KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Hello, my name is John Goki and I am here today to talk to you about managing every endpoint with HCL big fix of single solution and methodology for every device on your network. Now, including mobile. My name is John Golden BKI and I'm the global director of big fix technical advisors at, at HCL big fix. This covers our training team, our sales engineering team, our services team, our AVB team, and some field automation. So I get to, you know, deal with a lot of different parts of, of our software. So when I'm talking about managing every endpoint, that's a pretty big idea, right?
When we wanna manage it at scale, let's, let's get to the point where let's define this and go back to the basics and talk about what that looks like and what those that we wanna so managing. So when we talk about managing every endpoint, there's a few questions we should answer. The first is what is an endpoint? What do we need to manage in our environment? Where is an endpoint? Is it inside our network? Is it outside? Is it in a data center? Can it communicate a lot of little questions there, next up, what is endpoint management? And the last part is why is endpoint management necessary?
And I like to say, you know, why is endpoint management necessary? Why is good endpoint management necessary at scale? So we're gonna be talking about those items right now. So from an endpoint perspective, when you look at the way the endpoints were defined years and years ago, you know, it's usually just a device, a desktop computer, and everybody came into the office and everyone did their work. And then they went home and we had some servers in the back end. And it was a pretty easy time, even though we didn't think of it in terms of managing our it assets.
Now, an endpoint could be just about anything. It could be cloud devices reporting from anywhere. It could be ATMs, desktops, POS systems, servers, tablets, workstations, and these are critical endpoints within your environment. And they represent a key area of vulnerability for your business and could be an easy potential entry point for cyber criminals.
Through endpoints, attackers may execute code and exploit vulnerabilities on and with our assets today, the workforce is more mobile than ever, as you can see with employees connecting to internal networks from outside the office and from endpoints anywhere in the world.
So when we're talking anywhere in the world, if we, if we rewind back 10 to 15 years, the common answers for where is an endpoint, well, they're in the data center, they're in our headquarters, they're in our remote office or they're at a customer site common now anywhere, literally anywhere an endpoint can be anywhere on the face of the earth, or, I mean, when you're even thinking in terms of all these space missions and satellites and whatnot, they could be all the way out there in space.
So the idea of where the endpoint is, we don't necessarily have a, a castle, so to speak anymore where we put all of our, you know, crown jewels, so to speak inside of those castle walls, inside of that moat inside of our defenses. So what does this really mean?
Well, when an end, point's out there at the mall or a hotel or someone's home or at a football match, that is the perimeter of your network and the data stored on that endpoint is something that you have. So what is endpoint management? I just kind of talked about it there, but endpoint management is the practice of managing an organization's endpoint devices, many, many products profess to do this and do this well, I would say that with big fix you're, you're looking at one of the, the tool sets out there that does this at scale very, very well makes endpoint management look very simplified.
So why do endpoint management? Well, we need to create a safe environment that is secure, stable, and meets the business needs while balancing end user experience. And then that next question of why is endpoint management necessary to well at school?
Well, all vulnerabilities after a vulnerability has been out there for almost a year. It should have already been patched. The second of the patch comes out or within that patch window. When you look at that, then regulatory fines can cost billions for large global brands. So if there is a breach, well, that's a problem. And in the last piece of this is by 2022, we, there will be 20.8 billion things to secure.
So as we were talking earlier, we have the types of endpoints, various endpoints, you know, ranging Linux windows, et cetera, that for form all sorts of different business functions, they can be anywhere in the world and space wherever.
So this whole castle analogy that we've had in the past of the crown jewels, putting everything in the middle defense in depth is something that, yes, we, we still need to execute defenses in depth, but we need to make sure that we're not just relying on the moat and the castle walls to keep our, we need to make sure that the local controls, the local security are in place and set well patching all the vulnerabilities exist there. So if we go one more step further, we look at, you know, a common customer scenario, right?
When you look at what customers have to deal with, they have to deal with all sorts of pieces of technology, whether that's common management needs, you know, a common practice across Mac AEX, HPU, X, Linux, windows, cetera, whether it's, you know, dating all the way back to, you know, windows seven or previous, or the newest windows 11 two, or server's common management out there. And also with these common have common needs as relates to party vulnerabilities as well. We have third party applications that need to be patched in our environment.
So when we look at this, we could have vulnerable unpatched susceptible to configuration, drift endpoints in our environment that we need to manage. They could also be outside of our environment. So you see a lot of these red question marks out here. Do you know how many devices are in your remote office? Do you have command and control of how many devices sit in potentially one of your customers headquarters? Do you know how many endpoints are out there currently in an airport, or these are all great questions. And with big fix, you can manage this at scale.
When we talk about some of the challenges that our customers face before, big fix, you know, there there's, there's often this conversation in regards to VPN versus DM relay management of a given endpoint. This is something that we've been doing since inception since 2000, 2005.
So to us, this isn't a new technology, a new way of managing things. It's just managing things. We've all the way that we always had other challenges, visibility. We have multiples that vulnerabilities the, and also unreliable technology dependencies that is technology dependency on a, a third party utility or a third party tool, like a Java or a WMI or a DMI. There's a lot of potential issues that get in the way of visibility. And then also from an operational complexity standpoint, it is very easy to do endpoint management across 10 or a hundred or a thousand endpoints.
As you start getting into the scale of, you know, 10,000, a hundred thousand, you know, 200,000, that's where big fix brings in a ton of simplicity there, but that's, that's often an operational complexity. And then one of the other challenges that we often see out there before putting a, a tool like big fix in place is you have unmanaged change. So a support person goes in and fixes a problem.
And in doing that, they've cause some amount of configuration drift or there's a script, or there's a service that's corrupted and won't run, or perhaps a user installed a piece of software that is no longer supported in your environment or licensed in your environment. So there's a lot of challenges that our customers face before utilizing a, a product like big fix.
So when you first step in and you talk to customers about what they're dealing with and where these endpoints exist and how many different things they have to manage and, and all of the, the intricacies of, of, you know, managing their change management along with their patch management, the environment starts to look like this, where you have to hop through it in a very specific pattern in order to get to the castle at the end and, and, and ride the flag down the flag pole to, to save the princess so to speak.
But what it comes down to is with environments like this, it's not impossible to win. It is highly possible to win. You just need to make sure that you're taking all of the right moves that you're making all of the right moves. So when we're talking about the HCL big fix platform, you know, our, our tagline is find more, fix more, do more. So let's talk about what an average environment looks like.
Well, at any given environment, you have, you know, a, when a wide area network, you have the internet, right on the wide area network, you have, you know, your corporate devices, you have, you know, data centers, you have clouds, whether that's AWS, Google, Azure, et cetera. And then you also have remote offices, which could, you know, also include point of sales systems or ATMs. Also on the internet side, you can have houses, coffee shops, airplanes, right? Your endpoint can be anywhere.
I think, I think I might have already said the end point is the new perimeter of your overall environment. So the data on there is what we need to protect. We need to make sure that the firewalls are in place and the antivirus is working appropriately, that we patched all of the things in order to make it secure. So in this environment where big fix exists, where we will be providing three core tenants, real time, visibility, scalability, and ease of use, we provide on each of these without sacrificing any one. So we're talking about the platform itself.
So we have a single server, which is highly secure and scalable. It aggregates data and analyzes and reports back. And also it S out predefined custom policies that, you know, you're gonna see here in just a second. We call them fix lists. They're like best practices for your environment that you can take action on. So we have this cloud based content that we deliver to our big fix platform servers, our big fix enterprise management servers. This cloud based content is highly extensible because you can copy and modify any piece of content that we put out there.
And it's also automatic on demand functionality. As a piece of content gets updated in our content delivery network. In seconds and minutes, it will be available in your environment to take action where your endpoints have already evaluated against it as to whether they are truly relevant for this or not. Shouldn't have to deal with hundreds of thousands of potential vulnerabilities keeping you up at night. You should really only have to concentrate on the thousand to 2000 that are relevant in your environment that are active in your environment.
So that's something that big fix gives you peace of mind. And also we have new content that is added daily, as well as community content that is out there, that our customers can consume fixates. It's a wonderful word. It's our flexible policy language that was talking in terms of best practices. So thousands of, out of the box policies, these are best practices for operations in security, and there's simple custom policy author. We give you the capability to utilize ours or create your own. And like I said before, highly extensible and applicable across all platforms.
That's very, very key right there. You can write a piece of content, whether that's a fix lit to take action or property to retrieve something that functions the same way on windows, Linux, Unix, C, across all of the, in your environment. So it's tool that allows you across your endpoint very easily. And we have this, we've distributed our intelligence from the server down to the endpoint, right? We have those fix lists that have gotten down to the endpoint. They're evaluating these best practices.
You can take action on them, but the single intelligent agents performing multiple functions, and it's continuously assessing itself for policies that you've taken action on. So if you have something like, let's make sure that the firewall stays stays on. If somebody Schutze it down, the agent is there.
It's, it's scanning. It's always on taking under 2% of CPU and under 10 mega memory. And when it notices the difference within seconds, it's actually putting that firewall to be back on or potentially reporting failure. If it can't get the firewall all the way up and running.
So with this single intelligent agent, doesn't matter whether you're connected to the network, whether you're, you know, on someone else's network or whether you have no network connectivity at all, anything that's out there that we have in our environment, that allows you, anything that we have out there within your environment to take action on will constantly be evaluating. So even if you're not connected to the network, if you drop that, that firewall, like we talked about before, our agent will notice that it's down and bring it back up.
And lastly, it's a very lightweight infrastructure. Oftentimes our customers will use existing systems in their environment as relays to scale quickly, we have built in redundancy.
So, you know, whether you're going after the primary relay, the secondary relay or tertiary relay in this whole structure. And then we support secure roaming on endpoints. And we have for 20 years, whether that's internal data network, external tour network, doesn't matter. It doesn't make a difference. And endpoint is managed the same, no matter what. And then last but not least, we have a single port, which is 52, 3 11, which all of the traffic flows over. So it's a very simple, simple way to tell what's impacting your network.
If you just look at what's traveling or traversing, and then last but not least, we have that big fix really that outside of the DM, very, to a firewall for those connect. So this our platform, intelligent agent has real time visibility for you. It has scalability and ease of use. That's perfect. On top of this platform, we have four major solutions that we put in place. One of them is called life cycle compliance inventory. And most recently we added on mobile life cycle is about managing from cradle to grave your entire environment as an endpoint, enters your environment.
And as it, you know, it, it needs to be maintained. And then as it exits, so life cycle gives you the capability to maintain operationally your, your network compliance is essentially the ability to endpoint checklists and potentially mitigates. We have you of thousands of the box based ons, PCs. So comprehensive to look at all that is going your environment is a very solution. It measures installed versus used versus owned and allows you to go into the vendor management conversations very easily.
And lastly, mobile, I'll talk to you about this a little bit more in, in a bit, but the short of it is mobile gives us the capability to manage another type of endpoint commonly through our big fixed endpoint management platform. So I'm gonna go ahead and talk through a few items that were created on top of the solution. So big fix mobile is something that we recently talked about.
It gives us the capability to enroll devices using mobile application management to those devices and manage those devices, using policy enforcement, giving us a deep visibility of your modern endpoints alongside, you know, those traditional endpoint manage endpoints that are out there in your environment. This allows you to automate actions and, and set up very specific OS policy rules.
And lastly, it gives us the capability to protect data, which allows us to do disc encryption and key management for laptops, which will essentially manage win 10 and Macs, native technologies of bit vault for full disc encrypts to secure data. Also, we have this idea of managing directly through to the cloud, right? So whether you're using Amazon or Azure or VMware or Google cloud, it shouldn't matter. We provide consistency across clouds. We give you continuous visibility and compliance to those endpoints. It continuously discovers all cloud instances software.
It gives you capability to apply patch, monitor security, configurations, and last, but at least it manages your hybrid view of the environment. So whether it's a physical machine, a laptop, a desktop, a mobile device cloud device, doesn't matter the same to you. You can obviously tell the difference between them, you content to work across all of these endpoints.
So, and then last thing I wanted to talk to you about is our windows 11 support. So on day one with big fix, we gave our customers the capability to assess windows 11 readiness, upgrade to windows 11 with a seamless user experience patch that content that came out for windows 11, as well as any third party patch content, we gave you the capability to ensure compliance on windows 11 devices, as well as every other device that's out there.
And then, you know, last but not least on here, we have, you know, number of things listed, but we also give you the capability to co-manage, whether that is using, you know, agentless APIs for modern management or whether that is using our agent for deep inspection. So, you know, we, we saw a problem that was big fix, or we saw a, a thing releasing windows 11, we got support for it. And now you should have the capability to easily manage that in scale within your environment. So last item to talk about, we have complex environments with big picks.
We're simplifying them with a single painted glass, which gives you the capability to, to manage it scale 300,000 endpoint to continuously patch them and, and remote, or, and control them over the internet as well as continuously enforce configuration, whether on the VPN or disconnect over the internet or whether that's offline enforcement. So big fix gives you the capability to simplify your environment and manage it scale. So thank you everyone for attending and name is, as I said, if you have questions more, please reach out to me. H hcl.com. Thank you very much.
