Many security monitoring products gather information from computers over the network and store it in a centralized database, where it can then be analyzed and queried. The biggest problem with this approach: The data is only as fresh as the last collection, which might happen nightly at best. A better strategy would be to pull fresh data from the endpoints on the fly when it’s needed. The issue there is getting query results from a network of hundreds or thousands of computers in a reasonable time. This is a problem that Tanium solves.
I’ve been following the Tanium Endpoint Platform for a few years now. Early on I was a skeptic. I thought the endpoint querying solution was a one-trick pony that excelled at speed, but not at answers. I used to summarize Tanium as simply "a security query engine on steroids." I still have concerns about the Tanium product, but it has continued to mature, expand, and improve to the point where I think every company should review and consider it.
To continue reading this article register now