5 key questions industry experts are asking about Tanium
These questions have been compiled from materials produced by security research analysts, penetration testing specialists, IT journalists and Tanium implementation partners. Readers can explore the questions in detail – and learn more about the source material – by downloading the exclusive free eBook below.
1. Is Tanium secure?
It stands to reason that, when investing in a solution meant to provide greater security to your organization, users should be a in a position to take that tool’s own security for granted. What might concern some current or prospective Tanium users is that this security has come under question, with PEN Consultants’ Robert Neel (a former vulnerability analyst at the NSA) calling it a “hacker’s paradise.”
Neel points out that Taniun’s basic functionality relies on free and open source tools, the security of which is fundamentally dependent on the original vendor. These tools include PsExec (for client installation), 7-Zip (for package compression), Nmap (for device discovery) and VBScript (for everything). “Is [the] vendor going to quickly update/patch all of that 3rd-party software when public vulnerabilities are discovered and exploits are released?” asks Neel.
“Whether you like it or not, you must now be concerned about the security maturity of every vendor tied to every piece of 3rd-party software within [Tanium’s] environment.”
2. Will Tanium adversely impact my network or my endpoints?
When Tanium introduced their core endpoint security and management solution over a decade ago, it was a very different IT landscape from what we face today. Tanium’s basic networking architecture, though novel at the time, predates the introduction of the iPhone and subsequent mobile revolution. Simply put, this design isn’t well suited to modern enterprise network environments.
Analyst firm Enterprise Management Associates (EMA) was quick to point out these architectural shortcomings in a recent report on Tanium Core. “While the speed of Tanium polling responses is often cited as a key advantage of the solution,” observed EMA, “not all endpoint network deployments provide ideal conditions to achieve value from this approach.”
“P2P solutions, such as Tanium, are only designed to support static endpoints that are connected to a fixed LAN.”
3. Is the Tanium support model sustainable?
Every Tanium customer is assigned a Tanium Technical Account Manager, or TAM. They’re one of the reasons many Tanium customers remain unaware of its dependence of freeware. In addition, we have talked to Tanium implementation partners that told us about TAMs being assigned to 3-5 customers each.
Is this model scalable long term? “As Tanium’s customer base grows, it stands to reason that they are either going to have to continually increase the size of their TAM organization or continue to expand the workload managed by each TAM,” one former partner states. “At some point they will run out of skilled individuals that they can onboard, so growing each TAM’s workload will be the only option.”
“If it wasn’t for the intermediary of the TAM, Tanium’s customers would know that it depends on freeware.”
4. Will Tanium secure ALL my endpoints?
Comprehensive endpoint visibility is necessary if you are to answer the question “Are we safe?” with any degree of acceptable confidence. Without it, you will always be forced to concede that there may be gaping holes in your security perimeter of which you are simply unaware.
Tanium does not offer support for older Windows operating systems such as Windows XP or MacOS 10.7. Tanium Core also does not support any of the popular mobile platforms either. Why does this matter? The modern business environment has moved on from being static endpoints within a well-controlled IT infrastructure.
“Tanium… has a tired UX that is getting a bit long in the tooth and an unused API that is rarely implemented.”
5. Can Tanium replace SCCM?
When considering moving to any new technology, you need to feel not only that the alternative is better than what you have today – you have to believe that what you have today is not good enough and then you must be convinced that what you’re moving to is better. Is that the case when considering replacing SCCM with Tanium?
Replacing SCCM with Tanium is possible, but it isn’t recommended and there are several experts who agree. For instance, during a Zero-Day scenario, your remote machines and those where a single agent has failed, are as important as any other machine. Due to its “LANcentric” linear chain architecture, Tanium suffers badly when dealing with remote devices. Read our eBook for the full view.