David Strom is a doyen in the tech industry.

A world-renown expert in the field, his widespread knowledge extends beyond just technology. He is known for his expertise in security, networking, and educating others on how to use the resources he holds so dear.
We look to him to judge what tools are best for us collectively, as the divine magistrate to distinguish the solutions available on the market. Recently, Mr. Strom wrote a report on our own tool, Tachyon, and has come back to us with a clear ruling. Tachyon deserves a closer look. And you, as the potential end user, are responsible for looking.

He highlights a very important factor:

Most business value-creation takes place at the endpoint. Therefore, ensuring safe and productive end-users are key to business success. As enterprises are migrating to more mobile and cloud-based computing, they have a harder time defending their networks. Because of that, they must get better at evaluating and responding to threats.
Unlike more narrowly-focused security products, Tachyon operates in a wider arena. This enables it to close the gap between Security and IT operations teams. Strom explains that Tachyon is used for finding out about the health of endpoints. But it doesn't stop there. Another key factor in Tachyon's abilities is taking remediation steps in real-time. The simple ad-hoc query console makes it easy for security and IT professionals to deliver real-time automated endpoint remediation and management.
As Mr. Strom continues to look microscopically at the aspects of Tachyon, we are brought back to an earlier evaluation of Tachyon which directly compared it to Tanium.

For perspective, here is a quick look at how Tachyon stacks up to other EDR tools:

  • Tanium – Strom sees that Tanium suffers from a core technology that is slower and uses more network resources than Tachyon. The UI is old. This tool requires a skilled operator to obtain and then interpret results.
  • Carbon Black – Offers a more network-centric view of your endpoints. Similar to Tachyon in how it collects data and remotely controls and quarantines the endpoint. The main dashboard, however, is inadequate and overwhelming with a large network or lots of activity, Strom points out.
  • Cylance – Uses a ‘watchlist’ approach. This limits which executables can run in your environment. It also makes it tied to a security feed. This approach is also possible with Tachyon among many others, and Strom says that organizations may well find Cylance’s underlying approach overly restrictive.
  • CrowdStrike – Evolved from a threat hunting background into an EDR tool. It has a lot of feature parity with Tachyon, but it is limited to a single network domain.

Let’s end with where we began. David Strom took a hard look at what we’re providing to the community. The big takeaway from his report is that Tachyon certainly is a different tool and it stands out as such when stacked next to its competitors.

He says, “A lot of infosec products try to push the metaphor of searching for a needle (such as malware) in a haystack (your network)…What Tachyon does isn’t trying to find that needle, but instead figures out that first, you need to look for something that doesn’t appear to be a piece of hay. That is an important distinction.”

Read the rest of David Strom's report.