Tanium review: Endpoint security at the speed of now

Tanium Endpoint Platform draws on fast peer-to-peer communications to answer queries of managed clients within seconds

At a Glance
  • Tanium Endpoint Platform 6.5

Many security monitoring products gather information from computers over the network and store it in a centralized database, where it can then be analyzed and queried. The biggest problem with this approach: The data is only as fresh as the last collection, which might happen nightly at best. A better strategy would be to pull fresh data from the endpoints on the fly when it’s needed. The issue there is getting query results from a network of hundreds or thousands of computers in a reasonable time. This is a problem that Tanium solves.

I’ve been following the Tanium Endpoint Platform for a few years now. Early on I was a skeptic. I thought the endpoint querying solution was a one-trick pony that excelled at speed, but not at answers. I used to summarize Tanium as simply "a security query engine on steroids." I still have concerns about the Tanium product, but it has continued to mature, expand, and improve to the point where I think every company should review and consider it.

Tanium came out of BigFix eight years ago and was initially resold by McAfee. The functionality that started it all -- the security query engine -- is officially known as Tanium Core.

Tanium works by installing client software; it supports Windows, Mac OS X, Linux, and Unix but not mobile platforms. Information is collected on every managed client, where it can be queried on the fly or on a scheduled basis from the server. The path the data takes to the server is shortened by Tanium’s optimized peer-to-peer network architecture, which organizes clients in linear chains instead of hubs and spokes.

Simple queries, fast results

To continue reading this article register now