September 28, 2009 13:31 ET

SANS and IBM Identify Unpatched Client-Side Application Software as Top Enterprise IT Security Issue

Studies Validate Positioning of BigFix's Enterprise Scale, Multi-OS, Multi-Application Asset Discovery, Patch & Vulnerability Management Solution

EMERYVILLE, CA--(Marketwire - September 28, 2009) -

News Facts

-- The SANS Institute September report, "The Top Cyber Security Risks" has rocked the IT security world by stating that neglecting the fundamentals of prompt and thorough patch and management for client-side application software poses the highest priority threat to the integrity of enterprise information security.

-- According to SANS, large organizations typically take at least twice as long to patch client-side vulnerabilities compared to patching operating system vulnerabilities. From this, SANS concludes, "The highest priority risk is getting less attention than the lower priority risk."

-- The IBM X-Force Mid Year Trend and Risk Report, reconfirms points made in the SANS report, describing how hackers launch increasingly sophisticated blended threats to target data they can monetize immediately.

-- Both studies validate BigFix's approach to security and vulnerability management processes -- the need to provide customers with a consolidated, single-pane-of-glass approach to address the complete asset discovery, vulnerability assessment and remediation lifecycle across heterogeneous, widely distributed enterprise IT infrastructures.

-- BigFix Security and Vulnerability Management offers enterprise customers unrivaled ability to quickly close windows of vulnerability against Internet-borne and other types of threats.

Background and Context

-- The rising volume and increasing sophistication of Internet-borne attacks on enterprise information technology infrastructures has outpaced the abilities of one-tool-per-threat approaches to IT security in providing effective protection.

-- The application problem is complicated by the fact that enterprise computers may run a wide variety of applications from many vendors. Not only is it imperative that IT departments learn of new threats to their environments early in an "epidemic," but they also must access remediation content quickly, identify vulnerable assets, and install patches and updates promptly.

-- BigFix has gained recognition as being ahead of the curve in understanding the security configuration management crisis and evangelizing the enterprise IT community to reassess and reinforce the fundamentals of information security: real-time visibility into IT asset bases, fast and thorough remediation of vulnerabilities, ability to project this visibility and control across widely heterogeneous environments from 100s to 100,000s of endpoints.

-- Recent BigFix contributions to the industry knowledge base on this subject include several Beyond the Perimeter Podcasts, in particular, Episode 50: "Information Security and the Application Stack," with BigFix CTO Amrit Williams and Adobe Systems director of security and privacy Brad Arkin. BigFix has also recorded a SANS Tool Talk, "Staying Ahead of the Latest Endpoint Security Threats" featuring BigFix senior director of product marketing Sandy Hawke and IBM Internet Security Systems director of marketing Mark Zadelhoff.

Supporting Quotes

Amrit Williams, Beyond the Perimeter host and BigFix CTO, said, "While it's not always the sexiest side of security, patch management is one of the most critical aspects of an organization's overall security program. Unfortunately, despite vendors working diligently to combat vulnerabilities with patches and enterprises incorporating them, those efforts are often in vain because the end user doesn't apply it. These days, leaving patch installation in the end users hand is as safe and effective as installing a top-of-the-line security system at a bank but leaving open the vault door."

Information Resources

--  "The Top Security Risks," published by the SANS Institute, September
--  IBM X-Force Mid Year Trend and Risk Report,
--  SANS Tool Talk: Staying Ahead of the Latest Endpoint Security Threats
--  Beyond the Perimeter Episode 50: "Information Security and the
    Application Stack,"
--  Beyond the Perimeter Podcast Series landing page,
--  BigFix Security Configuration and Vulnerability Management product

About BigFix

Founded in 1997, the BigFix®, Inc. solutions support a global portfolio of A-list organizations in government, finance, retail, educational, industrial and public utility sectors. BigFix revolutionizes IT infrastructure management by replacing fragmented collections of single-purpose tools with the industry's only unified visibility and control architecture that consolidates up to 18 security, IT compliance, decision support, and green computing functions. For more information, visit, follow BigFix on Twitter @BigFix, or stay in touch on the BigFix Facebook page,

© 2009 BigFix, Inc. All rights reserved. All company and product names mentioned herein may be trademarks of their respective companies.

Contact Information

  • Nicole Colwell
    Citigate Cunningham for BigFix, Inc.
    Email Contact