8 min

With the introduction of Tanium-as-a-Service and its integration with Salesforce, Tanium is demonstrating its ambition to be able to do more for more organizations in terms of endpoint management.

Tanium was originally best known for the extremely clever way in which the modules within their platform communicate with endpoints in the background. However, the company is expanding its focus and is slowly but surely moving towards new areas. We felt it was time to see where the company is now, and where it’s going. Apart from our own take on things, we also spoke to Simon Mullis, Technical Director EMEA at Tanium, about recent developments.

The basics

If your organization has many endpoints and you are responsible for their health and security, then visibility and insights into their status are undoubtedly high on your wish list. This may be easy to wish, but quite hard to actually realize, as any security professional can no doubt tell you. The founders of Tanium (father and son David and Orion Hindawi) wanted to offer this to organizations. They founded the company in 2007, and then spent no fewer than five years in stealth mode working on their product. Tanium officially entered the market in 2012.

That 2012 product is in fact still the basis for the platform Tanium now offers. The company wants to offer a better alternative to, among others, Microsoft Endpoint Configuration Manager, formerly System Center Configuration Manager and before that Systems Management Server. In short, Tanium has devised a communication mechanism that is more efficient than that of other players in the market. Tanium’s solution needs far fewer relay servers. Whereas other solutions require 6 relay servers per 10,000 endpoints, with Tanium a single relay server is sufficient, as we learn from documentation on the company’s site.

Divide and conquer

The relay server ensures that all queries and commands are properly passed on to the endpoints on which the Tanium agent resides. This works in a clever way. A command or query goes to an endpoint, and Tanium tells that endpoint who its neighbors are. Then the answer from the endpoint is passed on by the agent on the endpoint to the next endpoint. It’s quite a job to optimize properly, but afterwards it works very quickly and efficiently and does not need to run through all kinds of extra relay servers.

Tanium doesn’t only deploy a query or command to the endpoints in this way. It also works this way when it comes to deploying patches. That is, Tanium’s technology distributes the load over the endpoints. So-called shards of the patches are located on different machines. As soon as you add a new endpoint – and you also install the agent on it, of course – it fetches multiple shards from other machines. In this way, the endpoint does not have to request all this information from somewhere centrally. Data that does not arrive via the shards, can of course still be requested from the server.

From basics to modules

The product and technology described above is the foundation for Tanium’s platform as we know it today. In the beginning, there was only this basic functionality. Tanium focused exclusively on very large organizations, who were initially quite happy with this technology alone, in terms of endpoint management. Over time, however, Tanium started to receive feature requests. Think of patching or EDR, or other (primarily security-related) requests.

From those kinds of feature requests, Tanium developed the more or less ready-made modules it is now known for. There are now 11 of them, all focused on a specific component, but with the same shared architecture. One of the modules is Discover. With this you can quickly map out what unmanaged hardware and software is present in your organization. With the Threat Response module you continuously record everything that happens on the security level. You do this by using the standard tooling available in the OS. Based on what you detect, you can investigate and respond. This module has long been one of Tanium’s breakout products. It will also have contributed to the fact that Tanium is often portrayed as a security party.

Three newer modules are Performance, Enforce and Impact. This is more or less where our conversation with Mullis starts. Performance, a module for endpoint performance management, and Enforce, which allows you to set up policies and remediation for endpoints, are interesting in their own right, but his heart especially skips a beat when he talks about Impact. He describes Impact as “Bloodhound in real time”. Bloodhound is an open-source tool (also widely used by hackers, by the way), with which you can make relationships within your Active Directory transparent. Hackers use it to determine the shortest route for an attack, the Tanium module that offers this functionality shows you in real time where your vulnerabilities are in your AD. So it’s mainly about detecting so-called technical debt.

Tanium-as-a-Service

Tanium is still developing new modules that meet a market demand. This is quite obvious based on the most recent additions. Yet they have also realized that modules alone are not the future. At least, if Tanium wants to enter the market more broadly. That is, beyond the very large organizations that manage Tanium themselves and keep it running in their IT environment. That’s what Tanium-as-a-Service was conceived for. Mullis unhesitatingly calls this the biggest news of recent times.

With TaaS, Tanium now has an option in addition to its existing on-prem offerings for organizations that don’t want to or can’t run Tanium themselves. It’s a fully managed service that runs in the cloud, Mullis points out. As a customer, you only need to put the agents on your endpoints. Tanium promises that there are absolutely no further requirements, not even on the infrastructure. So you don’t have to set up anything to distribute patches or OS updates either. In fact, the only thing you need to set up before you can start using TaaS has to do with authentication. You need to have tooling from identity providers like Okta or Auth0 that is compliant with SAML 2.0 and supports 2FA. This is obviously necessary to be able to securely forward the credentials to the cloud service.

The timing of TaaS seems excellent, by the way. After all, it allows you to manage and protect all endpoints, no matter where they are, from the cloud. It is completely agnostic, Mullis argues. Whether it’s VDI, cloud, 5G or any other endpoints, it can be managed with TaaS. That’s a plus, especially now that everyone works all over the place.

Integrations

With TaaS, Tanium is reaching a larger portion of the market. After all, it does not require any infrastructure and Tanium also takes care of configuration and maintenance. That makes Tanium more interesting for organizations that don’t have the people to manage a complete Tanium deployment themselves. That remains a fairly specialized job, even though Tanium has recently revamped the UI of the software.

It doesn’t stop here, however. The information you can gather using Tanium can also be put to good use elsewhere. That is, you can also use it as input for other tools. There are quite a few already, as can be seen on Tanium’s website. We see integrations with Splunk, but also with Chronicle, Google’s SIEM. Of course, integrations with public clouds are a necessity, we also see many integrations with security vendors on that page.

ITSM with Salesforce

Tanium can also add value to ITSM platforms. After all, ITSM is largely about managing endpoints within organizations. The integration with ServiceNow therefore makes perfect sense. Recently, the collaboration between Salesforce and Tanium has been added to this. IT Service Center, part of Work.com, is integrating Tanium’s capabilities into Salesforce’s ITSM platform. This is not really a surprise, as Salesforce invested quite substantially in Tanium last year in its most recent funding round. Back then it was already clear that these kinds of collaborations were coming.

Help desk staff at organizations get much more useful information through IT Service Center by linking to Tanium. You can choose to ingest only a limited part of your Tanium data in IT Service Center, for example only of a single module. If you want the employees to receive all possible information from the endpoints, this is also possible. You can set this up as you wish. It’s wise to properly think through how much Tanium data you ingest in IT Service Center, because you don’t want help desk staff to drown in data that isn’t necessarily relevant to what they need to do.

The integration of Tanium and Salesforce into IT Service Center works the other way too. That is, employees can now also get faster and better support if something is wrong. It no longer takes hours to figure out what’s going on, Mullis points out. Tanium reduces the response time from days to seconds, he says, perhaps exaggerating somewhat. The point he wants to make is clear, however. He wants to stress that the integration between Tanium and Salesforce works many times faster when solving support tickets than plowing through a CMDB.

Closing thoughts: Tanium broadens its scope

Tanium’s recent moves indicate that the company is slowly but surely changing. Previously, it was really only of interest to very large companies. Now Tanium’s technology is becoming more widely available. The introduction of Tanium-as-a-Service is taking care of this in particular. This makes it possible to use the full suite of Tanium, without having to set up your infrastructure accordingly. However, the integration with Salesforce in IT Service Center certainly contributes to this as well. This allows the data coming from Tanium to provide insights to helpdesk staff, without having to do a relatively slow and complicated analysis first.

All in all, in just under ten years since its actual launch in 2012, Tanium has developed from a player with an innovative tool for endpoint management to an increasingly visible and relevant platform. Not only as a stand-alone solution, but also in collaboration with other technologies. We also suspect that there is still a lot more to come. Endpoints will continue to be used in a distributed manner after the covid period. Thorough management will therefore remain necessary and there are undoubtedly still new modules that can be developed in response to what is happening in the market. The same goes for integrations. In addition, TaaS opens up a new world for Tanium, with new opportunities to investigate.