need to make progress in that, because again, my, my simple perspective is what you don't know, you can't manage, you can't fix you. Can't secure. So the knowledge about what is in our, it is to my perspective, essential for everything else. And clearly knowledge is part of managing, managing is also important because we have all these endpoints and the world doesn't get simpler. What's your take on that then?
Absolutely. That, that research is fascinating. It doesn't surprise me a whole lot that people have, the majority of people have multiple systems because that's what they had to do when, when it groups had to manage end user mobile phones, you know, iOS and Android, the only thing they do, they had to buy a special separate system to do that when they needed to deploy software to laptops, they had another system, especially max, they have another, another product they have to buy through that. When they're managing your servers, they have multiple different pockets of management. A cloud brings in a whole set of other very specific tools that are specific to AWS, different tools for Azure different tools for Google cloud. And it's just a mess. It's, it's it's air prone. It takes too many people. It costs too much. And so the whole concept of unified endpoint management, really, I think one of the key goals is to simplify consolidated tools and have single processes.
And, and we have the problem that we anyway have too many tools specifically around security. And that's really hard to manage all the, to manage integrations. Clearly, I, I think this is the situation of when we go back to when, when enterprise mobility management emerged many years ago, there was not much support from the back of the day, the client life cycle solutions. So there was a new problem, new solutions appeared and the challenges, I, I believe that sometimes it's important to do that, but I think we should always be aware, can this be a strategic solution or do we, from the very beginning, consider it as something tactical until sort of the, the central solutions also included also integrated, also delivered to that. And I remember I wrote a blog post back then and said, yes, the other predictions that the enterprise mobility management will grow massively, but should this market really grow massively or should it become integrated? And at the end, I think time proved me, right? Most of the solutions became integrated because it just makes more sense.
I couldn't read more that, you know, watching this, that the tools mature and evolve over time, it was hard to predict what would, what would happen. And I think, you know, big fix, we have a bit of a different approach because we'd extended big fix to manage mobile devices just last year. So we managed iOS and a Android from a single console. So we've come from the area of the traditional patching, patching servers, patching endpoint, you know, workstations and laptops. And so managing mobile devices was a natural extension of our, of our platform. And so we're yeah, go ahead.
No, fine. I think we have another question here from the audience. Other questions, do you offer any kind of draining for your software?
Very cool. Absolutely. Absolutely. Actually it's free. If you visit big fix.com, there is a big fix 1 0 1 and, and several other levels of class, they fill up quite quickly because we have a limited, limited attendees allowed, but please visit big fix.com. Look for the training, pull down link and it's available and free.
Okay, great. Okay. I think there are no further questions. So I think it's time to say thank you. Thank you to you, Dan, for you. Very insightful presentation and, and the conversation afterwards. Thank you to all of, all of everyone who's joining has joined a webinar or who will listen to the podcast of this webinar later on. Thank you very much. Hope to see you soon in one of our next webinars or at our European identity conference or some of the other events. So thank you very much and talk to you soon again. Bye.
Thank you, Martin. And thanks to the attendees.
First one will be in on March 23rd will be a virtual event. You can try and for free, which is about zero trust and zeroing in on zero trust. Following that we will have mid-May our European identity and cloud conference purchase the largest gathering around these sea in Europe. And I would dare to say the most relevant identity management conference globally to don't miss to join our European identity conference, which we run this year, the first time in Berlin, and you can join onsite or you can join remotely. Having said this have a little bit of a look at the housekeeping aspect. So we are controlling audio. You don't need to care about your audio.
We will do two polls, one at the beginning, one more towards the end of my part of the presentation, we will then look at the results of these pulses in during the Q and a session. And that is the third pattern of our webinar. After the presentations, the more questions we have the better it is. I really always love to have very lively, very interactive Q a sessions. And for sure, you will be available to access a recording of the webinar and to get access to the Slidex, which we will make available short term after the webinar with that let's get started. And before we go look at the agenda, I want to, to start the first poll. And this poll is when you look at the end points about the end point management aspect. And the question is to you is, do you already have a, have a central solution for managing end points in place? So three, three options, no, or yes, I have a central solution or I have something to manage, but it is more one for mobile, one for PC or something like that. So curious about your answers and let's get started.
So I give you another 10 seconds or so
Come on. The more it would, the better it is. Okay. I think then become close the poll second, you, and now without further I do, let's jump into the topic of today. Endpoint security. I'll talk in a, in the first part a little bit about closing the front door for attackers and take a little bit of broader perspective of what, what all is required. And then in the second part, then we'll, we'll talk about really how to enable an organization to manage every endpoint and help in remediation. So how to do the practice that's set on the third element or third part of our webinar will be the Q and a session. So let's get started with looking at some technology terms, primary em, unified endpoint management, and E P P endpoint protection platforms. And you will see in the next few minutes, there are a couple of other terms around that, but I I'd like to concentrate on, on these two.
So unified endpoint management is, is a discipline, which has evolved over time from client life cycle management and software deployment and other technology. So this is really the history, so to speak. And I remember some 20, maybe 25 years ago, I started really researching some of these platforms. And since then a lot of things have changed, but a lot of things still still exist, but really is the big change is that unified endpoint management not just takes an administrative perspective. It integrates a security element into that, which is it's not about just the life cycle, like onboarding, provisioning, patching, stuff like that. Patching already. You could come to security anyway, but it, and handling the applications. It's really about unifying input management across all types of endpoints and all the required capabilities. And this is really what, what, what makes a huge difference. Clearly the capabilities of products differ a little for vendor to vendor, but the end it is, is really managing the device, managing the applications, the content, supporting, understanding which assets you have and boost I, and Dan will touch this topic because if you don't know what you have, you struggle with security.
And, you know, I remember conversations with C and then there was right after one of the more prominent incidents we have experienced the past couple of months and years. And, and when, when did they, they say, okay, it took us the first week and to identify which systems may be affected, then we know we are in trouble. We need to fix this because only when we know about our endpoints about what is on the endpoint only then we are able to act fast in the security spaces, all the actions we need to do and to take around security. So unified endpoint management, a set of disciplines, it is an important essential market. We just recently have covered in the update of our leadership compass and unified endpoint management. So it is one of the areas we are researching because there's strong security angle within unified endpoint management.
And then we have this other area, which is endpoint protection platforms, which are our platforms that, that are really more focused on the, the specifics of endpoint protection. So this is in fact it is the traditional good old antivirus, anti malware and steroids, a little bit it's trust evolution in that space you're observing. And you'll see in a minute that EPP again, then right now, converges into a broader endpoint protection detection response. So not only saying, okay, there's a problem, but acting on the problem. But things like features like, like multi engine scanning, monitoring of crypto APIs, preventing exploits. So looking at where can go things wrong, looking at known exploits and stuff like that. And for instance, shutting down process, this is look, then really goes more into the depths of EPP and maybe look at UAM. Some of the vendors have quite a lot of these features.
Others have more focus more on the patching side, on the security setting side, etcetera, both I think are really well approaches we have. And clearly there are all these other function like hardening firewall and stuff like that. And in some ways, these both segments overlap and we need both no doubt about it. And it's very clear UAM as a technology is nothing which stands alone separate from, from all the other stuff. It is that it is something which closely related to, to many other technologies we see. And some of them you will find in the, so of some of the vendors, others might be more require a separate product, but yet we have endpoint security and it's sort of evolution into E P D R. There's an overlap to it, service management. There's also a need for integration to it. Service management. It is close to workplace delivery where is more on the, the, the platform and workplace than more on, on the application side there's asset license in contract management, which you frequently find to a certain extent within these solutions sometimes less or sometimes more enterprise mobility management actually should be part of UEM.
So you shouldn't have the need to have two different types of solutions here. It should be really RA closely integrated. And so this is, this is really the space we are looking at and the question, and, and I believe strongly that these technologies are really super important to, to deal better with all the challenges we are facing in cybersecurity specifically when it comes to the point, because at the end, as I've said, the end point is always something which is at the forefront of security and maybe look at this C CSF sort of cybersecurity framework and beyond then I think this becomes very, very clear. So just recently took an hours word block post, but looking at, at this CSF on one side and the defend framework, it's interesting when you look at these frameworks that they has quite quite a bit of similarity, they have also quite a bit of differences.
So in this unified identify and unified hard protectors in this detect suppose respond is imposed with going very much detail recovers in this again. And, and this is more, more focused on, on really lining to, to other standards and, and ice 27,001. Cetera, while MIRI goes is very much into the technical details into technical actions. If you combine the two, then, then you probably have a very good foundation for doing things right. And in that foundation, this is where I, I wanna focus on is you, you need to, to understand what, which technologies you have and, and which you need. And when you take all these technologies, the, the right hand column get out there, salvage are before the attack, like identify how to protect during the attack, like detect and respond. And after the attack, like recover and improve and to be really good, it's a little bit about, but like building a sandwich, you need everything.
You need a bread, the cheese, you need to add the ham and you need another slice of bread. So only if you, if you bring in all these things together, or you can go for other type of sandwich, if you are eating or vegetarian, but at the end of the day, it is a good sandwich consists of various things. And so the risk sandwich, so to speak is something where you need to bring together. All of these things. And UEM comes in at quite a number of places like identify. So what is at risk, if you know your end points and for that space, then your better in acting on that hardening setting, the right configurations, cetera, responding like patching. So bringing in the right patch then will elaborate on this in a few minutes or recover resetting recreating systems, etcetera. All of these things are about unified endpoint management or when, when you flip sort of the perspective and it means without unified endpoint management, you definitely will massively struggle in implementing a comprehensive risk framework.
So you will have a pretty uninteresting, incomplete sandwich and so better go for the full sandwich. And that requires multiple technologies, but UAM is a very central one and instead is also a very central technology to the entire zero trust topic. So when we look at zero trust and we, we have, I think everyone of you has heard a lot about zero trust and trust today. I had a discussion about a little bit of zero trust, fatigue, and, and I said, you know, I think the point is that zero trust fatigue, the point is we must go more to act level. So how do we really make it work? And this is I think the point I I'd like to talk a little bit about it. And clearly action in two minutes is big promise. But what, what we need to understand is it's paradigm zero trust.
It is a element which has a couple of technologies, identity management, em, which are important. It starts with the user. It's good to get, to get equip. The device is more difficult. We know. So if it's not your own corporate own device, things get more complicated, but also they are solutions. And we need to manage device because right here on this side, the left hand side of this graphic, this is the front door. This is where techers tend to come in. We have to network how to control these days. Where are your users sitting in the age of work from home? Which networks are they using? But the systems and applications are clearly, again, are something and the data as well and data micro side of the endpoint. It might reside essentially all of these things we need to look at, but when it's about a device, this is the point I want to make.
Then it's about unified endpoint management. So if you want to, to start your journey or continue your journey towards zero trust, and it is about understanding which technologies you need, which set of technologies, which deliver value, which fits to the zero trust idea of having that trusted component, but something which helps you in verification and building trust and unified endpoint management helps you. It helps you understanding what do you have? What is the status? Can I trust it? What you need, what do I need to do? And then also actually fixing things when things go wrong. So when do we look at, how can we remediate the, the security challenges that come, or that are associated with the end point, and then, and when we move forward to, to zero trust, then, then we need to think about how to better manage how to better protect the end point. So that is my story for today.
I have another poll here, and that is, that is what I'm, I'm really curious about because I, I, I feel from, from all I see and hear from, from the outer space, so to speak that still a lot of organizations struggle with the asset management piece. So having something in place, which gives them a state of insight into the endpoints. That's my question today for endpoints. Clearly it goes beyond that is about insight into everything. You have, the cloud services, the infrastructure service, your data senses that are having the insight and knowing what is going on, what is state, what do you have because only we only can protect what we know. So the question to you, Paul, do you have a central repository and asset management in place that gives you insight into the state of all endpoints? Yes or no. Another 10 seconds and please respond. Okay. We can close. Thank you very much for, for, for delivering your answers. And without that, and, and without further ado, let's head over to Dan and make them the presenter of today. Dan, welcome.
Thank you very much, Martin. I very much enjoyed your, your presentation. The whole, the risk sandwich I think is extremely relevant and it's actually quite new thinking. I think for many people, you know, many security teams focus strictly on, on endpoint protection, for example, and, and, you know, the latest kind of shiny object, whether it's EDR or whatever. And they kind of forget the old tried and true methods of you need to patch. You need to close all the doors and windows. So the criminals can't get in. And I think your, your risk sandwich model and, and the zero trust model are extremely relevant in with today's problem. Wanna extend that conversation? Cause we all know there's, there's vulnerabilities that exist in the marketplace, in, in any enterprise and many times there's great visibility into those as well, but the enterprise is struggle to get them remediated, to get them patched.
This is really a, a universal challenge surveys of, of over 300 enterprises show that nearly a third of all, detective vulnerabilities remain open after a year and a quarter are never remediated. Only 10% of organizations address all open vulnerabilities within a year of discovery and security leaders are really not confident that they're they're remediating vulnerabilities quickly. Many times is due to, you know, silos and things like that. I'll get into that. The causes here in, in a moment, and then 60% have had a, some kind of data breach for, for a, that was caused by a vulnerability that, or a patch was even available. This is a huge problem you you've heard of in many, many cases of data breaches, you know, in the us Equifax data breach, which exposed over a hundred million, you know, critical personal information to, to, to attackers is this discipline example.
Another one right now is log four, J you probably heard of this, you know, December 9th, this was made aware it's, it's a massive vulnerability in a common Apache Java application that is built into thousands of enterprise applications. It's a logging function. It simply logic to log processes and actions that are happening in application. So very broad deployment of this vulnerability, very easy for an attacker to get at, get at it without authentication. It was first reported in December 9th. There was, you know, literally thousands of exploits for second happening. It, it achieved the very rare 10 out of 10 score as a CVSs score is hardly ever happens because of the severity of this and the prevalence. You know, the FTC is just a government federal trade commission can as a legal authority pursue companies that that don't take reasonable steps to mitigate this. There's also a lot of attacks, you know, and exploit is only, is only used as part of a broader attack, whether it's ransomware or stealing personal information or whatever, but here's just some of the big brand name attacks, you know, ransomware families, Trojans, reverse bash shell, these particular attacks or threat families that around for a long time, they're now have implemented lawn Boche exploits, which make it makes it easier for these, these attacks to work.
So this is a big problem and really illustrated of the challenge happening, cuz log the answer to log four J is very simple. It's patching, patching, patching, and products like big fix. My product is, is essential to dealing with things like log four J and just vulnerabilities in general before, during and after the attack, why is this happening? Why is this big problem with, with all this? And, and so for example, there's, you know, there's the sheer volume of vulnerabilities. Many of our customers have, you know, millions, one customer has 6 million running vulnerabilities across all our enterprise applications across servers and, and client devices and so forth. Ineffective prioritization of those vulnerabilities is also a problem. When you have a huge volume, you have to make choices. And it's, it's very difficult to have prioritization on what's most important around our critical assets and so forth.
Patching is hard. It can break and disrupt systems. There'll be downtime, service disruption, which if you're running, you know, simple as email server or web application, you know, you don't wanna bring those down unless you absolutely have to. It operations is usually different than the security team and you think they would all be in one, one set of goals. But many times the security team is finding things, you know, in the case of Equifax, they found the Apache stress vulnerability. And for whatever reason, the it operations team didn't patch it and the results were catastrophic. And as we all know, resource constraints as well that everyone doesn't have enough people or time or skills, and this, this makes the problem more acute. So how does this look in real life? So, so when security Analyst scans the network using, you know, vulnerability management tools, he's, he's finding, you know, scans, they take a long time, there's a lot of data they'll send over spreadsheets over to it, operations.
And then the work really starts. You have different teams with different platforms, whether it's windows or Linux or servers or cloud researching each vulnerability one a time to find the right, the right patch to, to deal with those. And many times there's a, a later patch that consolidates me and the other patchs you have to find those. And, and you can take, we regularly have organizations that we work with that are taking 20 to a hundred hours a month to, to deal with this. Then once the, the, the patches have been been defined, then you have to create the, the fixes, the, the actual implementation of the fix to go out and patch those servers schedule and so forth. And this can take weeks or months to do so this is really an untenable situation this whole time from left to right here, you're vulnerable, vulnerable, some attacks, especially at zero bay attack.
Like we see with log four J. Now what we've done with, with HCL big fix our product was, is input management solution UEM. And other solution is that we've taken in by integrating directly with the security Analyst, using tools that callus and tenable to directly bring in those, the scan information to review and prioritize patch actions to correlate with four different engines. The, the, the vulnerability found with the right patch automatically create, we call fix list, which is the automation and patching package that goes out deploying mediate. So we basically reduces that from weeks or months to minutes and hours. So it's much less effort. There's fewer errors. We didn't even didn't mention that. But up here in this upper process, it's very error pro. Especially if you have less skilled people, we can make mistakes. And so by automating that with our intelligent automation and big fix, we can, we can create fewer errors and this, but the main goal of lowering risk by reducing that meantime to remediation you lowered your risk.
So here's a little bit of view on this with, for example, with our, our partner tenable, you can see that scan information, oops, sorry. Scan information comes in. All the APIs it's automated into big fixed insights, which is our data analytics platform. We, we compare that with available fixed packages. We go through our four patch, correlation engines to, you know, identify the right IP with the right software, etcetera. Then we have a great prioritization engine via dashboard that allows the administrator make choices about what's gonna happen first. So we create this radiation, our, our baselines and fix lists, and then it, we deploy those. So what, what this actually does is, you know, if you look at, you know, two minutes of work for vulnerability processing, a thousand vulnerability, that's actually pretty aggressive, pretty quick, based on a lot of is different, different vulnerability, more complicated to, to research, yeah.
Say 33 hours with that same 1000 with this method, we really reduced that to minutes. And so this has been a large unsolved problem in it. And the response from our customers has just been tremendous to this. Let me show an example what that, what that prioritization looks like. So here's one of several dashboards that you can, you can view, you can see your top five vulnerable devices. So you probably wanna address those first and also import different priority grading methodologies. This one is the 10 vulnerability priority grading. We also bring in their asset criticality, which, which allows you to prioritize by the criticality asset, cause you have sense information, critical database of information. So, and then there's their cyber risk exposure rating as well, but also include the CVSs, which is a standard rating capability. So you go, you can go in and drill into any of these, including this lower chart, which allows you to see, you know, fix list by date published.
So if you've got a critical high severity vulnerability that has been out for a long time, you've got, say 6,000 instances of that. That's probably something you want to go address pretty quickly. We find this in our new customers. Once we come in and discover their devices, discover their vulnerabilities. And it's just, it's very eye opening to actually see where your vulnerabilities are and now it operations can work to clear these up. So this, this chart is very clear from left to right? And, and your organization is in a much better posture and you can, and you can really support that. The second column of the zero trust model that Martin was talking about, which is making sure all your devices are patched. And it's actually the first addressing the first part of the model of, you know, of addressing your security posture before, during, after the attack.
This is all about the before part. So with this, you know, this four intelligent automation engines that we, that we use to speed vulnerability mediation occur at the endpoint ID with tenable core, the vulnerability to one of our big fix fix list. We identify the superseded patch, the latest superseded remediation, which is very, this is probably the most secret sauce of what we got easy AI methods to make sure that the right patch is recommended. And then we correlate the big fix endpoint of the latest lets fix it, no additional agent, no performance impact to the user or the server. And with we cover more operating systems than any other similar product to nearly a hundred different operating systems of variations across munix and, and any other, any other platforms this a little bit on, on what big fix does overall, you know, we're a leading endpoint management platform.
We play in UEM unified endpoint management, which typically in the Analyst community is, is, is talked about really as clients, you know, employee devices, big fix does this much more than we, we manage, you know, servers cloud as well as mobile devices and client devices as well. First and foremost, I think, you know, Martin described it really well. You have to know where your devices are. You have to know what's out there. So discovery is extremely important. We also have a hard software inventory capability with our big fix inventory product. So you can, you can interrogate and manage the licenses for over hundred thousand of software times. Big fix is a, is a, and is heart and automation platform. You can automate distribution automate the hardening that's that, you know, phase one of before, during and after the attack, patching compliance, reporting and so forth, you can then manage, you know, any device, every device, desktop server, cloud mobile.
We have end user self-service capabilities for distributing software. We without desktop control, which is an essential part of M any power management, but also integrate with 12 over, over 12 different market leading products like ServiceNow for I TSM tenable, qu Q and vulnerability remediation, really the, sort of the capstone of our more recent developments where we can correlate these vulnerabilities from the industry, leading vulnerability management solutions, and really close that gap and reduce your tax surface faster than any other methodology probability also have extensive compliance reporting, you know, PCI CIS, which is broadly used. And we have this unique ability to eliminate configuration drift with what we call continuous compliance. The intelligence of the compliance standard in your patch policies is stored at the end point. So then that, that becomes enforced no matter, regardless of the communication channel, back to the manage console, other systems require a callback, but now in this case, if you've got an endpoint user, you know, mobile user who tries to, you know, disable endpoint AV or protection and continuous compliance with big fix will push it back, turn it back on and reset those setting to so forth.
And finally we have our open data analytics platform, which we call big fix insights, which does largely do historical training reporting and, and integrate data from across your enterprise. Any other system, we can put this data together. And actually the, the last chart I showed you was, was an example of that with the insights, vulnerability remediation prioritization. So the big fix team could help, you know, visit big fix.com. You can schedule a download, big fix or insights for vulner mediation. We can really help you quantify your current remediation and how we can reduce that and understand your risk of critical and vulnerabilities. So that's all I had Martin, and maybe we can go back and let's answer some questions.
Okay, great. I'm happy to receive answers from the audience. So again, the call to action. So to speak to everyone in the audience to, to raise your questions, then take your, your talk. I think one, one of the things such as interesting, you answered most of my questions I had anyway, I think we, we should up some points again. And one is you brought up this sample of look for three and as we all probably have learned, look Forche is something which is sitting very deep down in the system. In some ways it's just a library, which is used by software components. Yes. And so it's very interesting question to, to me is do you detect sort of out of the box device, by default to that level of detail is something you need to configure so that, you know, okay. Here's lock for trade here's it's lock for J so how do you tackle such a charge?
Yes, it's a very good question. And we do detect it in several ways. One is we detect the service, the service running. We detect the service on disc. We typically if it's called log JCS, but we also detected based on just the binary footprint and binary signature, we've also, we have an extensive methodology for our customers and even incorporate some open source tools that can fill some of the gaps that every other product has. For example, we use the log Presso scanner for, for scanning deep into jar files and other types of storage files that are just sitting on discs, but they have long four J vulnerabilities looking in them. So if you visit big things.com right on the homepage, there's a log four J remediation center, which has lots of resources, which show how you can discover, mitigate and remediate these solutions. Now with, with this case, many, since so many, you know, packaged software offerings from manufacturers have embedded log four, J you really have to wait for them to rebuild their entire stack, including the, the newest version of log four J which does not have the ability. And so we, we stand ready when those, when those new packages are ready, we deliver those to our customers. Usually within 24 hours in encapsulating, a fixer, we manage over 500,000 different fix for various things. Live four J is top of mind. So we are delivering those patches for, for key software as they become available. So it's a, it's really a all hands on deck, but really, really feeds into the whole notion of addressing before, after.
Okay. Then you already started answering maybe my next question. My follow up question would have been, so, so how do you deal? Don't you take, look for chase. So, okay. There was the problem identified then there was the first, another, another, so on plus all the patches of software, which depends lot for chain. So we had at various levels, quite a number of patches in the last couple of weeks. And we are by far at the end of, of this patching journey. So it also means that there might be okay, I need to patch that and I can that, or I have dependencies you also product this term of superseded. I think it was recommendations. Maybe you can, can talk a little bit more about how you deal with these scenarios, where one patch, so to speak follows the other.
Yeah, that's a really good question. And, you know, as you, one of the things that anybody can do is you can go look at a particular vulnerability. Particular is CDSS and there'll be a link to, to a minor or Microsoft notation and it'll show you, okay, here's a patch that deals with that CVSs, but what's not spoken of is there's usually a patch that came out later, especially for older ones that actually combine patches for several things, for a particular piece of software. That's what we call the superseded patch. And it's not always obvious based on literature available to a researcher to a security or it operations person on what that superseded patch is. And that's some of the magic that our research teams do is when a per particular, particular vulnerability that may have occurred, you know, a year and a half ago, there's probably a better patch than the original one that was recommended. So hopefully that answers your question.
Yeah. That, that answers the question. So, so, so what you're saying is also you are helping with, with your team, you're helping the customer so that by guiding them to what, to apply, which patches to apply and doing this very, very fast so that people can, can patch more or less, right. When the patch is available, so to speak and they, they are guided in using the right patch.
Yes. Yes. And, and, you know, that's just one of the four correlation engines. It's, it's quite tedious to actually, cause you gotta pick a vulnerability management tool, like quality tenable is gonna say, oh, this IP address with this software has this vulnerability. Well, you bring that into it. Operations, you have to say, okay, well, based on my systems, what, which system is that, which software is that? And you have to correlate those two that's quite difficult and especially for a lot of vulnerabilities. And so then you have to associate the right patch to like fix it, which is our automation script that does many things, including patch, you know, and the restart and everything else. So there's, there's a lot to it. I think people that generally don't realize the, the severe work involved in it, operations and actually patching critical, especially survey based systems where you may have to reboot the system and are, and are complex, you know, stacks of, of operating system and software and networking and so forth. So yeah, it's, it's a big job.
Got it. Got, got it. You just mentioned tenable and you also talked about a few other integrations you have out of the box. What, what I'm also curious about is understanding. So, so you mentioned some of the out of the box decorations. Maybe you also can elaborate a little bit on the, the way you do that, the types of APIs, the way you integrate with others. Because as we all know, aside of what you deliver out of the box, there are dozens of different security tools, a number of different it, service management tools, it solutions, et cetera, to integrate with. And probably every, every customer environment looks a little different. So there might be integration needs beyond what is supported out of the box.
Yes, absolutely. And because every, every enterprise has an ecosystem of products and, and today, if, if the products are not integrated, there's maybe discussing passive spreadsheets. There's a lot of manual work, a lot of errors. And by, by integration using APIs, you can automatically exchange information. Let's say the case of obtainable Analyst we're using APIs to, to bring in and, and initiate these correlation engines automatically. So all that work is handled behind the scenes using essentially, which is artificial intelligence to, to make the process much, much more quick in the case of another integration, which is very popular, is our integration with ServiceNow for it, service management. Yes. And so there's a, a function in those they call CMDB, which is how the services team will inventory. What exists on an endpoint software, hardware setting, CPU settings, you know, is it, is it, is it under warranty, those types of things. And we have an integration with that where we automatically provide extensive levels of information about an endpoint because of our position on the endpoint to CMDB, that just gives a much richer set of knowledge to the, to the services manager who may be trying to do some service particular client or a server. So that's, that's another example of how, how integration dramatically speeds the effectiveness of it organizations.
Okay. Maybe used the opportunity to look at, at the pulse. And I bring up the results from, from the first first poll we did. That was the question about Western is a central solution for managing endpoint in place. And, and it's interesting that, so, so roughly one out of four answer vs. We have one central solution and approximately the same amount of participants said, no, we don't have any. And then the rest a little bit more than half says, oh, we have a couple of solutions in place. And I, I think this is an interesting perspective on, on the state of still of the, of organizations showing to my, my perspective that there's strong need to make progress in that, because again, my, my simple perspective is what you don't know, you can't manage, you can't fix you. Can't secure. So the knowledge about what is in our, it is to my perspective, essential for everything else. And clearly knowledge is part of managing, managing is also important because we have all these endpoints and the world doesn't get simpler. What's your take on that then?
Absolutely. That, that research is fascinating. It doesn't surprise me a whole lot that people have, the majority of people have multiple systems because that's what they had to do when, when it groups had to manage end user mobile phones, you know, iOS and Android, the only thing they do, they had to buy a special separate system to do that when they needed to deploy software to laptops, they had another system, especially max, they have another, another product they have to buy through that. When they're managing your servers, they have multiple different pockets of management. A cloud brings in a whole set of other very specific tools that are specific to AWS, different tools for Azure different tools for Google cloud. And it's just a mess. It's, it's it's air prone. It takes too many people. It costs too much. And so the whole concept of unified endpoint management, really, I think one of the key goals is to simplify consolidated tools and have single processes.
And, and we have the problem that we anyway have too many tools specifically around security. And that's really hard to manage all the, to manage integrations. Clearly, I, I think this is the situation of when we go back to when, when enterprise mobility management emerged many years ago, there was not much support from the back of the day, the client life cycle solutions. So there was a new problem, new solutions appeared and the challenges, I, I believe that sometimes it's important to do that, but I think we should always be aware, can this be a strategic solution or do we, from the very beginning, consider it as something tactical until sort of the, the central solutions also included also integrated, also delivered to that. And I remember I wrote a blog post back then and said, yes, the other predictions that the enterprise mobility management will grow massively, but should this market really grow massively or should it become integrated? And at the end, I think time proved me, right? Most of the solutions became integrated because it just makes more sense.
I couldn't read more that, you know, watching this, that the tools mature and evolve over time, it was hard to predict what would, what would happen. And I think, you know, big fix, we have a bit of a different approach because we'd extended big fix to manage mobile devices just last year. So we managed iOS and a Android from a single console. So we've come from the area of the traditional patching, patching servers, patching endpoint, you know, workstations and laptops. And so managing mobile devices was a natural extension of our, of our platform. And so we're yeah, go ahead.
No, fine. I think we have another question here from the audience. Other questions, do you offer any kind of draining for your software?
Very cool. Absolutely. Absolutely. Actually it's free. If you visit big fix.com, there is a big fix 1 0 1 and, and several other levels of class, they fill up quite quickly because we have a limited, limited attendees allowed, but please visit big fix.com. Look for the training, pull down link and it's available and free.
Okay, great. Okay. I think there are no further questions. So I think it's time to say thank you. Thank you to you, Dan, for you. Very insightful presentation and, and the conversation afterwards. Thank you to all of, all of everyone who's joining has joined a webinar or who will listen to the podcast of this webinar later on. Thank you very much. Hope to see you soon in one of our next webinars or at our European identity conference or some of the other events. So thank you very much and talk to you soon again. Bye.
Thank you, Martin. And thanks to the attendees.
Stay Connected
Related Videos
How can we help you