Tanium's fast-acting endpoint management tool grows up
- 01 April, 2015 04:26
A tool for nearly real-time management of clients like desktops, laptops and Windows tablets is now set to take on massive organizations that have millions of endpoints.
Tanium is software that can examine and modify all such clients across an enterprise within 15 seconds, according to the company. It's already being used by customers with more than 500,000 endpoints, and the newly released Version 6.5 is designed to serve some of the world's largest organizations, especially in the public sector, Tanium says.
At the heart of Tanium's software is the ability to rapidly reach all endpoints throughout an organization, which can speed up both security and IT management tasks. Tanium makes this work by organizing endpoints into linear chains in which they communicate peer to peer.
It's more efficient than hierarchical systems that require servers to check in with multiple clients out at the edge of the network, said Joe Lea, senior director of product management. How Tanium organizes its linear chains of devices to deliver data as quickly as possible is part of the core technology that the company set out to create when it was founded in 2007.
The ability to rapidly poll and modify end systems can pay dividends in security, helping enterprises detect and eliminate threats without having to wade through lengthy investigations of all their clients, Tanium says. It can also make software updates easier by showing what version each system is running and then quickly apply updates or patches.
Tanium can give enterprises extra speed to help them keep up with attackers, according to Gartner analyst Lawrence Pingree.
"Getting data back from a wide array of different endpoints rapidly is very important, especially given the speed at which some attacks are perpetrated," Pingree said. Once malware gets into a network, it can spread and do damage quickly.
There are other endpoint security companies that advertise real-time monitoring and response, including CrowdStrike and Bit9. Tanium sets itself apart by also handling a broad range of endpoint management tasks such as software updates, Pingree said.
Tanium doesn't reach smartphones or most tablets. It's been compiled for Android but isn't designed to be a mobile device management platform, Lea said.
A way to understand what Tanium does is to look at its natural-language query feature, a Google Search-like interface for finding out about endpoints. An administrator can type, for example, "show all running processes" and get back a list of all the current processes on all the clients in the enterprise.
The results can show how many employees are using Outlook and how many are on Facebook, but more importantly, it can display which systems have outdated and vulnerable versions of software or are running processes associated with known malware. From there, Tanium lets managers take steps like killing processes, quarantining machines or applying patches.
Typing queries isn't the only way IT departments can track down security problems with Tanium. Among other things, they can use IOCs (indicators of compromise), which are collections of malware information compiled by security companies and other sources. Tanium's software already can read IOCs and use them as a basis for queries. Version 6.5 automates that process and builds it into the product so it's less work for enterprises to use it.
The latest update also integrates Tanium with some commonly used tools for monitoring and managing IT infrastructure. Enterprises can feed the product's real-time information into software that uses SIEM (security information and event management) and CMDB (configuration management database), as well as help desk systems, Tanium says.
The new version also gets a dedicated tool for managing software updates and licenses across an enterprise, with enhancements including more flexible scheduling for patches and better reporting, Lea said.
Tanium has been available for about two years but saw an upsurge in popularity last year, Lea said. The company says it's now in use in half of the Fortune 100 enterprises, including half of the world's top 10 banks. On Tuesday, it announced $52 million in new funding from venture firm Andreessen Horowitz.