Tanium looks to revolutionize enterprise security and system management by providing customers visibility into every network endpoint within 15 seconds.
Tanium Inc., an enterprise security and systems management firm, recently accepted $120 million in funding from TPG Capital, T. Rowe Price, Institutional Venture Partners, and Andreessen Horowitz. Never heard of Tanium? Many haven't, but that does not seem to bother its investors.
It might help that cofounders David Hindawi (Chairman of the Board and CEO) and son Orion Hindawi (President and CTO) already have one success story to their credit. Prior to starting Tanium in 2007, David Hindawi founded BigFix, Inc. in 1997, with Orion coming joining later.
David Hindawi's idea for BigFix was to simplify control of networked computers, which eventually expanded into an entire management package, including: endpoint asset inventory, security vulnerability detection and remediation, software distribution, IT compliance reporting, patch management, software license management, security policy enforcement, and endpoint device power consumption management. BigFix was acquired by IBM in 2010 for a reported $400 million.
So, the Hindawi duo had 10 years of experience with enterprise endpoint system management before starting Tanium. That background might be why Amazon, Intuit, NASDAQ, and Target are interested in Tanium's security and management platform.
In 2014, one of the first things Brad Maiorino did, after being selected by Target as its first CISO, was call Tanium. "One of the key areas we focused on was enhancing our ability to detect and quickly respond to security incidents," mentioned Maiorino. "This requires real-time insight into every end point across the enterprise."
Shortening the time required to discover security anomalies is a priority considering how rapidly the costs add up each day, week, or month the security incident goes unnoticed.
Orion Hindawi, in this video, talked about something else that's not working when it comes to corporate IT security — focusing on "after-the-fact" forensics. Orion Hindawi suggested doing so only makes sense if the next attack uses the same tactics.
And to make matters worse, today's successful attacks are quick incursions. Evidence found an hour after learning of the attack is useless mentions Orion Hindawi.
The Tanium slide in Figure A depicts what the company considers broken in existing security systems, and it's more or less what security pundits have been complaining about for a while.
- Security alerts are siloed.
- Unable to locate the problem, in particular in large networks.
- Problems are resolved too slowly or never at all.
- Operation and security departments are at odds with each other.
Detect and remediate threats in seconds
"Security has to move towards a preventative model," states Orion Hindawi. What he and others at Tanium propose is shown in Figure B.
David and Orion Hindawi stress the need for speed when it comes to enterprise security. Immediate (15 seconds) visibility of every network endpoint is the only way to stop attacks. Brennan Reynolds, senior director of technical account management, explains in this video how Tanium's Endpoint Platform achieves that speed.
The slide in Figure C diagrams what Reynolds calls the "linear chain communications architecture." Using this topology is one reason the people at Tanium can make the following claim. The endpoint management platform collects information from every endpoint in the environment, pivots, and takes a subsequent action — all in less than 15 seconds, even infrastructures having hundreds of thousands of endpoints.
This page on the Tanium website has several data sheets and a video near the bottom that provide details about endpoint security. Reynolds also states, "Tanium does not prefetch or query stored results in databases, it communicates in real-time with each endpoint."
Reynolds caught my attention with this comment, "The speed of Tanium allows security analysts to transform into cyber hunters and proactively look for abnormal, anomalous, and potentially malicious activity occurring within the network."
Finally, someone is talking about being proactive.