Last week we partnered with Senior Forrester Analyst Chris Sherman to host a webinar with our CEO Sumir Karayi. During the webinar, Sumir and Chris spoke about the benefits of the Tachyon Agent and how it can be applied to your IT estate. Discover the challenges between security and IT as well as why Tachyon is the fastest available EDR solution on the market. There were some questions asked that our experts have answered. To rewatch the webinar, head on over to our Resources page. Don’t forget to check out the Tachyon microsite as well as the product page.
Question: In the demonstration, you showed that the Tachyon Agent has captured TCP connections, process executions, etc. Does this mean each Agent has a local store or database?
Answer: That’s correct. The Tachyon Agent has a light-weight, encrypted local store that it uses to save information about TCP connections, process executions, DNS resolution requests and software installations. In terms of data retention, each of these categories can be configured to capture events independently and be retained for as long as required, capturing activity data from a few hours to several years. Categories can also be independently disabled. The Tachyon Agent uses a summarization technique to reduce the actual storage required on the device itself. Typical storage size is approximately 20-50 megabytes per device, although obviously, this will vary depending on device events captured and data retention configuration.
Question: Do Tachyon Agents use built-in or hard-coded commands to build questions from?
Answer: The Tachyon Agent features a smart, simple-to-learn language that can be used to construct questions and actions. The Agent language is built around a concept of modules and methods (similar to object-oriented programming) which allow you to retrieve data, and has support for SQL querying to allow you to manipulate the data on the device itself before it is reported centrally.
We have out-of-the-box support for about 100 cross-platform “methods” (contained within a number of “modules”) to allow you to execute instructions like interact with the file system, interrogate the network and check hardware and software inventories. We also provide native support for operating-system-specific functionality, for example running a WMI query or accessing the registry on Microsoft Windows. This functionality is extensible so that as new or updated modules are developed by 1E, they can be deployed to existing Agents using Tachyon itself – there’s no need to even restart the Agent.
On top of this, the Agent language also has support for executing operating system commands and scripts (e.g. PowerShell, Bash), giving you incredible flexibility and control.
Question: How does Tachyon distribute large files (for example, over 50mb)?
Answer: Building on our expertise having created the 1E Nomad solution, Tachyon has been designed to be sensitive to network infrastructure. A typical question and response roundtrip between the Tachyon Server and each Agent is normally just a few network packets. For larger payloads, the Tachyon Server is able to coordinate the transmission of this data over the network to optimize available bandwidth and ensure that business critical traffic is unaffected. The Tachyon Agent also features integration with 1E Nomad where available.
Question: Can customers have more than one Tachyon server in the enterprise; if so can one be designated as the master and all data rolls up to it?
Answer: Absolutely! The Tachyon Server components are designed to scale-out, so they can be deployed to match your enterprise’s geographic, network tor business unit topology. Consolidation of data happens automatically as part of the platform – data from each Tachyon Server “stack” is brought together and presented as a complete view within the Tachyon Explorer interface.
Question: Does the Tachyon Agent require admin rights on the user’s machine?
Answer: Like most endpoint management software, the Tachyon Agent runs as a system account. This is to ensure that the Agent has sufficient rights to query and remediate all aspects of the device, which is crucial for being able to tackle security threats where a malicious process may itself be running with high privileges.
Question: Is Tachyon also compatible with Mac devices?
Answer: Yes – the Tachyon Agent codebase is cross-platform, and we have a compiled version for Windows, Mac OSX, Solaris, and a large number of Linux-based distributions (including Android). If you have a particular platform requirement for Tachyon, please get in touch.
Question: Does Tachyon support mobile devices and servers, and what can it scale to?
Answer: As described previously, the Tachyon Agent supports a wealth of different operating systems, including Android for mobile. The Tachyon Server infrastructure is presently supported only on Windows, but some of these components have also been developed in a cross-platform way.
In terms of scalability, we have performed scale testing in our labs to loads in excess of one million Agents. Since the Tachyon Server infrastructure scales out – in other words, you can deploy many instances of the Server components – we can use distributed hardware and parallel processing to achieve exceptional performance at massive scale. Data is automatically consolidated to make the deployment topology completely transparent to users of Tachyon Explorer.
Question: Can Tachyon be used to manage devices that are outside of our network (like in a coffee shop)?
Answer: Yes, Tachyon can manage devices that are outside of an organizations network in exactly same way that it can manage any devices that are inside the organization’s network.
The Tachyon Agent can be configured to connect to a specified list of Tachyon Servers at start up, as required by the organization. In that way, when the device starts, the Agent on the device will attempt to connect to specified instances of the Tachyon Server until it is successful. If a Tachyon Server is available from outside of the organization’s network, say located in the cloud, then this device will be manageable when external to the organization’s network and is connected to the Internet.
Question: Tachyon looks very powerful – what safety and security do you have in Tachyon?
Answer: 1E has over 20 years of enterprise systems management expertise which have given us critical insight into the challenges that Operational Teams have faced over the year. We have designed and built many features into Tachyon to help protect administrators from errors that would impact the business.
Tachyon has been designed from the ground up to be secure – all communication is fully encrypted end-to-end and can integrate with your existing public key infrastructure (PKI). We provide role-based access control (RBAC) to ensure that users have access only to the features they need. We use digital signing to guarantee the integrity of transmitted content. We also have a flexible approval workflow system (including two-factor authentication (2FA) to make sure Tachyon works in conjunction with your organization’s change management procedures.
Don’t miss our next webinar, the last in a three-part series with Troy Martin and Jim Bezdan.
Want to write for 1E? We’ve made it easy to be a part of a quickly growing environment fostering the ideas and expertise of Microsoft MVPs. Our exciting program offers incentives for the post that does the best. Not an MVP? You can still apply to write for us here. We can’t wait to hear what you’ve got to say!