Tanium

Real-time visibility, control and remediation on a single platform

IT teams need real-time visibility and control of its endpoints. Tanium is enterprise platform that empowers security and IT operations teams with quick visibility and control to secure and manage every endpoint, even across the largest global networks. At the heart of this platform is Tanium’s patented linear-chain architecture.

  1. Knowing what is going on in your environment at any moment.

  2. Lock Your Doors and Windows: achieving and maintaining high standards of cyber hygiene, including keeping software, operating systems and applications patched and up to date across the entire organization.

  3. Respond Faster: have accurate security and operational data that allows threats to be detected, located and eliminated quickly.

Tanium as a part of IT Ops and Cybersec management landscape

In big picture of IT operations and security tools, tanium provides inventory data and ability to react to ITSM tools and SIEM. IT Operations teams can have realtime updated view of configurations, with very efficient queries you can store time stamped configuration cross section of your environment. IT Security shares the same accurate view on all operating systems. Strong Role-Based Access Control, can every Tanium user provided with rights to query or execute actions based on his role in organization. This is especially helpful for vulnerability detection and patching process. Vast amount of data can be streamed to log management system or any bigdata platform for compliance, or analytics purposes.

Why Tanium

Here are six main reasons, why we picked Tanium to be our platform of choice for XEM projects as well as delivery of our managed services.

Get Answers in Seconds

Ask questions in plain English to understand the state of your endpoints, examine results and take action in real time.

Connect Tanium With External Systems

Enrich external or third-party systems with real-time data from the endpoints in your environment.

Make Data-Driven Decisions

Support continuous measurement and reporting on key security and operations metrics, such as patches and vulnerabilities.

Strengthen Zero Trust Initiatives

Connect to your favorite identity provider to further strengthen access control with Tanium's rich telemetry.

Reduce Lateral Movement Risk

Reduce lateral movement risk with real-time data visualizations that help you prioritize and remediate overly permissive admin rights.

Increase Data Quality and Speed

With our patented architecture, increase the quality and breadth of data and the speed in which you receive it, wherever your endpoints live.

Tanium communication architecture - Look under the hood

Tanium transcends the inherent limitations of hub-andspoke architectures by decentralizing management directly onto individual endpoints through a single, lightweight agent. Each managed endpoint maintains an awareness of nearby machines on the network by contacting the Tanium Server periodically to get update on the current state of its neighbors.

  • This is patented communications architecture that is faster and more reliable than current approaches.

  • Leverages the speed of LAN and reduces the reliance on congested WAN.

  • Navigates around offline clients or network blockages to maintain high availability.

  • Zone servers enable all roaming clients to stay connected with Tanium.

This simple interaction automatically pairs each endpoint with the optimal client to receive information from, while then passing this information to a different endpoint. Therefore, this process forms a series of efficiently chained endpoints.

Traditional Hub & Spoke architecture

Tanium Linear Chain Architecture

Linear chain

Efficient communication architecture of Tanium Agent-Server makes possible management from single VM (16 vcpu and 48 GB of RAM) to manage up to 30.000 endpoints. Tanium could be also deployed as distributed solution in complex network architectures as fully managed SaaS service by Tanium, on-prem installation connected to public internet and also as fully airgapped solution.

Single Agent

Tanium uses one agent for all queries and actions across functional modules. Configuration allows very granular tuning of performance impact on cpu, network and I/O to make sure, users and applications are not impacted. Agents by default perform number of system configuration checks, so that key data about environment are available even in case of connectivity loss.

Integrations

Tanium is valuble source of data for CMDB. Provides frequent updates and audit trail of configuration item changes. Identifies unauthorized changes and provides audit data on how changes were executed. Incident managers and support teams have real time data about environment for incident investigation. Regular export of config state to Elastic or Splunk provides "3D view" on infrastructure and application landscape.

Functional Modules

Core

Interact

Use Tanium Interact to issue questions to managed endpoints, analyze their answers, and deploy actions to the endpoints based on the answers. For example, you can ask a question that determines if any endpoints are missing critical security patches. Based on the question results that the endpoints return, you can then deploy actions, such as installing security patches. You can also use the Interact Search Endpoints feature to quickly retrieve a lot of information about a single endpoint.

What is a Question

The Ask a Question feature is built on a natural language parser that enables you to get started with natural questions rather than a specialized query language. You do not need to enter questions as complete sentences or particularly well-formed inquiries. Word forms are not case sensitive and can even include misspellings. The parser interprets your input and suggests a number of valid queries that you can use to formalize the question that is sent to Tanium Clients.

What is a sensor?

A sensor is a script that runs on an endpoint to compute a response to a Tanium question. The Tanium Server distributes sensors to endpoints during Tanium Client registration. Sensors enable you to ask questions that collect information such as the following:

  • Hardware and software inventory and configuration

  • Running applications and processes

  • Files and directories

  • Network connections

The Tanium Server automatically imports initial content that includes sensors for a wide range of common questions. Other Tanium solutions that you import might provide more sensors. If you cannot find a sensor that you need within Tanium-provided content, you can create custom sensors.

Connect

With Connect, you can integrate Tanium™ with a SIEM, log analytics tools, threat feeds, or send email notifications. The connection source might be data that Tanium is creating, like an answer or a log message. The connection destination is something outside of Tanium that you are integrating with, like a security information and event management (SIEM) tool.

  • AWS S3 

  • Elasticsearch 

  • email přes  Microsoft 365

  • SMTP email 

  • Soubor

  • HTTP API volání

  • Microsoft Log Analytics

  • Socket (SIEM) 

  • SMB file share 

  • SQL Server 

Tanium Trends

Use Trends to gain insight into key security metrics and operational health by creating visualizations that show current and historical data from endpoints.

  • Record metrics from saved questions and installed Tanium solutions over time.

  • Visualize trends and states in the environment, split by computer groups.

  • Display alerts when thresholds are breached.

  • Create a schedule to automatically deliver reports to stakeholders.

Discover

Unmanaged asset identification

Unlike approaches that depend on wide-area network (WAN) links, which take hours or weeks to complete, the Tanium platform actively monitors and scans local subnets for unmanaged assets. It reports on newly discovered and lost assets that were previously managed.

Detailed endpoint data

For every device it finds, Tanium Discover shows the hostname, MAC and IP addresses, device manufacturer, OS, open ports/applications and historical information such as the first and last time the unmanaged asset was seen on the network.

Unmanaged asset security

Once unmanaged devices are found, administrators can deploy the Tanium agent on rogue endpoints to bring them under management or block them from the network. These events can be exported to a SIEM or incident management system for further analysis.

Asset

Get a comprehensive inventory of hardware and software assets across your environment.

With Tanium Asset, IT operations and asset management teams get real-time data about their IT assets, regardless of location. These rich insights help organizations make the right decisions about managing their devices and systems efficiently.

"Software Bill of Material" reporting at runtime

When the next software supply chain vulnerability is reported, you're ready and equipped with the data to provide an answer to your leadership and mitigate the risk.

Configurable reporting for inventory and audit preparation

Understand the status of your devices within seconds and run configurable reports. Make the right changes for your software licensing and hardware decommissioning based on asset location – remote, on-premises or in the cloud.

Third-party data enrichment

Organizations depend on the accuracy of Configuration Management Database (CMDB) information. Tanium Asset feeds real-time data into common CMDBs, such as ServiceNow, so you have the freshest and most accurate information.

Patch

Real-time patch visibility and control

Tanium designed our platform architecture to maintain performance across hundreds of thousands of endpoints. The Tanium platform provides speed and scale to help ensure endpoint patches happen quickly without fail.

One client, no extra agents or infrastructure

Patch hundreds of thousands of systems on a single Tanium instance, without the need for secondary relay, database or distribution servers at different bank branches, retail locations, or geographically dispersed offices.

Customized patch scheduling and workflows

Deploy a single patch to a computer group immediately or perform more complex tasks. For example, use advanced rule sets and maintenance windows to deliver groups of patches across your environment at specified times.

Patching effectiveness tracking

Tanium Patch summarizes the deployment status for any patch, providing immediate feedback on successes as well as failures requiring remediation. It also gives patch histories for individual machines, endpoint reboot status and links to relevant vendor knowledge base articles.

Deploy

Unmanaged asset security

Once unmanaged devices are found, administrators can deploy the Tanium agent on rogue endpoints to bring them under management or block them from the network. These events can be exported to a SIEM or incident management system for further analysis.

Third-party software updates

Tanium Deploy includes templates for importing and deploying third-party software. Operations teams no longer need to browse websites for the latest updates or create deployment packages. Instead, they can identify and resolve new vulnerabilities.

One client, no extra agents or infrastructure

The Tanium platform offers speed and scale to help ensure software changes happen quickly on endpoints without fail. The Tanium architecture maintains performance across hundreds of thousands of endpoints on a single Tanium server.

End-user self-service portal

Tanium Deploy allows IT Administrators to let users install, update and remove approved and assigned software through easy-to-setup Self-Service Profiles and Self-Service Client Applications.

Bare Metal Provisioning

With Tanium Provision, customers can easily set up and manage their bare metal provisioning without the need of dedicated hardware or complex setup for remote devices anywhere.

Provision
Comply

Support for industry-specific, security best practices or custom checks

Tanium Comply supports the Security Content Automation Protocol (SCAP) and can employ any Open Vulnerability and Assessment Language (OVAL)-based content, including custom checks. The Tanium content library updates daily with the most current vulnerability and compliance data.

Exposure drill-down and fix

Seamlessly transition from identifying a vulnerability within Tanium Comply to launching remediation activities such as patching, software updates or policy and configuration changes from the Tanium platform.

Alignment with regulatory and corporate requirements

Organizations can use Tanium Comply to help fulfill configuration hardening and vulnerability scanning portions of industry regulatory requirements, including PCI, HIPAA and SOX. The freedom to conduct ad hoc scans also improves adherence to corporate mandates for proactive security assessments.

Enforce

Enhanced policy management for Windows

Tanium Enforce can manage policies for Windows on and off domain, on premises or in remote locations all from a single console. Centrally manage Windows policies for client and server operating systems throughout your organization, at scale.

Modern Device Management for macOS

Modern Device Management for macOS (MDM) provides policy configuration and patch management, Mac endpoint provisioning and remote wipe all from the Tanium console for macOS 11.x or higher.

USB removable storage management

Tanium Enforce with USB removable storage management can protect your endpoints from unauthorized USB devices, malware introduction and data exfiltration.

Firewall management

Effective endpoint firewall management requires dynamic, micro-segmentation of an organization’s endpoints. Help ensure only approved processes and applications communicate on trusted ports.

Antivirus management

With Tanium Enforce, leverage native AV capabilities by completely managing and configuring Defender across the organization.

Endpoint encryption

Encrypting data at rest is essential if endpoints were lost, stolen or inappropriately decommissioned. Tanium Enforce can manage native OS drive encryption offered by Apple FileVault and Microsoft BitLocker.

Performance

Find and fix issues impacting availability and health

Analyze and evaluate customer and employee digital experiences for their endpoints and apps using performance and event data to spot systemic and one-off issues. Noninvasively remediate issues at scale.

Identify causality and make decisions faster

Identify patterns and insights using real-time and historical data to spot changes that may be adversely impacting your customer and employee digital experiences.

Reduce costs with improved IT efficiencies

Use customizable thresholds to identify issues before wide-scale impact occurs and investigate them using real-time and historical data to more quickly identify root causes.

Boost your performance health scores

Use performance health scores to baseline your digital experiences — then define plans to improve their reliability, availability, and ultimately customer and employee satisfaction.

Impact
Threat Response

Real-time endpoint monitoring

Tanium Threat Response continuously monitors endpoints for suspicious activity whether they’re online or offline. Real-time alerting with Tanium Signals gives security teams immediate notice when anomalies occur so they can investigate. Users can also create custom signals for tailored detection.

Forensic investigations

Remotely conduct forensic investigations on suspicious machines. Employ enterprise-wide searches of each endpoint. Quarantine compromised machines or take targeted actions, such as halting malicious processes, capturing files, alerting users and closing unauthorized connections and much more.

Incident response and remediation

Tanium Threat Response adapts to incidents, so organizations can fully understand them by using remote forensic investigation on suspicious machines. Take a wide variety of remedial actions, such as imposing network quarantines, deploying patches or running custom scripts.

Consulting services

Our team of certified professionals is ready to get you most value out of Tanium. We are proud to achieve Tanium Certified Administrator, Tanium Certified Operator and Tanium Certified Support Champion.

Cyberhygiene Assestment

We provide one-of service, which reveals on data collected by Tanium key areas for improvement. System vulnerabilities, Administrative Access Management and Risk of Lateral Movement, System compliance, Insecure Transport Security Protocols, Encryption and mutual authentication.

Implementation

We offer quick-start implementation service, which includes Tanium server deployment, essential integrations to identity management and log management systems. Depending on scope of modules and amount of content customization we offer time-material solution development and managed services.

Managed services

Managed services include first line of support to handle incidents from end users and administrators, maintenance of Tanium solution deployed on premise. Scope and SLAs are subject to specific client requirements.