1.27k likes | 2.84k Views
BigFix Overview. Who is BigFix?. BigFix is a leading provider of high-performance security and systems management softwar e for enterprises and service providers. Key Company Facts. Private, venture backed, company based in Emeryville, CA 700+ customers, 7M+ devices under management
E N D
Who is BigFix? BigFix is a leading provider of high-performance security and systems management software for enterprises and service providers Key Company Facts • Private, venture backed, company based in Emeryville, CA • 700+ customers, 7M+ devices under management • Particularly strong with large scale deployments (10,000+ devices) • 50%+ of bookings are channel related. Key partners include Trend Micro, HCL, Wipro, SAIC, Lockheed Martin, Fiberlink • Diversified across all major industry verticals • 2009 financial summary: • $70M bookings, 20% growth (normalized) • $52M revenues, 64% growth • $18M free cash flow • EOY headcount 204, up 36% *Normalized for one-time $8M MSP sale
What BigFix Offers The BigFix Unified Management Platform provides real-time visibility and control through a single infrastructure, single agent and single console
BigFix: A Visionary in PC Lifecycle Management and EndPoint Protection According to Gartner, BigFix: “offers strong endpoint protection security configuration assessment capabilities, as well as tight integration among various modules through the BigFix Platform.” “is an excellent choice for organizations that are looking for very robust management of endpoints, integration of PCLCM capabilities, and the ability to manage endpoint security technologies from multiple vendors” Gartner End Point Protection Magic Quadrant PC Lifecycle Management Magic Quadrant According to Gartner, BigFix: • “has a strong reputation for its software distribution and patch management capabilities” • “receives high marks from customers on its ability to scale and its efficient use of bandwidth.” 4
Proven Return in the Real World Plus, real-time visibility and granular control over every endpoint… 5
BigFix Systems Lifecycle Management Comprehensivesolutionfor end-to-end systems management which includes: Asset Discovery and Inventory Management Patch Management / Software Distribution Software Asset Management Power Management OS Deployment Remote Control Features and Benefits Dramatically reduced patch cycles and increased first-pass success rates Massive scalability and support for remote and intermittently connected devices Detection and resolution of corrupted patches Closed loop validation in real-time Multi-platform support (*nix, Win, Mac) Coverage for legacy platforms 6
BigFix Security Configuration & Vulnerability Management Comprehensivesolutionfor end-to-end security management which includes: Asset Discovery Patch Management Security Configuration Management Vulnerability Management Features and Benefits Continuous enforcement of security policies,regardless of network connection status Host-based vulnerability assessment withseverity scoring and a 99.9% accuracy rate Define and assess client compliance to securityconfiguration baselines SCAP certified for FDCC Heterogeneous platform support: Windows, UNI X, Linux, and Macintosh
BigFix Endpoint Protection Integrated Endpoint Protection modules include: Anti-Virus Anti-Malware Endpoint Firewall Web Protection Client Manager forEndpoint Protection Network Access Control (NAC) Features and Benefits Prevent infection, identity theft, data loss, network downtime, lost productivity, and compliance violations Eliminate security gap with real-time threat intelligence Achieve unparalleled visibility into complete enterprise protection Combine endpoint protection, security configuration, patch management, and systems lifecycle management tools 8
BigFix Power Management Features and Benefits Saves up to $50 per year per BigFix-managed device depending on local electricity costs and net energy savings achieve Centralized, policy-driven power management of distributed computers scalable from individual machines to entire global enterprises Fine-grained controls for hibernation/standby, subsystem-only shutdown, and save-work-before-shutdown options Wake-on-LAN support synchronizes systems maintenance processes with power conservation Opt-in programs encourage end-user participation as well as Wake-on-Web feature to allow for end-users to remotely connect and turn on their own systems BigFix Power Management allows IT organizations to enforce conservation policies across the enterprise, while providing granularity that enables application of those policies to a single computer.
BigFix Patch Management Features and Benefits Patch capabilities for multiple platforms: Windows, Linux, UNIX, Mac Coverage for a variety of software vendors, such as Adobe, Mozilla, RealNetworks, Apple, and Java Real-time reporting that provides information on which patches were deployed, when they were deployed, who deployed them, and to which endpoints Scalability—manage more than 250,000 endpoints from a single server No loss of functionality over low-bandwidth or globally distributed networks Patch KB123456 BigFix Patch Management is a comprehensive solution for delivering Microsoft, UNIX, Linux, and Mac patches, as well as third-party application patches, through a single console.
BigFix is Strategic for IBM and Tivoli • BigFix is Tivoli’s Strategic solution for Endpoint Management and Security Configuration Management • BigFix will replace products such as Tivoli Configuration Manager, Tivoli Provisioning Manager for Software and Tivoli Security Compliance Manager • BigFix does NOT replace Tivoli Provisioning Manager, our premier Data Center Automation solution • BigFix will become the Platform and shipping offering for an updated version of Proventia Desktop • BigFix content is being investigated for integration with other Tivoli and IBM products including Tivoli Provisioning Manager and IBM Systems Director • BigFix is completing testing within the IBM CIO Office to replace IBM’s Workstation Security Tool
Why Customers Choose BigFix RETAIL “BigFix simplifies processes and gives us fewer vendors to manage - saving money, reducing stress and improving the quality of service we can deliver to the organization.”.” Michael Schaefer Sr. Wide Area Network Analyst EDUCATION (K-12) “These $4.2M savings [from BigFix Power Management] are impressive, but they are just the beginning.” Tom Sims Director, Network Systems FINANCIAL SERVICES “It’s not a fair fight [between BigFix and the competition]”. The ability to solve multiple challenges by leveraging a multi-purpose agent, residing in a single console was ultimately the compelling reason for BGC to choose BigFix. Additionally, BigFix’s speed was another big consideration.”Chris Marino SVP of Global IT Procurement With BigFix, you can… • Discover 25-30% more assets than you realized you had • Patch 3500 computers at HQ in Alberta, Canada from a Starbucks in Palm Springs - within minutes • Distribute and install WinXP SP2 over 56K lines from Madison, WI to PCs in Kuala Lumpur - with zero impact to network QoS 12 Real-time visibility • Single agent sees all, does all Unprecedented scalability One server for > 250K endpoints Broad coverage Multi-platform, multi-purpose, on-network, off-network Rapid time-to-value Installs in hours, remediates in minutes
Tivoli Configuration Manager / Tivoli Provisioning Manger for Software Existing Customer Entitlement to BigFix Lifecycle Management Suite Tivoli Configuration Management Tivoli Provisioning Manager for Software Add-ons • DSS SAM (add-on) Entitlement • Inventory • Software Distribution • Patch Management/Service • Remote Control • Basic Asset Management • Operating System Deployment Core Unified Management Platform Standalone Patch Management Add-Ons or Standalone Power Management Platform Platform Add-ons • DSS SCM (add-on)* • Trend Protection Tools (add-on)* • Firewall ** • HIPS ** Security Management Suite Add-on Modules are not part of entitlement • Client Manager for Endpoint Protection • Patch Management • Security Configuration • Vulnerability Mgmt • Endpoint Protection Network Self Quarantine (via IPSec) Core Unified Management Platform 14
IBM’s strategic focus is to continuously enhance BigFix solution to provide heterogeneous endpoint management with converged security and lifecycle management • Lifecycle and Security Management across multiple end points –user roles with multiple devices • Delivers common, policy based lifecycle endpoint management across heterogeneous end point types • Automates tasks such as device configuration, software distribution, backup & restore, asset management, security management, migration and retirement • Endpoint lifecycle and security management is a critical component of end to end service management BigFix dramatically accelerates the execution of our endpoint strategy ! Endpoint Spectrum MOBILE ENDPOINT DESKTOP, LAPTOP, SERVER ENDPOINT PURPOSE SPECIFIC ENDPOINT 15 IBM Confidential
BigFix Platform Elements Single Server & Console • Highly secure, highly available • Aggregates data, analyzes & reports • Manages >250k endpoints • Single Intelligent Agent • Continuous self-assessment • Continuous Policy enforcement • Minimal system impact (<2% cpu) An existing BigFix managed asset can become a relay in minutes Powerful policy language (Fixlets) • Thousands of out-of-the-box policies • Best practices for ops and security • Simple custom policy authoring • Highly extensible / applicable across all platforms Virtual Infrastructure • Designate any BigFix agent a relay or scan point • Built-in redundancy • Leverage existing systems/ shared infrastructure
Intelligent Agent: Pervasive Real-time Visibility • Heterogeneous Platform Support (Managed Assets) • Windows NT SP6a/95/98/ME/2000/XP/2003/Vista/Windows 7/Windows 2008 (Incl. x86, x64 and Itanium) • Suse Linux (32 and 64-bit), Suse Linux Enterprise Desktop • Redhat Linux (32 and 64-bit) • Solaris (incl. Sparc and x86) • HPUX • IBM AIX • Mac OSX • VMWare ESX • IBM zLinux • Wyse Thinclients • Windows XPembedded, WePOS, and Embedded Standard 2009 • Windows Mobile 5 and 6, Windows CE • Unsupported but running in commercial environments; Debian, Ubuntu, and CentOS • Visibility into any IP enabled device through network scanning enabled in any BigFix managed asset (Unmanaged Assets)
BigFix Technology: The Fixlet • Fixlets are a key part of BigFix Architecture • Fixlets are a general purpose way to encapsulate: • Issue identification - Relevance • Description of an issue – HTML for users • How to solve it – Action • Examples • Fixlet to identify/fix if MS09-012 is needed • Fixlet to identify/fix if Adobe Acrobat isn’t installed • Fixlet to identify/fix if power settings aren’t right • Fixlet to identify/fix if AV isn’t running or updated
Fixlets • By decomposing problems into Fixlets, it makes it easy to identify, report, fix, manage issues • Fixlets are authored by BigFix or partners in Fixlet Sites • BigFix and partners offer thousands of Fixlets in dozens of Fixlet sites for many different areas: • Patching, security configs, inventory, app deployment, AV management, … • When BigFix publishes new Fixlets, they are distributed to all customer’s BigFix Servers within an hour • Customers can easily create their own Fixlets
Relevance Language • Custom made for managing endpoints • >100 faster than other solutions • Suitable for IT operations and Example Relevance Language vs WMI showing >100 faster execution
Sample Deployment Single Intelligent Agent • Performs multiple functions • Continuous self-assessment & policy enforcement • Minimal system impact (< 2% CPU) Single Server & Console • Highly secure, highly scalable • Aggregates data, analyzes & reports • Pushes out pre-defined/custom policies Lightweight, Robust Infrastructure • Use existing systems as Relays • Built-in redundancy • Support/secure roaming endpoints 22
Closed Loop Speed is Our Advantage Traditional Solutions BigFix Report Publish Report Publish Evaluate Evaluate Evaluate Enforce Decide Decide Enforce
Comparative Example: Application Upgrade Legacy software install policy BigFix is faster and simpler Build a query to identify targets Build a package, method, and task to describe the required action Build a report to return results Agents report their daily software inventory. The server re-calculates target lists from this inventory every hour. Each targeted agent downloads new policies every day and takes action. The next day, agents report software inventory with the new information. The server re-calculates target lists from this inventory every hour, removing the agents which installed the software. Administrators manually run reports to find out what happened when. It will take custom scripting in most tools. Use the software distribution wizard to describe the package and generate an action policy BigFix Agents continuously retrieve policies. BigFix Agents continuously assess the policies against the hosts. If upgrade is required, the Agents take action BigFix Console automatically reflects status in real-time BigFix shortens the policy enforcement loop from weeks to hours, with 95-99% first-pass success rates
BigFix: Content Based Delivery Model BigFix Content Sites Patch Power SCM Anti-Malware SW Dist. SW Asset Mgt. OS Prov. Other … Internet Description and Benefits • Applications are delivered via subscriptions to content (fixlet) sites (e.g., “cable box” or “iTunes” model) • Content flows to the BigFix server and through the infrastructure • No on-premise reinstall • Speed – distribution is automated • Rapid, easy testing / POC • Model is key to account expansion strategy / cross selling 25
Agent Side Integration BigFix can automate almost any task at scale • 3rd party integration Examples • Anti-malware • Application Virtualization • Encryption • Application Control • Fine-grained Device Control Single Intelligent Agent 3rd Party Applications BigFix Applications Asset Inventory Audit and Compliance Patch Management Software Distribution 3rd Party Agents / Engine • What else could BigFix do? • Run book automation • Application provisioning • File Integrity Monitoring • Application Performance Monitoring • Back-up and Recovery • Document Management • End User Experience Monitoring API or other BigFix Agent 26
IBM Custom Fixlets 1.6 Firewall Installation (many) 1.6 Firewall State (many) 1.6 Firewall Active (many) 1.5 Antivirus Installation (many) 1.5 Antivirus State (many) 1.1 Desktop Screensaver 1.5 Antivirus Updates (many) 1.1 Hard Disk Protection (2) 1.7 Prohibited P2P (2+) 1.1 Lotus Notes Encryption (2) 1.7 Anonymous Shares (2) 2.2 Password Age/Account Setting (5+) 1.8 Windows Service Packs 2.2 Password History (2) 1.8 Patching Baselines (many) 2.2 Password Length 2.2 SPI Encryption Windows 23 Controls Mac 19 Controls Linux 18 Controls Personal Workstation Security Harmful Code Firewalls ITCS 300 File Sharing Workstation Currency Protecting IBM Information
Datacenter Automation Provisioning Manager Networks Physical Servers Storage Virtual Servers BigFix Manages across application and resource RELATIONSHIPs: TPM preserves relationships as it manages: • clusters • groups • Integrated Virtual and physical • related applications and services Manages modern enterprise applications that have dependencies across servers, network storage (for example WebSphere Apps, SAP Deployments.) Integrates with processes for runbook automation capabilities Both Manage Servers Difference is HOW they manage Groups of Servers Performs basic operations on an individual data center server: Distribution of patches and SW on a data center server Lifecycle of Distributed Endpoints Manages INDIVIDUAL Endpoints: BigFix manages individual Endpoints (Desktops, Laptops, Servers) without ability to recognize related machines or dependencies. Manage an app on a server, but not a multi-server application across servers (for example Microsoft Word, Outlook, InfoPrint.) Servers Clients ATMs Laptops Cell phones 28 28
TPM manages ACROSS machines, understanding Application relationships TPM manages across related machines, understanding the relationships that make up an APPLICATION or BUSINESS Workflow TPM Example: WebSphere Applications; SAP deployments BigFix manages to individual machines, with NO knowledge or relationships OUTSIDE the machines BigFix Example: Microsoft Word, Outlook, InfoPrint,