Tanium cybersecurity goes beyond Unified Endpoint Management

Get a free Techzine subscription!

Within the cybersecurity market, most experts agree that it is time for a new way of working. The number of tools that enterprise organisations use to implement their security policies rises to around 100. As a result, solutions are not used efficiently enough, as security teams are too small to actually use all the features of the products. Therefore, suppliers of security tools are almost all looking to broaden their activities so that enterprise organisations can do more with less. At Tanium, a company that has been around for just over ten years, that idea has lived from the beginning. Because of that, the company has its own vision on Unified Endpoint Management (UEM), the security discipline in which it is active.

UEM has been around for a while, and is a further development of what was once called Mobile Device Management. MDM provides companies with a tool from which they can manage mobile devices, usually iOS and Android. Suppliers of MDM solutions developed their products to manage all endpoints within a company from a single console. After all, Windows and Linux are increasingly being used as mobile operating systems. As a result, traditional MDM solutions are no longer sufficient, and UEM has emerged.

Tanium positions itself even more aggressively, by presenting itself as a kind of UEM+ supplier. “Our product goes much further than traditional Unified Endpoint Management,” Tanium recently told us during our visit to the Tanium Converge conference. Through the platform, enterprise organisations must gain insight and control over all devices, in the broadest sense of the word. This means, for example, legacy operating systems, but also servers and systems hosted in the cloud. According to Tanium, everything that you could consider as an endpoint should come together on one platform if you want to realise a good UEM. Only then, a company has insight into its assets and the risks of users and devices can be estimated.

Two professional groups benefit from a more intensive UEM approach

The Tanium approach should bring several IT employees together on one platform. According to the company, its solution is particularly suitable for two professional groups: those dealing with IT Operations and those dealing with security. In order to support this in the best possible way, Tanium has developed a modular platform with a variety of user applications.

IT Operations is a fairly broad group to address with a single product, as it includes, for example, system administrators and network administrators. Tanium, therefore, has modules that include software management and provide insight into an organisation’s application landscape. In theory, this makes the platform attractive to many professional groups. For example, DevOps engineers can benefit from using Tanium.

The security part of the platform, in turn, points a little more in front of it. This should enable security teams to protect endpoints. This can be done, for example, by scanning for vulnerabilities or by further investigating threats. An increasingly important issue for security teams, data privacy, is also being addressed.

Broadly speaking, there are now the following modules, with Tanium immediately telling us that the list will continue to grow:

IT Operations

  • Asset
  • Deploy
  • Discover
  • Folder
  • Patch
  • Performance

Security

  • Comply
  • Integrity Monitor
  • Protect
  • Reveal
  • Threat Response

The similarity between the modules is that they are built to simplify collaboration between IT Operations and security teams. In Tanium’s view, this is the way to implement an efficient security policy. After all, poor cooperation between the camps would lead to inefficiency, as employees deploy various separate security tools that do not always talk to each other very well. Moreover, it is questionable whether the potential of every purchased security solution will be exploited. Teams are often too small to make the promises of the products come true. Solving a vulnerability can take too much time, which in turn brings with it the necessary risks. Less, in this case, really is more. During Converge, we zoomed in on how this entire philosophy works out in practice.

Visibility is the key to IT Operations

First of all, the IT Operations side. The modules for this group mainly ensure that IT teams gain more insight into what is happening within the organisation. Enterprises often use thousands of applications and endpoints on which all kinds of activities take place. Tanium, therefore, looks at (log) data to gain insight into these business assets.

The Asset module gives a good example of how Tanium achieves this. Within this feature, users can request a list of all devices in a company. When a device is selected, details about the software on the device can be requested. This comes in handy when, for example, an employee wants to check whether the system is up-to-date. Usually, this information is accurate, although it can also happen that the device has not been online for a while. Logically, filters can also be applied to make the whole thing a bit clearer.

However, there are also so-called unmanaged devices in circulation within organisations. IT employees have little control over these devices due to the fact that the owner of the device itself takes care of management. Tanium came up with the Discover module for this purpose. Because unmanaged devices do connect to the company network, the necessary data can be read out. This data tells, among other things, which applications, operating system and open ports are used. If it turns out that something vulnerable is being used, the IT department can give a signal to the user. It is even possible to send the Tanium client over the internet so that the unmanaged device is managed by the organisation.

    “Our product goes much further than traditional Unified Endpoint Management.

The input coming from the Asset and Discover module will lead to IT teams realising that something needs to be done about the software on a large scale. This can be done using the Deploy and Patch modules, which are designed to roll out the latest versions or emergency updates of applications. With Tanium, the installation, update process and possible uninstallation should run more smoothly. The platform knows what the SaaS-solutions of most IT suppliers look like, which enables it to execute company-wide software decisions faster.

Endpoint security efforts

As we mentioned earlier, the efforts surrounding security are at least as strong a focus point for Tanium. A number of interesting modules have been developed in this area. Usually, these features relate to the protection of the endpoints within a company, but they also address a piece of threat response and data privacy.

For the protection of endpoints, Tanium has included Protect in its portfolio. This module has been made compatible with operating systems Windows, Linux and Mac. This makes it possible to set different policies. Think of policies related to encryption, to regulate the policy around keys. But also the setting of Windows Firewall policies can be controlled via Protect. Protect is mainly a technology to roll out your organisation’s policy, although certain antivirus information can also be requested.

Another module to help security professionals is called Threat Response by the company. This provides users with a tool to detect and resolve threats at the endpoints. To do this, Tanium examines processes within the network and applies analytics so that malicious activities stand out. The advantage of ‘record-keeping’ the processes is that it provides a detailed description of a process with an error. Steps can then be taken to take action. Sometimes, this can be done within Tanium itself, but oftentimes a link has to be made with a tool from another security supplier. A number of integrations have been built to support this, for example with Palo Alto Networks.

The last issue security professionals increasingly have to deal with is data privacy. When there is an actual data breach, the security team is often looked at first. This is why Tanium is in the process of adding a series of functionalities to help with legislation such as the GDPR. A few months ago, this resulted in the Reveal module, which allows organisations to monitor sensitive data. For example, Reveal looks into databases, where valuable data can often be found. Tanium, however, indicates that it wants to go even further than at present, because of the CCPA Act that recently came into force in America and the European GDPR regulations. The latter has been in force for over a year and a half, so for some users, it may feel as if Tanium is on the late side with adding functionality.

Broad outlines for the coming period

The Converge conference was eventually overshadowed by the release of Tanium 7.4. Often the platform gets a major release once a year, so it is logical that the company put the new updates in the spotlight. We have also unified the new functionality in a separate article, where we indicate that the platform should be more user-friendly by making data work more for users.

However, we would like to discuss one function of version 7.4 separately. One of the most striking changes is called Personas. The new functionality should make it easier for a user to perform multiple tasks on the platform. In practice, it happens that a user uses functionality within one day to investigate a cyber threat or to roll out patches. The way this used to happen was a bit awkward, as users sometimes had to switch between accounts because of permissions linked to the account. Personas change this by giving users access to data and functionality related to a specific task. So the permissions move from a person to specific tasks.

An interesting approach within the current market

The way Tanium looks at Unified Endpoint Management creates a breath of fresh air. It looks at a lot of data to support IT Operations teams and security professionals. Ideally, due to the modular structure of the Tanium platform, they work well together, because there are a number of similarities between the various activities. If that data flows across the platform, everyone will benefit from it; that can’t do any harm in the current security market. We are therefore curious to see how Tanium will develop further as a product and a company.