Enable Blind Spot Detection with BCM

WannaCry

By Dick Stark

Last week RightStar presented a live webcast, “Securing Your IT Assets Using BCM.” We discussed how BMC Client Management (BCM) can help easily secure your technology endpoints, maintain software compliance, and keep data safe from outages and viruses such as malware.

I just finished a terrific new book, American, Kingpin, by Nick Bilton. It is the story of Texas born Eagle Scout, Ross Ulbricht, who began the first Dark Web website to sell any and all things illegal such as drugs, guns, and malware. Known as the Silk Road, the website soon became the Amazon of the underworld with sales of nearly $1B by the time it site was shut down by the FBI. Since there is no honor among thieves, Ross had regular fights with hackers, many who demanded large ransom payments to unlock servers or stop attacks. Since Ross was a businessman he soon learned that it was far better to pay the ransom and restore service, rather than fight.

About two months ago, the largest malware attack ever was launched, infecting more than 200,000 computers. Known as WannaCry, it targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin (about $300 to $600 per machine).

The virus spread through a Microsoft vulnerability in its operating system that the NSA first discovered but used it to create an exploit for its own offensive work, rather than report it to Microsoft. Microsoft discovered and fixed this on March 14, 2017 and released patches for all Windows versions at that time. However, many Windows users had not installed the patches two months later when WannaCry was released. In both of the above examples, having BCM enabled would have allowed the organizations that were impacted to have either previously patched the machines, or at a minimum, detect the blind spots and patch accordingly.

BCM, formerly FootPrints Asset Core, is tightly integrated with both FootPrints and Remedyforce. It provides a single unified console to centralize the lifecycle management of all client devices, audit their hardware and software inventory, push patches, and deploy software to them whether they’re on a LAN or over the Internet. Modules include: Software License, Event, Financial Asset, Power, and Device management.

During the webinar, we discussed Patch Management and Policy Compliance (Audit). The level of effort for BCM Patch is significantly less than Microsoft SCCM, and more like WSUS, Windows Server Update Services, a Microsoft program that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products in a corporate environment. (BCM Patch works for lots of different products such as Mac and Linux.)

A big problem is keeping software titles up to date with the latest version. Patching does not guarantee the software is updated to the latest full version. BCM quickly can group all devices needing latest release updates and deploy to ensure compliance and security.

Of course, BCM comes with an Audit or Compliance module to ensure that customers are well prepared for PCI, SOX, HIPPA and other compliance audits. BCM even supports SCAP, a multi-purpose framework of specifications that supports automated configuration, vulnerability and patch checking, and security measurement.

Advertisements

About dick1stark

I am the President, CEO, and founder of RightStar Systems, a leading IT consultancy and BMC Software Solution Provider and Atlassian Expert Partner. My passion is customer success—whether it’s reducing the cost of service management, improving overall efficiency, or increasing end-user or employee satisfaction. Since founding RightStar in 2003, RightStar has made the INC 5000 list four times. In 2011, RightStar was awarded the prestigious National Capital Business Ethics Award (NCBEA) by the Society of Financial Service Professionals based upon RightStar’s foundation of honesty, ethics, and integrity. And in 2014, RightStar was selected by Forrester Research as one of 13 North American companies profiled in its ITSM Consultancy Wave Report. Finally, in 2016, BMC selected RightStar as its 2015 Supplier of the Year for its consulting partnership and excellence in service delivery. Dick is a graduate of Stanford University and a Project Management Professional (PMP).
This entry was posted in BMC, Digital Engerprise Management (DEM, FootPrints, ITSM, RemedyForce, Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s