View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
January 22, 2006

BigFix launches first CVSS primed security suite

One of the first data security products to make use of the emerging Common Vulnerability Scoring System will be launched later today in the shape of a new vulnerability management product bundle from the enterprise security configuration management vendor BigFix Inc.

By CBR Staff Writer

The BigFix Vulnerability and Configuration Management Suite is designed to assist administrators prioritize fixes, patches, and other remedial actions according to a view of an asset’s criticality to their business. It will provide vulnerability severity information as defined by the Common Vulnerability Scoring System, CVSS, for operating system, configuration, and application vulnerabilities on Windows, Sun Solaris, and Red Hat Linux computers, the company said.

The CVSS promises to transform the way in which network threats are evaluated and dealt with, in the way that the common rating system it provides makes for a framework against which enterprises can start to prioritize their patch routines. Currently, the lack of a common scoring system has security teams worldwide trying to solve the same problems with little or no coordination, and often without any clear view of what patch is urgent and which fix can wait.

Various metrics and formulas have been baked into CVSS that help gauge the impact of an attack or vulnerability on systems availability, the affects on data confidentiality and integrity, as well as the vulnerability’s exploitability and potential for collateral damage. It also lets organizations input site-specific information that will provide security administrators with a risk score customized to an organization and to the peculiarities of its operating environment.

Colin Gray, VP and MD, EMEA said the system uses CVSS, but does not rely on it solely as a means of assessing a vulnerability rating. The system also uses NIST lists [National Institute of Standards and Technology], vulnerabilities identified by the SANS Institute, the US military-derived Open Vulnerabilities and Assessment Language board, and the system vendors themselves to establish a rating.

Gray said the suite had come about through the integration and enhancement of existing products found in the BigFix Enterprise Suite, bringing them into a fully bundled set that had been tightly integrated for automated patch management, vulnerability management, asset discovery, end-point security, and network access control. It’s what our customers have been asking for: a product set that will optimize remediation, he said.

The new suite will compete in the market with the likes of FoundStone, EndCircle, and EI. What makes the BigFix vulnerability management set unique is that it is said to be capable of remediating flaws almost instantly, so taking pressure off the helpdesk. The agents we use run in real time on the end point device, allowing the system to continually assess the attributes of managed server, desktop, or laptop devices, Gray said. So, for instance, if a patch becomes corrupted or is de-installed by an end-user, the system will automatically detect that and redeploy it.

Last month the Emeryville, California-based vendor closed a fifth round $8.4m venture capital funding deal, bringing total VC investment in the company to $26.4m since it opened for business in 1997. In the patch-management space, BigFix competes against Shavlik Technologies and PatchLink Corp. The company also rivals Altiris and LANDesk in the change management space, and goes up against HP/Marimba, CA Unicenter, and Microsoft SMS in the broader systems management space.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The new Vulnerability and Configuration Management Suite will retail at around $45 per client per year. It offers current support for Cisco Network Admission Control, Sygate, Zone, InfoExpress, Cyber Armour, and SenForce, and should include Microsoft Network Access Protection later this year, the vendor has promised.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.