Explaining endpoint ‘tool bloat’
Have you managed to acquire a pile of security tools in your organization that sit unused? It’s a common issue and it’s one we see a lot in the endpoint security space. If all these products did what they said on the box or in their marketing collateral, it wouldn’t be nearly such a costly problem for enterprises. A major financial services company explained to me recently that it actually had to stop buying any additional security software until it can remove at least two current products from its roster. The firm currently has a staggering 30 endpoint tools running on any given machine – way too many, for any size of organization. Typically, the firm only uses 20-30% of the features in each tool.
We applaud this particular organization for refusing to suffer any more from “tool bloat” – but how did it get this bad?
Part of the problem is the marketing claims made by many solution providers. In the endpoint detection and response (EDR) space, it seems like every tool can “prevent, detect and respond” “at scale” and in “real-time”. The problem is the space between where these claims end and reality begins. An RFP might not get an IT buyer any further than the same kind of rehashed marketing hype. And as for demos – well, unless you can see the product up and running in a real production environment, it’s hard to believe any claims.
So what happens?
IT buyers get these products in and then find out they were either sold hype or they realize that each tool only attempts to solve a piece of the problem. So they look for something better or another tool to help get visibility into a different problem. And the cycle repeats itself again. The irony is that with a bunch of siloed tools on the endpoint, gaining visibility into your IT environment is even harder.
The truth is that endpoint security is nothing without visibility. That’s the first step: find a platform – not a bunch of siloed tools – which delivers true real-time visibility (which in today’s world requires data in seconds, not hours or days) at true enterprise scale (which in today’s world means the ability to scale to 100,000s or even millions of endpoints) to find out “what, where, when and how” an incident happened. This requires the ability to search across historical and current data and come back with a comprehensive picture in just a few blinks of the eye.
Then you need a platform with a wide array of remediation capabilities to lock down risk – from patching, to quarantine, ending processes, uninstalling affected apps and so on. But arming security teams is only part of the equation. IT Operations teams also need a way to provide ongoing enforcement of security, from getting visibility into the devices on the network and what software versions they are running to deploying patches and software updates to keep them in compliance.
Tanium’s endpoint visibility and control
This is exactly what the Tanium platform does. It’s all about gaining 15-second visibility and control over every endpoint, to quickly detect, investigate, remediate and enforce security and ongoing compliance in a way that works. And with a single platform that takes care of addressing multiple issues you can take big strides towards eradicating costly “tool bloat” in your organization.
There aren’t many organizations today which don’t suffer from tool bloat in one area or another.
How many tools do you have deployed? Do you have more agents than you can manage? What is the associated cost to your organization? Are you confident they are addressing your most critical issues? These are good questions to ask to get a baseline of your current tool environment. What tools could you rationalize if you consolidated onto a single platform?
Tyker Fagg, VP Americas West