Please pardon the lack of specific company names. Much of our work is performed under NDA, so while generals can be discussed, any information which could provide advantage to a competitor or expose weaknesses is obscured.
Unix security compliance detection using IBM Tivoli Endpoint Manager (aka Bigfix), State Government:
A state government desired to increase responsiveness and accuracy of system security scans, particularly on Linux and Unix servers. Script-based anomaly detection was rewritten to leverage the real-time scanning capacity of IBM Tivoli Endpoint Manager’s native Relevance Language. Over a period of months, over ninety percent of checks were rewritten in relevance, allowing for real-time detection of non-compliance — a vast improvement over the previous weekly and monthly scans.
Mass account disable, State Government:
As a state government made sweeping infrastructure changes, security officials realized that several hundred user accounts needed to be disabled across several thousand stand-alone servers. A manual remediation effort was estimated to take weeks to implement. Andersand rapidly prototyped a cross-platform (Windows, Unix, Linux) solution leveraging IBM Tivoli Endpoint Manager which successfully disabled all specified accounts. Within 48 hours of Andersand being engaged on the project, 99% of servers had successfully completed the account disables.