glasses-metaverse

Speed, scale, and certainty in visibility

Estimated reading time: 6 minutes

If we were able to do swab tests for the entire Malaysian population and get the results in 24 hours, could we not have better contained the pandemic?

This is the hypothetical parallel Alvin Tan, Regional VP of  of Tanium, gave when he explained what Tanium’s solutions could do.

Imagine if organisations were able to ask ‘What processes are running today on your computer, that we have never seen in the last 30 days?’

 The answers could reveal that a perfectly legitimate and new application is running, or it could reveal a new process that is triggered by a malware.

Alvin during a Tanium event

Alvin elaborated, “So, we can ask any question, for example ‘How many instances of Firefox are there in my environment?’ and we would get the answers. It would be deterministic data like how many copies and versions of Firefox  an organisation has, and it would be data that can be trusted.”

What Tanium does

Tanium professes to be able to reach every single endpoint in an organisation’s environment, and get almost any data they need from these endpoints in a matter of seconds.

“We usually call this real-time visibility. I know the jargon is thrown around a lot, every vendor say they have this,” Alvin said.

This begs the question: how complete and how fast do different solutions provide this visibility?

Tanium on the other hand, has always been a host-based solution. When organisations started to move towards work-from-home arrangements, the endpoint agents’ configuration followed the laptops and devices, and Tanium’s  solutions continued to work.

Many organisations do not know how many endpoints they actually have, because their visibility solutions are usually network-based instead of host-based like Tanium’s solution is.

Then the question becomes: How do you protect what you do not know you have?

“So, that’s where Tanium comes in. Since we can reach all endpoints (to inventory what is in the environment), why not spread (this capability) along the entire lifecycle of the endpoint?

“Organisations need inventory in terms of hardware, software, applications, even BIOS settings… and our solutions can help customers change BIOS setting via inserting endpoint scripts,” Alvin said.

Besides being able to control inventory that they can ‘see’, it also enables enforcement,  compliance, and  hardening tools to reduce vulnerabilities in the environment.

“In the past, these tools tend to be network-based, but when more people started working from home, they realised all these tools were starting to fail.”

Tanium on the other hand, has always been a host-based solution. When organisations started to move towards work-from-home arrangements, the endpoint agents’ configuration followed the laptops and devices, and Tanium’s  solutions continued to work.

This actually also enables discovery of IT assets in the environment.

How is Tanium able to do this?

This ‘neighbourhood watch’ concept or situational awareness in an environment, is due to a Tanium-patented technology called linear chain technology.

“Instead of the server going down to every endpoint and trying to get information from them, we developed linear chain technology where the subnet would start the query and this query gets passed on down the ‘chain’.”

This negates the problem of the server being bombarded with too much information from all endpoints, all at the same time.

“This technology is unique to us, whereby we are talking to one subnet as though we are talking to one endpoint. That’s how we scale and that’s how it is fast, because we are running at LAN (local area network) speed.”

Alvin also shared that because of how minimalistic the infrastructure required to run this technology is, an organisation could grow many times fold, but there would be no need to invest in relay servers, distribution servers, and so on.

“Our same one single console will do everything,” Alvin said.

Continuous compliance

Being able to discern the endpoints in an environment and query about what is going on with it,  puts Tanium in good position to enforce compliance and even scan and patch vulnerabilities.

This now becomes part of activities conducted by the operations team and what the industry calls cyber hygiene. Part of cyber hygiene is the need to monitor compliance, and the way Tanium does compliance is on a continuous basis.

This is also a host-based capability offered by Tanium, because the agent follows the endpoint. The endpoint does its own scanning and is able to continue to communicate in an encrypted manner with Tanium’s console even though the endpoint is taken home.

Being able to discern the endpoints in an environment and query about what is going on with it,  puts Tanium in good position to enforce compliance and even scan and patch vulnerabilities.

Alvin explained that in an organisation, these operational activities complement the functions of the cybersecurity team, for example threat hunting, incident response, sensitive data detection, compromise assessment, and more.

This is also a host-based capability offered by Tanium, because the agent follows the endpoint. The endpoint does its own scanning and is able to continue to communicate in an encrypted manner with Tanium’s console even though the endpoint is taken home.

Speed, scale and certainty

Most organisations will start partnering with Tanium on a small subset of Tanium’s capability, Alvin said.

”After they are comfortable with a small subset, they will tend to expand and when they expand, they see a lot of benefits.”

An example Alvin used to illustrate is patch management, which tends to be an operations activity. And yet, it overlaps with cybersecurity responsibilities because the consequence of not patching systems, is a potential cybersecurity event. In fact, cybersecurity teams will scan for vulnerabilities and inform operations of vulnerabilities to patch.

“Many organisations already have a patching solution, but they are not quite getting it to work. So, what’s the gap?

“Part of the gap is that two different solutions are being used to scan for the vulnerability and then patch it. Data is being passed around (from operations to cybersecurity, and vice versa) using an Excel spreadsheet.

Alvin pointed out that Tanium’s solution can bridge the gap between operations and security by giving them a single source of truth, to act upon in a unified manner.

Many organisations set up different departments based on the toolkits that were available in the past. If you had a choice to revamp your organisation hierarchy, would you revamp it to be more holistic, or would you continue down this path.

“With us, it is the same solution. The same agent will scan; if I am the one who detects the ‘high temperature’ then I’m the one who will ‘administer the medicine’ so that the workflow is a lot leaner. And it gets done much faster because the endpoint is smart enough to just do it.”

Alvin pointed out that Tanium’s solution can bridge the gap between operations and security by giving them a single source of truth, to act upon in a unified manner.

“It is one data point that everybody can trust because it is deterministic, and this leads to improved workflow and collaboration,” he concluded.