Feb 02, 2021

10 Ways Tanium Improves Patch Management

Missing patches increase security risk for your entire organization

By Greg Thomas, Director of Product Management, Tanium

You know the right way to perform patch management.

But your legacy tools prevent you from doing so.

Legacy patch management tools are:

  • Slow: Legacy patch management tools often take weeks or months to apply patches while often missing some of the endpoints.
  • Limited: They often can be applied to only a small percentage of your assets at a time, and require significant investment in people and infrastructure to expand.
  • Risky: They fail to accurately and comprehensively close known asset vulnerabilities in your environment, creating an open door for malicious actors.  

We built Tanium to fix these problems.

With Tanium, your patch management processes will become:

  • Fast: You will scan your distributed environment in minutes and can apply new patches to all of your assets in minutes or hours.
  • Scalable: You will leverage a single instance that applies to all distributed assets and automatically scales up or down as your environment changes.
  • Effective: You will consistently find and fix the missing patches in your environment and raise the barrier to entry for malicious actors.  

The result: Tanium makes it easy to perform patch management the right way. 

Here’s what Tanium can do for you.

Top 10 ways that Tanium improves patch management

When you perform patch management with Tanium, you will:

1. Find hundreds of thousands of missing patches on your assets

With traditional tools, you are often forced to delay or outright skip the application of many patches — and some of those patches never get applied.

These missing patches accumulate over time and create an endpoint environment where every asset may be missing multiple critical patches.

With Tanium, our customers typically find — and fix — hundreds of thousands of missing patches in their environment the first time they use our platform.

Tanium makes it easy to find missing patches

2. Reduce your mean-time-to-patch and shorten your patch window

With traditional tools, you must allocate significant time, effort and attention to every patch deployment — creating an average patch window of 102 days.

This is a long time to leave assets unpatched. Every missing patch is a ticking clock that you must find before a malicious actor finds and exploits it first.

With Tanium, our customers typically apply zero-day patches within hours of their release and new critical patches within days of their release.

3. Create and maintain 99% patch visibility and coverage

With traditional tools, you often come to accept “good enough” patch visibility and coverage rates of 80%… 70%… or even less.

These rates leave hundreds, thousands or even more unpatched assets in your environment — and malicious actors need only one to create a breach. 

With Tanium, our customers typically create 99% patch visibility and compliance within 24 hours of installing our platform.

Get the health status of your patch process with Tanium

4. Find and patch assets no matter their location

With traditional tools, you can create meaningful patch visibility and coverage only for assets that live on-premises and connect to your network 24/7.

But modern environments are filled with assets that live in remote and mobile networks and that connect only to your network sometimes — if ever.

With Tanium, our customers use distributed architecture and edge computing to see and patch assets that live anywhere — remote, mobile or on-premises.

5. Scan your assets and define their patch status in real time

With traditional tools, you can run occasional scans only for a limited number of assets you think are in your environment and patches you think they need.

These scans give you stale, inaccurate and incomplete data sets to work with and leave many unknown assets and missing patches in your environment. 

With Tanium, our customers scan their environments in minutes or hours and find every asset living there and every patch their vendors released.

6. Apply large-scale patches to all of your endpoints in minutes

With traditional tools, you must push large, individual patch files directly from your servers to every individual asset that needs coverage.

This approach consumes a significant amount of bandwidth and can create network outages — forcing organizations to delay or skip patch applications. Often, they have to make tough decisions on which security patches they want to install and which ones they will skip.

With Tanium, our customers leverage edge computing to share and apply large patches to countless distributed assets without straining their networks. And with Tanium, you can apply patches from the cloud to remote assets to further reduce impact on your network.

7. Perform all patch management actions from one platform

With traditional tools, you must adopt multiple point solutions — each performing one task — to develop a complete patch management capability.

Each new point solution requires its own agent, infrastructure and teams to run — creating needless costs, complexity and potential for failure.

With Tanium, our customers work from a unified platform that provides all patch management capabilities from a single agent, data set and interface.

8. Streamline your end-to-end patch management capability

With traditional tools, you must still perform many patch management activities manually and perform countless repetitive tasks for every patch application.   

This makes patch management a demanding, time-consuming and error-prone practice that must be carefully planned for and managed. 

With Tanium, our customers streamline and automate the complete patch management lifecycle — from scanning to applying patches to reporting.

9. Eliminate the need for hundreds or thousands of servers

With traditional tools, you must purchase, stand up and manage a high volume of distribution servers that increases as your environment grows.

These servers significantly increase overhead and make it slow, difficult and expensive to fold new assets into your existing patch management capabilities.

With Tanium, our customers leverage distributed, cloud and edge computing that automatically folds new assets into their patch management lifecycle.

10. Launch Tanium in hours or days — not weeks or months

With traditional tools, you must spend weeks or months implementing new capabilities or expanding your existing capabilities to more of your assets. 

This prevents you from responding with speed and agility to changes in your environment and leaves assets without coverage for long stretches of time.

With Tanium as a Service (TaaS), our customers can launch complete patch management capabilities in hours or days from a single SaaS-based instance.

Bring Tanium to your organization

The difference is clear.

With legacy tools, you are forced to perform ineffective patch management.

With Tanium, you will finally be able to perform patch management the right way.

It’s time to make the switch. Take the next step with Tanium.


To learn more about how the Tanium Patch Management solution can improve your organization’s IT hygiene, sign up for a demo today.

You can also read my other blog post Patch Management: What It Is, Why You Need It and How to Do It Right.