Sep 23, 2021
How Tanium Shines a Light on IT Environments
Nathan Peters of ProNet Designs explains how Tanium products help him help customers stay safe, secure and operationalBy Tanium Staff
Imagine searching for gold nuggets in a room that’s pitch dark.
That’s essentially what many businesses are doing today, says Nathan Peters, operations manager at ProNet Designs. His company, an IT services provider, based in Lexington, North Carolina, manages and secures IT environments for small to midsize businesses using Tanium.
“Like being in a dark room, many of our new customers don’t know what computer assets they have,” Peters says. “They also don’t know what’s on their network.”
This lack of visibility can be more dangerous than trying to walk through a dark room. After all, what you can’t see, you can’t manage or secure.
Reining in ransomware
Given that lack of visibility, the consequences can be dire. Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 11 seconds by 2021, up from 14 seconds in 2019. This makes ransomware the fastest-growing type of cybercrime.
That kind of risk keeps Peters and his ProNet team busy. When one of ProNet’s customers was recently the victim of a ransomware attack, Peters and his team used Tanium to help roll it back.
“Tanium allowed us to find out the why,” Peters says. “How did this attack happen? Where did it come from? With Tanium, we were able to determine where the command and control was coming from.”
Of course, ransomware is far from the only IT risk businesses face. Peters learned this firsthand when one of his customers got infected by a malicious software worm.
“They were seeing weird things pop up on their screens,” Peters recounts, “and they didn’t know where it was coming from.”
To remediate the situation, ProNet first used Tanium modules to discover which processes were involved and how the connections were being made. Next, ProNet created a mitigation plan to protect the environment. And finally, it used Tanium to quarantine and clean the infected devices.
“Tanium,” Peters says, “gave me complete control.”
With today’s large and disparate networks, simply knowing what you have isn’t always easy. ProNet helps customers get a handle on their inventory with Tanium Asset. This tool provides a comprehensive inventory of hardware and software assets in real-time, helping users drive strategic business decisions and enrich existing data stores.
“Tanium Asset lets us see the complete environment, including computers and processors,” Peters says.
That can also help customers save money. Peters and his team use Tanium Asset to not only inventory devices, but also track their purchase dates. That information can help customers decide whether a personal computer (PC) needs a costly replacement or merely a less expensive update.
“Sometimes you can just add some memory or a solid-state disk drive and get a couple more years out of the machine,” Peters explains.
Updating older PCs can boost worker productivity. Systems slow down gradually over time. Often, users don’t notice. Over the course of a year or two, the system could be running at only a fraction of its capacity, which also slows the user.
ProNet gets around this with Tanium Asset. With the tool’s results, the company can show its customers the age of their machine, how slowly it’s running, and more. Armed with that information, the customer can then decide whether an upgrade is needed and, if so, what to upgrade and when.
For further benefit, ProNet sometimes combines Tanium Asset with another Tanium tool, Deploy. Designed to help IT operations teams run more effectively, Tanium Deploy simplifies software management without the burden of additional infrastructure or other more expensive software deployment solutions.
ProNet uses this dynamic duo to first identify systems that need an update with Asset, and then use Deploy to implement those updates.
One example is Zoom, the popular web conferencing system. Some of ProNet’s customers realized that users weren’t keeping their Zoom versions updated, even after receiving notifications.
In these cases, ProNet first uses Tanium Asset to identify which version of Zoom users are on. Then, for those needing an update to the latest version, ProNet uses Tanium Deploy to make the update.
Patching for performance
One powerful way to lower cyber risks is to keep software patched and up to date. Most attacks and breaches occur due to vulnerable operating systems and applications that are left unpatched. With Tanium Patch, Peters and his team can patch easily and quickly.
“For us, patching is more than just the Operating System,” Peters explains. “We also have customers who load applications, and we may not have the ability to change or control that. So, we have to then make sure those products are kept up to date.”
Zoom again provides a good example. “Zoom may or may not tell you when it needs an update,” Peters says. “With Tanium, I can update all the Zoom clients before users are prompted.”
Another important tool in Peters’ kit is Tanium Discover. It offers control of unmanaged endpoints across a range of remote, on-premise, and cloud environments. Peters calls it a “spotlight” that illuminates what’s on a customer’s network.
That’s important for identifying and closing security risks such as open but unneeded ports, Peters says. One of his customers had this issue after signing a lease with a copier company.
“The supplier dropped a lot of multifunction copiers in the customer’s environment,” Peters explains. “With Tanium Discover, we learned that the supplier had enabled FTP and Telnet on all of them. An attacker could have moved laterally into a copier, and nobody would have known it.”
With Tanium Discover, the ProNet team could identify the open, dangerous ports. “Then tell the customer, ‘hey, let’s close these things down,’” Peters says. “That’s important for cyber hygiene.”
Unfortunately, cyber hygiene — the adoption of security best practices around common online activities — is easy for midsize organizations to overlook.
“Many of them say, ‘I don’t have time, I have to focus on getting stuff out the door, getting it invoiced, and getting paid,’” Peters explains.
That’s where ProNet comes in. For example, the services provider uses Tanium Comply to help its customers in step with both industry and government regulations.
“With Comply, we can go through a customer’s environment and see where they’re vulnerable and non-compliant,” Peters says.
That recently helped ProNet serve one of its customers, a subcontractor with the U.S. federal government that was struggling to comply with what’s known as NIST SP 800-171. It’s a special publication that recommends ways of protecting the confidentiality of controlled unclassified information.
“With Tanium Comply, we can see what their vulnerabilities are,” Peters says, “and then build out their compliance scores.”
Peters and his team are now beginning their move to Tanium as a Service (TaaS), which offers the functionality of the Tanium platform as a fully managed, cloud-based service.
“TaaS gives us multiple zone servers, which in our world we didn’t have,” Peters says. “It lets us leverage all the connection points coming in.”
Peters also appreciates the security of TaaS. “It’s super-secure,” he says. “In fact, probably as secure or more secure to what we were doing on-premises.”
Don’t get lost in the dark. Switch on the lights with Tanium.