Tanium review: Endpoint security at the speed of now

Tanium Endpoint Platform draws on fast peer-to-peer communications to answer queries of managed clients within seconds

Tanium review: Endpoint security at the speed of now

Many security monitoring products gather information from computers over the network and store it in a centralized database, where it can then be analyzed and queried. The biggest problem with this approach: The data is only as fresh as the last collection, which might happen nightly at best. A better strategy would be to pull fresh data from the endpoints on the fly when it’s needed. The issue there is getting query results from a network of hundreds or thousands of computers in a reasonable time. This is a problem that Tanium solves.

I’ve been following the Tanium Endpoint Platform for a few years now. Early on I was a skeptic. I thought the endpoint querying solution was a one-trick pony that excelled at speed, but not at answers. I used to summarize Tanium as simply "a security query engine on steroids." I still have concerns about the Tanium product, but it has continued to mature, expand and improve to the point where I think every company should review and consider it.

Tanium came out of BigFix eight years ago and was initially resold by McAfee. The functionality that started it all -- the security query engine -- is officially known as Tanium Core.

Tanium works by installing client software; it supports Windows, Mac OS X, Linux and Unix but not mobile platforms. Information is collected on every managed client, where it can be queried on the fly or on a scheduled basis from the server. The path the data takes to the server is shortened by Tanium’s optimized peer-to-peer network architecture, which organizes clients in linear chains instead of hubs and spokes.

Simple queries, fast results

The Tanium peer-to-peer architecture makes it the fastest endpoint query engine I've seen. Previous endpoint query tools I've used either functioned like inventory/asset managers, which gathered a predefined set of data through a routine batch job and sent it to a central collection point, or they ran a specific query or script against every managed computer. The former approach has problems with data freshness, while the latter quickly bogs down under scale. In the Tanium demo environment, which contains a few hundred nodes, most queries were answered in a few seconds.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon