Published on 01-Feb-2011
Validated on 20 Nov 2012
"We can push the patch and we literally watch the policy get applied, go to 100 percent, and attain current status. With the laptop users and people coming in and out of the environment, we liked that machines get their updates the next time they come online." - Nate Howe, Vice President, Risk Management, Western Federal Credit Union
Western Federal Credit Union
IT Life Cycle Management
Western Federal Credit Union is one of the nation’s leading credit unions with over $1.4 billion in assets and 120,000 members across the country. As a multistate, multisponsor credit union, Western Federal Credit Union has a diverse group of sponsor companies in its field of membership in industries such as information technology, automotive, airline, retail, service, manufacturing and aerospace.
Western Federal Credit Union found manual software distribution and update processes to be costly, slow and ineffective. IT staff had minimal visibility into asset inventory and software usage.
IBM Tivoli Endpoint Manager, built on BigFix technology, provides a single, unified management console to automate endpoint management—significantly improving patching and reducing the person-hours associated with software distribution and updates.
Increased patch compliance across a distributed network; 50 percent reduction in labor costs; real-time visibility into asset inventory and software usage to improve licensing true-ups
Western Federal Credit Union is one of the nation’s leading credit unions with over $1.4 billion in assets and 120,000 members across the country. As a multistate, multisponsor credit union, Western Federal Credit Union has a diverse group of sponsor companies in its field of membership in industries such as information technology, automotive, airline, retail, service, manufacturing and aerospace. The Risk Management and Information Security organization supports 375 employees in 32 branches located in 9 states across four time zones.
With a lean team of three, the credit union’s Information Security team looked for a solution that could enable it to do more with less. Optimizing resources is critical, since there are no local IT staff members at remote branches.
Specifically, the group struggled with a labor-intensive, manual patch management process that lacked real-time visibility—particularly for roaming and remote assets. Without a timely, accurate and automated asset inventory, it was virtually impossible to get a grasp on the security configuration and compliance status of their servers, desktops and laptops.
Automating endpoint management
Using the power of IBM® Tivoli® Endpoint Manager, built on BigFix® technology, the team can do more with less. Automated, real-time asset inventory provides certainty in terms of policy compliance and effective risk mitigation across the 500-workstation and 100-server environment. Rather than scheduling staff to perform after hours and weekend operational tasks manually, these are executed automatically with Tivoli Endpoint Manager. Most notably, the team uses the software’s baselining capability to target the specific machines that require a particular patch or update—without any manual intervention. Unlike alternatives that require a server-based scan to validate patch installation, the software agent reports immediately on patch compliance status allowing the team to achieve unparalleled accuracy.
Optimizing resources and productivity
Thanks to these improvements, the team has maximized its resources. IT personnel are accomplishing greater levels of visibility and control with a single administrator focused on server and workstation management, rather than the two that were struggling with these tasks previously. Using the software’s single, unified management console to service both the server and workstation communities streamlines IT operations, improves accuracy and speeds the time to remediation.
Segmenting the assets based on location, priority or configuration baseline is a key aspect of the deployment process. The Risk Management and Information Security team has classified computer groups based on specific characteristics captured through the software’s retrieved-properties utility. One aspect is asset location. For example, if staff need to execute a change on the computers for the credit union’s Virginia branches, targeting is easy since Tivoli Endpoint Manager can automatically segment these assets into a computer grouping. Other groupings can also be configured based on a wide variety of computer properties (e.g., operating system version, hostname, IP address range, CPU type, processor speed, etc.). The software’s awareness of Active Directory data is also leveraged when automating this process.
This level of precise automation optimizes the workflow and improves branch office productivity. Nate Howe, vice president of Risk Management for Western Federal Credit Union, explains the benefits of this approach: “Now that we have this level of visibility and control, we don’t need to bother the branch manager with giving us the names of the machines in that office. We have that instant visibility.”
A new level of accuracy
After evaluating offerings from vendors such as PatchLink, LANDesk, Shavlik, Altiris, and McAfee, the team selected BigFix technology, now IBM Tivoli Endpoint Manager, for the accuracy and speed delivered by its distributed intelligent agent architecture. The software’s high performance, unified management approach enables Western Federal Credit Union to obtain real-time certainty into the configuration status and policy compliance of all its assets throughout the network.
Unlike alternative solutions that require a rescan after each patch installation, Tivoli Endpoint Manager delivers instant validation that a patch has been successfully installed because it doesn’t rely on a server to do the verification and analysis. As Nate Howe explains, “There’s no need to scan your endpoints because changes constantly trickle into the console. Essentially, the machines report on themselves. When we make a change to a machine, the console is accurate within a matter of minutes. We didn’t find any other system that matched that level of accuracy with a real-time view of our assets.”
These levels of accuracy have extended beyond those servers and desktops located within the credit union network to roaming users that are intermittently connected. “We push the patch and we literally watch the policy get applied, go to 100 percent and attain current status,” says Nate Howe. “With the laptop users and people coming in and out of the environment, we liked that machines get their updates the next time they come online.”
The Risk Management and Information Security team has plans to migrate its anti-virus and anti-spyware software to a new vendor and wants to avoid the time, hassle and risks associated with this type of project. The team is planning to use Tivoli Endpoint Manager to facilitate the migration, by automatically targeting the machines that need the uninstall; performing an automated, remote uninstall; quarantining the machines during the removal process; installing the new software; and validating successful installation and configuration of the new signature updates. Additionally, real-time reporting will give the team a detailed inventory of the state of the migration across the network.
- IBM® Tivoli® Endpoint Manager, built on BigFix® technology
For more information
To learn more about IBM Tivoli Endpoint Manager, built on BigFix technology, please contact your IBM sales representative or IBM Business Partner, or visit the following website: ibm.com/tivoli/endpoint
You can get even more out of Tivoli software by participating in independently run Tivoli User Groups around the world. Learn about opportunities near you at: www.tivoli-ug.org
For more information on Western Federal Credit Union, visit: www.western.org
Products and services used
IBM products and services that were used in this case study.
Tivoli Endpoint Manager
Footnotes and legal information
© Copyright IBM Corporation 2011 IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America February 2011 All Rights Reserved IBM, the IBM logo, ibm.com, BigFix and Tivoli are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates.