Tanium 101

It’s now been over three months since I left Microsoft and joined Tanium as a Global Technology Specialist. During that time, I’ve been through a lot of training, as well as hands-on work with the Tanium solution. And while I certainly have only scratched the surface of what can be done, I do at least have a good understanding of its capabilities.

First, it’s worth talking a little about the underlying architecture. Unlike most solutions that require layers of hub-and-spoke servers to scale out to larger numbers of clients, Tanium can instead leverage linear chains of devices, in effect always leveraging communication between individual devices in the chain (talking to the previous and next devices in the chain only, with only the ends of the chain talking to the server) to reduce the load on the network as well as on the servers. As a result, the number of servers required for large environments is very small (and no third-party add-ons are needed for remote sites either), often using just three servers (more for redundancy). These could be pre-installed on-premises appliances (ready to be plugged in and configured for your environment) or cloud-hosted “Tanium as a Service” (Taas) instances. (While you could install a Tanium Server on Windows Server, the other options are more popular and definitely worth looking at instead.)

Once you have a scalable, efficient peering architecture built around linear chains, you then have a solid foundation to build additional functionality on top of that. That functionality includes both Unified Endpoint Security (UES) and Unified Endpoint Management (UEM) features, supporting a variety of client platforms (Windows, Mac, Linux, AIX, Solaris).

I have never considered myself to be a security expert, because you have to draw the line somewhere. But that’s where a lot of Tanium customers started: they need to be able to respond to and recover from threats as quickly as possible, at scale. Imagine being able to immediately determine if you are affected by a security vulnerability — Tanium can get you the answers you need without delay. (Read up on the SolarWinds response, which is a good case study.) You can find more information on the capabilities here.

My focus is on Unified Endpoint Management, especially for Windows devices, so it would come as no surprise to anyone that I am focusing more on that part of the Tanium feature set. Do you want patching that works at blazing speed (without the headaches of WSUS)? Software distribution that leverages the linear chain for content distribution between peers automatically (with support for ordered bundles and self-service)? Asset discovery and extensible inventory? Real-time performance monitoring? Settings management (e.g. GPOs, without the need to talk to domain controllers)? And the ability to get real-time information from all devices in your environment (instead of waiting for scheduled inventory scans)? It’s interesting to see customers using other device management products that initially look at one aspect of Tanium, e.g. patching (because they struggle to get to the needed compliance levels dictated by the organization), and based on the success of that aspect then expands out to other feature areas.

If you want to check out Tanium yourself, you can request a demo or even sign up for a two-week trial of the Tanium-as-a-Service offering. At the very least, check out the online documentation and the online community of Tanium customers and employees.

I’m sure you’ll see more blogs from me every so often that dive more deeply into specific areas of Tanium. But at the same time, I’ll continue blogging about Windows management and deployment topics too (since that is my area of focus after all).