Tanium
Real-time visibility, control and remediation on a single platform
IT teams need real-time visibility and control of its endpoints. Tanium is enterprise platform that empowers security and IT operations teams with quick visibility and control to secure and manage every endpoint, even across the largest global networks. At the heart of this platform is Tanium’s patented linear-chain architecture.
Knowing what is going on in your environment at any moment.
Lock Your Doors and Windows: achieving and maintaining high standards of cyber hygiene, including keeping software, operating systems and applications patched and up to date across the entire organization.
Respond Faster: have accurate security and operational data that allows threats to be detected, located and eliminated quickly.
Tanium as a part of IT Ops and Cybersec management landscape
In big picture of IT operations and security tools, tanium provides inventory data and ability to react to ITSM tools and SIEM. IT Operations teams can have realtime updated view of configurations, with very efficient queries you can store time stamped configuration cross section of your environment. IT Security shares the same accurate view on all operating systems. Strong Role-Based Access Control, can every Tanium user provided with rights to query or execute actions based on his role in organization. This is especially helpful for vulnerability detection and patching process. Vast amount of data can be streamed to log management system or any bigdata platform for compliance, or analytics purposes.
Why Tanium
Here are six main reasons, why we picked Tanium to be our platform of choice for XEM projects as well as delivery of our managed services.
Tanium communication architecture - Look under the hood
Tanium transcends the inherent limitations of hub-andspoke architectures by decentralizing management directly onto individual endpoints through a single, lightweight agent. Each managed endpoint maintains an awareness of nearby machines on the network by contacting the Tanium Server periodically to get update on the current state of its neighbors.
This is patented communications architecture that is faster and more reliable than current approaches.
Leverages the speed of LAN and reduces the reliance on congested WAN.
Navigates around offline clients or network blockages to maintain high availability.
Zone servers enable all roaming clients to stay connected with Tanium.
This simple interaction automatically pairs each endpoint with the optimal client to receive information from, while then passing this information to a different endpoint. Therefore, this process forms a series of efficiently chained endpoints.
Linear chain
Efficient communication architecture of Tanium Agent-Server makes possible management from single VM (16 vcpu and 48 GB of RAM) to manage up to 30.000 endpoints. Tanium could be also deployed as distributed solution in complex network architectures as fully managed SaaS service by Tanium, on-prem installation connected to public internet and also as fully airgapped solution.
Single Agent
Tanium uses one agent for all queries and actions across functional modules. Configuration allows very granular tuning of performance impact on cpu, network and I/O to make sure, users and applications are not impacted. Agents by default perform number of system configuration checks, so that key data about environment are available even in case of connectivity loss.
Integrations
Tanium is valuble source of data for CMDB. Provides frequent updates and audit trail of configuration item changes. Identifies unauthorized changes and provides audit data on how changes were executed. Incident managers and support teams have real time data about environment for incident investigation. Regular export of config state to Elastic or Splunk provides "3D view" on infrastructure and application landscape.
Functional Modules
Interact
Use Tanium Interact to issue questions to managed endpoints, analyze their answers, and deploy actions to the endpoints based on the answers. For example, you can ask a question that determines if any endpoints are missing critical security patches. Based on the question results that the endpoints return, you can then deploy actions, such as installing security patches. You can also use the Interact Search Endpoints feature to quickly retrieve a lot of information about a single endpoint.
What is a Question
The Ask a Question feature is built on a natural language parser that enables you to get started with natural questions rather than a specialized query language. You do not need to enter questions as complete sentences or particularly well-formed inquiries. Word forms are not case sensitive and can even include misspellings. The parser interprets your input and suggests a number of valid queries that you can use to formalize the question that is sent to Tanium Clients.
What is a sensor?
A sensor is a script that runs on an endpoint to compute a response to a Tanium question. The Tanium Server distributes sensors to endpoints during Tanium Client registration. Sensors enable you to ask questions that collect information such as the following:
Hardware and software inventory and configuration
Running applications and processes
Files and directories
Network connections
The Tanium Server automatically imports initial content that includes sensors for a wide range of common questions. Other Tanium solutions that you import might provide more sensors. If you cannot find a sensor that you need within Tanium-provided content, you can create custom sensors.
Connect
With Connect, you can integrate Tanium™ with a SIEM, log analytics tools, threat feeds, or send email notifications. The connection source might be data that Tanium is creating, like an answer or a log message. The connection destination is something outside of Tanium that you are integrating with, like a security information and event management (SIEM) tool.
AWS S3
Elasticsearch
email přes Microsoft 365
SMTP email
Soubor
HTTP API volání
Microsoft Log Analytics
Socket (SIEM)
SMB file share
SQL Server
Tanium Trends
Use Trends to gain insight into key security metrics and operational health by creating visualizations that show current and historical data from endpoints.
Record metrics from saved questions and installed Tanium solutions over time.
Visualize trends and states in the environment, split by computer groups.
Display alerts when thresholds are breached.
Create a schedule to automatically deliver reports to stakeholders.
Unmanaged asset identification
Unlike approaches that depend on wide-area network (WAN) links, which take hours or weeks to complete, the Tanium platform actively monitors and scans local subnets for unmanaged assets. It reports on newly discovered and lost assets that were previously managed.
Detailed endpoint data
For every device it finds, Tanium Discover shows the hostname, MAC and IP addresses, device manufacturer, OS, open ports/applications and historical information such as the first and last time the unmanaged asset was seen on the network.
Unmanaged asset security
Once unmanaged devices are found, administrators can deploy the Tanium agent on rogue endpoints to bring them under management or block them from the network. These events can be exported to a SIEM or incident management system for further analysis.
Get a comprehensive inventory of hardware and software assets across your environment.
With Tanium Asset, IT operations and asset management teams get real-time data about their IT assets, regardless of location. These rich insights help organizations make the right decisions about managing their devices and systems efficiently.
"Software Bill of Material" reporting at runtime
When the next software supply chain vulnerability is reported, you're ready and equipped with the data to provide an answer to your leadership and mitigate the risk.
Configurable reporting for inventory and audit preparation
Understand the status of your devices within seconds and run configurable reports. Make the right changes for your software licensing and hardware decommissioning based on asset location – remote, on-premises or in the cloud.
Third-party data enrichment
Organizations depend on the accuracy of Configuration Management Database (CMDB) information. Tanium Asset feeds real-time data into common CMDBs, such as ServiceNow, so you have the freshest and most accurate information.
Real-time patch visibility and control
Tanium designed our platform architecture to maintain performance across hundreds of thousands of endpoints. The Tanium platform provides speed and scale to help ensure endpoint patches happen quickly without fail.
One client, no extra agents or infrastructure
Patch hundreds of thousands of systems on a single Tanium instance, without the need for secondary relay, database or distribution servers at different bank branches, retail locations, or geographically dispersed offices.
Customized patch scheduling and workflows
Deploy a single patch to a computer group immediately or perform more complex tasks. For example, use advanced rule sets and maintenance windows to deliver groups of patches across your environment at specified times.
Patching effectiveness tracking
Tanium Patch summarizes the deployment status for any patch, providing immediate feedback on successes as well as failures requiring remediation. It also gives patch histories for individual machines, endpoint reboot status and links to relevant vendor knowledge base articles.
Unmanaged asset security
Once unmanaged devices are found, administrators can deploy the Tanium agent on rogue endpoints to bring them under management or block them from the network. These events can be exported to a SIEM or incident management system for further analysis.
Third-party software updates
Tanium Deploy includes templates for importing and deploying third-party software. Operations teams no longer need to browse websites for the latest updates or create deployment packages. Instead, they can identify and resolve new vulnerabilities.
One client, no extra agents or infrastructure
The Tanium platform offers speed and scale to help ensure software changes happen quickly on endpoints without fail. The Tanium architecture maintains performance across hundreds of thousands of endpoints on a single Tanium server.
End-user self-service portal
Tanium Deploy allows IT Administrators to let users install, update and remove approved and assigned software through easy-to-setup Self-Service Profiles and Self-Service Client Applications.
Bare Metal Provisioning
With Tanium Provision, customers can easily set up and manage their bare metal provisioning without the need of dedicated hardware or complex setup for remote devices anywhere.
Support for industry-specific, security best practices or custom checks
Tanium Comply supports the Security Content Automation Protocol (SCAP) and can employ any Open Vulnerability and Assessment Language (OVAL)-based content, including custom checks. The Tanium content library updates daily with the most current vulnerability and compliance data.
Exposure drill-down and fix
Seamlessly transition from identifying a vulnerability within Tanium Comply to launching remediation activities such as patching, software updates or policy and configuration changes from the Tanium platform.
Alignment with regulatory and corporate requirements
Organizations can use Tanium Comply to help fulfill configuration hardening and vulnerability scanning portions of industry regulatory requirements, including PCI, HIPAA and SOX. The freedom to conduct ad hoc scans also improves adherence to corporate mandates for proactive security assessments.
Enhanced policy management for Windows
Tanium Enforce can manage policies for Windows on and off domain, on premises or in remote locations all from a single console. Centrally manage Windows policies for client and server operating systems throughout your organization, at scale.
Modern Device Management for macOS
Modern Device Management for macOS (MDM) provides policy configuration and patch management, Mac endpoint provisioning and remote wipe all from the Tanium console for macOS 11.x or higher.
USB removable storage management
Tanium Enforce with USB removable storage management can protect your endpoints from unauthorized USB devices, malware introduction and data exfiltration.
Firewall management
Effective endpoint firewall management requires dynamic, micro-segmentation of an organization’s endpoints. Help ensure only approved processes and applications communicate on trusted ports.
Antivirus management
With Tanium Enforce, leverage native AV capabilities by completely managing and configuring Defender across the organization.
Endpoint encryption
Encrypting data at rest is essential if endpoints were lost, stolen or inappropriately decommissioned. Tanium Enforce can manage native OS drive encryption offered by Apple FileVault and Microsoft BitLocker.
Find and fix issues impacting availability and health
Analyze and evaluate customer and employee digital experiences for their endpoints and apps using performance and event data to spot systemic and one-off issues. Noninvasively remediate issues at scale.
Identify causality and make decisions faster
Identify patterns and insights using real-time and historical data to spot changes that may be adversely impacting your customer and employee digital experiences.
Reduce costs with improved IT efficiencies
Use customizable thresholds to identify issues before wide-scale impact occurs and investigate them using real-time and historical data to more quickly identify root causes.
Boost your performance health scores
Use performance health scores to baseline your digital experiences — then define plans to improve their reliability, availability, and ultimately customer and employee satisfaction.
Real-time endpoint monitoring
Tanium Threat Response continuously monitors endpoints for suspicious activity whether they’re online or offline. Real-time alerting with Tanium Signals gives security teams immediate notice when anomalies occur so they can investigate. Users can also create custom signals for tailored detection.
Forensic investigations
Remotely conduct forensic investigations on suspicious machines. Employ enterprise-wide searches of each endpoint. Quarantine compromised machines or take targeted actions, such as halting malicious processes, capturing files, alerting users and closing unauthorized connections and much more.
Incident response and remediation
Tanium Threat Response adapts to incidents, so organizations can fully understand them by using remote forensic investigation on suspicious machines. Take a wide variety of remedial actions, such as imposing network quarantines, deploying patches or running custom scripts.
Consulting services
Our team of certified professionals is ready to get you most value out of Tanium. We are proud to achieve Tanium Certified Administrator, Tanium Certified Operator and Tanium Certified Support Champion.