Feb 05, 2021

10 Ways Tanium Makes Configuration Management Better

Now that employees work remotely and use a variety of computers, IT needs a new generation of configuration management tools

By Tim Mintner, Director of Product Management, Tanium

Configuration management means setting up employee computers to comply with IT policies while ensuring that employees have access to applications and data they need for their jobs.

Legacy configuration management products developed a couple of decades ago were designed for a world that doesn’t exist anymore.

In that bygone era, employees worked in large offices and used computers connected to an internal network protected by a corporate firewall. 

Because those computers were continuously on a secure, internal network, monitoring them around the clock was easy. 

And because the computers had all been selected and provisioned by the IT department, configuration differences were minor.

Now that employees work remotely and use a variety of computers, some of which they’ve purchased themselves, IT organizations need a new generation of configuration management tools. (We call these computers “endpoints” since they’re at the end of a company’s network connections to its employees.)

Here are 10 ways that the Tanium Configuration Management solution, available as part of the Tanium Endpoint Management Platform, makes configuration management better for IT organizations managing endpoints.

1. Tanium discovers endpoints that traditional configuration management products miss.

When IT organizations adopt Tanium for configuration management, they usually discover 10-20 percent more endpoints than they previously knew they had. 

IT organizations can’t manage and secure an endpoint if they can’t see it. By improving visibility into endpoints, Tanium helps ensure that all endpoints are properly managed and secured.

Tanium gives you comprehensive configuration management

2. Tanium monitors remote endpoints without requiring them to be constantly connected through a VPN.

Once the pandemic hit and companies switched to a Work From Home (WFH) model for employees, VPN networks became an invaluable but overburdened resource. By providing employees a way to connect securely to internal networks, applications, and servers, VPNs helped remote employees do their job. VPNs also enabled configuration management software to check in on the status of employee endpoints.

But VPN connections are notoriously slow, and adding VPN servers and throughput is expensive. In most organizations, it’s simply not feasible to have all remote employees – especially in a WFH environment – connected all the time to a VPN so that configuration management software can keep track of configuration status and possible threats.

The Tanium Platform monitors remote endpoints securely and continuously over standard internet connections without requiring VPN access. Using Tanium, IT organizations can monitor all their remote endpoints 24/7 without having to invest in additional VPN licenses or overburdening their already busy VPN servers.

3. Tanium minimizes the network bandwidth required for distributing updates and monitoring status.

Tanium has leveraged its years of experience in monitoring and distributing tools and software across some of the largest corporate networks and applied it to the challenges of highly distributed, work-from-home environments. 

Tanium’s efficient and streamlined design allows companies to quickly distribute configuration changes and collect detailed status data from isolated, individual endpoints without jeopardizing the performance of business-critical applications.

4. Tanium provides a single comprehensive configuration management solution for multiple operating systems.

Many legacy configuration management products support only Windows, but Tanium supports Windows, macOS, and Linux. Instead of having to switch between configuration management tools for different operating systems, IT organizations can use the Tanium Platform to configure all their endpoints regardless of which operating system they run.

5. Tanium confirms that configuration changes have been applied.

Traditional configuration management products take a “spray and pray” approach to configuration changes. They broadcast the changes to the endpoints they know of but fail to confirm that the changes have been applied.

The Tanium Platform confirms that endpoints have applied their configuration changes and reports on the percentage of endpoints complying with any IT policy, giving IT organizations confidence that endpoints have been configured in keeping with security and usage policies.

6. Tanium applies and reports on granular configuration changes.

Many traditional configuration products provide only general-purpose controls for managing endpoint configurations. This coarse level of control limits IT organizations’ ability to optimize endpoint performance and security.

Tanium enables IT organizations to define detailed, highly-specific controls for any endpoint or group of endpoints under management. Granular control allows you to monitor for compliance standards and vulnerabilities specific to a business unit. This is essential for blocking sophisticated security attacks while ensuring that employee productivity isn’t compromised.

7. Tanium reports on the AV and firewall status of endpoints.

Especially now that endpoints are being used in remote locations outside the corporate firewall, it’s important that they be configured with firewalls that will prevent network intrusions and other forms of attack. They also need to be configured with antivirus (AV) software, and that software might be configured with the latest AV signatures and attack profiles.

Tanium reports the percentage of endpoints that have their firewalls turned on and properly configured, giving IT organizations the visibility they need to close gaps in firewall coverage. It also reports on AV status, so security teams can quickly reconfigure endpoints exposed to recently discovered threats.

Tanium gives you the ability to monitor and maintain firewall policies on endpoints

8. Tanium reports on the disk encryption status of endpoints.

Especially now that employees take laptop computers to remote sites where they might be lost or stolen, it’s important that endpoints have disk encryption turned on, so that criminals don’t gain access to an endpoint’s data. Unfortunately, many traditional configuration management products overlook this configuration control.

Tanium gives IT organizations visibility into which endpoints have encryption turned on. It also lets them turn on encryption on endpoints that support encryption but haven’t activated it yet.

9. Tanium provides comprehensive configuration management without having to manage and maintain multiple toolsets or a large platform infrastructure.

Legacy configuration management products often require you to manage and maintain multiple toolsets or even a large platform infrastructure.  

In contrast, the Tanium Platform — available in the cloud as Tanium as a Service (TaaS) or on-premises as a Tanium Platform instance — can manage endpoint configurations in even the largest enterprises without requiring additional servers.

10. Tanium helps businesses close vulnerabilities and reduce security risks more quickly and comprehensively.

Because it provides faster, more comprehensive insight into endpoint configuration status and it updates endpoint configurations quickly and precisely, Tanium helps businesses of all sizes respond to security intelligence and threat discovery more quickly, reducing the risk of ransomware and other security threats damaging a business. 

In security, speed matters. When a new vulnerability is discovered, security teams need to install patches quickly. And when an active threat is discovered on an endpoint, the team needs to isolate the threat and mitigate its effects. 

In both cases, having a fast, effective configuration management solution is essential. By providing unprecedented visibility and control over endpoints of all kinds, Tanium helps enterprises reduce security risks while improving IT efficiency and performance.

Trust Tanium for Endpoint Management

The transition to WFH policies has forever transformed enterprise IT environments. Going forward, a larger number of employees will work from home at least part of the time, which means that it’s no longer feasible for IT organizations to rely on configuration management tools that require continuous, local access to endpoints.

Enterprises need a fast, efficient, and cost-effective solution for configuring endpoints wherever they are: on an internal network, in a remote location like a home office, or in the cloud.

Tanium Endpoint Management provides the configuration management solution enterprises need to keep their flexible workforces productive and secure. Featuring a highly efficient linear-chain network design and granular controls, Tanium gives IT organizations the speed and flexibility they need for optimizing endpoint performance and security at any location, anytime.


Learn more about Tanium Configuration Management and request a demo today. 

You can also read the blog post, 7 Best Practices for Configuration Management.