BigFix adds security to patch product

Patch-management vendor BigFix last week unveiled software for servers and desktops to let customers perform a range of security tasks, including asset discovery and policy-based access control and endpoint security.

The software, called the Vulnerability and Security Configuration Management Suite, is designed to work with the BigFix Enterprise Suite used for patch management, so customers can add the new functions to the BigFix agent software they may already have.

The integration of security functions such as asset discovery and endpoint security configuration into the single BigFix agent is a better approach than using multiple agents, as some competitors, such as Altiris or LANDesk, may do, says Greg Toto, vice president of BigFix product management.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Patch-management vendor BigFix last week unveiled software for servers and desktops to let customers perform a range of security tasks, including asset discovery and policy-based access control and endpoint security.

The software, called the Vulnerability and Security Configuration Management Suite, is designed to work with the BigFix Enterprise Suite used for patch management, so customers can add the new functions to the BigFix agent software they may already have.

The integration of security functions such as asset discovery and endpoint security configuration into the single BigFix agent is a better approach than using multiple agents, as some competitors, such as Altiris or LANDesk, may do, says Greg Toto, vice president of BigFix product management.

However, Burton Group analyst Eric Maiwald says the argument also can be made that with a single agent, not only are you locking yourself into one vendor but also "everything is shot" if that single agent on a machine happens to fail for any reason. That said, he notes there is a trend toward agent consolidation among vendors whose products are agent-based.

BigFix's Vulnerability and Security Configuration Management Suite enables asset discovery by designating any computer running the agent software to scan a corporate network environment and report back on the assets.

The vulnerability-management agent also can be used for desktop and mobile-computer physical security by disabling the use of USB ports, removable disks, CD readers, and serial and parallel devices.

The BigFix vulnerabilitymanagement software will identify holes and misconfigurations, and carry out remediation under the control of a central console. The management tool can prioritize remediation based on a network manager's view of a computer's importance.

Ted Kieffer, manager of systems security architecture at Countrywide Financial in Calabasas, Calif., says the mortgage and insurance firm uses the BigFix patch-management system for its network of 65,000 desktops and servers. Kieffer says he plans to use the asset-discovery functions in the BigFix vulnerability-management suite.

"BigFix is gracefully marrying all those pieces," Kieffer says about the unified agent. He adds, however, that he doesn't depend on a single vendor to address the wide range of vulnerability-management requirements in the large organization. CA, McAfee and start-up Determina also figure into Countrywide's strategy to protect computer resources.

BigFix competes against BMC Software, CA, HP, IBM and St. Bernard Software.

BigFix's Vulnerability and Security Configuration Management Suite starts at $45 per agent, per year.

Read more about security in Network World's Security section.