Fast Endpoint Security Management (at Scale)

Over a decade ago, I was contacted by David Hindawi about a new peer-to-peer cyber security system his team had developed. Back then, you expected your endpoint security agents to report back securely, privately, and unilaterally to a protected, centralized management station. And this was the period shortly after Napster had exploded – so I was pretty skeptical that a peer-to-peer arrangement would make any practical sense.

And OK – so I was wrong. Several colleagues showed me the lightning fast responses to the system’s endpoint queries, as well as how scalable it appeared to be across a typical enterprise. I remember sitting down and digging through a detailed white paper on the system’s performance and accuracy – and I was quickly sold on the idea. Hindawi’s company, of course, was Tanium, and I’ve been an admirer of their fine solution ever since.

Recently, my friend David Damato, Tanium’s Chief Security Officer, was kind enough to bring me up-to-date on the company’s platform and recent technical advances. I’d known Damato from his incident response days at Mandiant, so it was great to get an update from an industry veteran with a broad perspective on current enterprise security issues and priorities. I’ll try to summarize below what I learned during the discussion:

“As you know from your years of experience in our industry,” he told me, “Tanium literally invented a new way to perform endpoint security and management. Our platform offers security operations teams a level of visibility and control, at speeds and at levels of scale that continue to be unheard of in our industry. And also, as you know, by combining this into one platform, the result is that enterprise total cost of ownership is greatly reduced.”

The Tanium platform includes many different capabilities and functions, but it’s the Tanium Core that resides at the heart of most deployments. This component, which is the first function I remember being so impressed with over a decade ago, allows for questions to be asked in readable English about the deployed base. “Our customers want to query the state of their resources, and they want answers quickly and easily,” Damato explained.

Other supported functions include the ability to build an accurate inventory (Asset), perform compliance scans and checks (Comply), install and remove software at scale (Deploy), find unmanaged and rogue devices (Discover), perform file integrity monitoring (Integrity Monitor), detect relationships and dependencies (Map), distribute and manage patches (Patch), consolidate endpoint agents (Protect), and support investigations (Threat Response).

At the heart of this functionality is Tanium's linear chain model. This peer arrangement allows teams to rethink how they analyze data, respond to incidents, and manage endpoints more generally. “Our customers can receive immediate response to their queries for deployments that might include hundreds of thousands of endpoints,” Damato explained. “And we’ve built the platform to easily integrate into typical workflow processes.”

Certainly, endpoint security has become more crowded since David and his son Orion started the company in 2007. And many vendors such as FireEye offer powerful, scalable platform options for endpoint query support. So, I’m guessing that it is no simple lay-up for any endpoint security vendor to make sales. There are simply too many competing offers for the sales process to be an easy one. That shouldn’t be news to anyone reading this column.

But Tanium has developed into one of those iconic cyber security brands with a platform that has become almost synonymous with the function it supports. One of my graduate students, for example, once told me that she was going to “Tanium” some data that she had collected. I guess this means that the name of the company has been officially verbed – which, I presume, is the ultimate marketing achievement for any organization.

If you’ve not done so already, then set aside time to hear Tanium’s fine story. You might not be as lucky as me to hear directly from their Chief Security Officer. But I’m sure your field representative will be able to answer questions accurately. Ask for a demo, and include anyone on your team who manages or interacts with endpoints. As always, please share with us here your learning. I look forward to hearing from you.