Mar 01, 2016
What’s Next in Endpoint Security: Announcing Tanium Protect™By Erik Kristiansen
A decade or more ago, the choice for how to allocate precious information security dollars was easy. The reality of today is much more complex.
Everyone knows the limitations of traditional information security tools such as antivirus, which is still often required for regulatory or other reasons. With the potentially high cost of a breach as a looming threat, the security point tools market has exploded in recent years. According to the SANS Institute, “there are more than 200 different products from over 125 vendors to solve the top 20 critical security controls.”
“There are more than 200 different products from over 125 vendors to solve the top 20 critical security controls.”
Meanwhile, all of these new technologies distracted us from the real issue with endpoint security: good hygiene. The Verizon Data Breach Investigations Report (DBIR) actually found that “99.9% of the exploited vulnerabilities were compromised more than a year after a CVE had been published.”
Earlier this year, Rob Joyce, head of the National Security Agency’s (NSA) Tailored Access Operations (TAO) confirmed this disturbing fact: “NSA hackers have performed penetration testing, issued a report on vulnerabilities and then when they go back two years later to test again found the same problems had not been fixed.”
The new model of endpoint security
There’s a better way than buying more siloed tools for endpoint protection. Over half of the Fortune 100 have already realized 15-second visibility, control and the ability to enforce security hygiene with the Tanium Core Platform. In 2015, we launched five new Tanium Product Modules on top of the platform. Unlike buying more point tools, Tanium Product Modules leverage the underlying Tanium architecture to solve a specific IT management problem without adding yet more infrastructure and agents. For example, the Tanium IOC Detect™, Tanium Trace™ and Tanium Incident Response™ product modules all provide industry leading capabilities that augment the Tanium Core Platform to help organizations detect, investigate and remediate threats.
Effective remediation entails more than just playing whack-a-mole with malware; it also means reducing the attack surface of an environment. Tanium has long-provided customers with the ability to efficiently distribute and install operating system and application patches — even across hundreds of thousands of systems. Yet patching alone still can’t help block identified threats as other cleanup and recovery security efforts are underway. That’s where Protect™ comes in. Protect enables security leaders to fully take advantage of the security protections already built in to their existing operating systems and software, instead of deploying yet another siloed technology. Organizations have historically struggled to make effective use of technologies such as Microsoft’s Software Restriction Policy, endpoint Firewall, EMET’s exploit-prevention and Microsoft Anti-Malware — not due to lack of features, but rather the inability to easily configure, deploy, manage and monitor them at enterprise-scale.
Tanium Core platform
Protect is different than other methods of scaling these technologies in its use of the underlying Tanium Core Platform. Specifically, Protect provides administrators with:
- Simple to use policies and actions to centrally manage security control configurations such as to block specific network connections or create application blacklists
- Tanium content to manage the health of Microsoft Anti-Malware and EMET to detect and block known malware and common exploitation techniques
- The ability to apply (and validate) policies across even very large networks in seconds, thus helping teams quickly respond to a new threat or spreading attack
- A single agent and streamlined infrastructure to support a full-breadth of endpoint security needs (detect, investigate, remediate, enforce)
By integrating Protect with other modules in the new Tanium Security Suite™, Tanium is uniquely able to address endpoint security starting with endpoint hygiene and continuous scans for indicators of compromise. Incident responders can quickly pivot from hunting to then block a malicious file hash or network connection — whether the endpoint is connected to the local network, home office, or a public wifi.
The new model of endpoint security involves enforcing security best practice through this type of endpoint protection, good environment hygiene, the ability to quickly detect, investigate and remediate every endpoint across the enterprise. Only Tanium addresses all aspects of this lifecycle with 15-second speed and enterprise-scale.
We’re very excited about the potential for Tanium Protect, which is a great illustration of how Tanium Product Modules and the Tanium Platform can help simplify IT management by eliminating point tools. We’re just starting our journey, but see Protect as having critical value for forward thinking organizations who want to optimize their security investments, while at the same time improving overall security posture.