Tanium Tale — Trading Tripwire Toll for Tanium Treasure

A healthcare provider serving over 12 million members nationally recently seized a tremendous opportunity to achieve significant cost savings, simplify its IT infrastructure, and reduce internal support costs by replacing Tripwire File Integrity Manager with the equivalent capabilities in Tanium Integrity Monitor.

Now, this organization already had seen great value from Tanium, which it uses to manage and configure over 500,000 endpoints. But it knew that migrating to a new file integrity solution posed some level of material risk.

Given the sensitive nature of the compliance requirements driving file integrity management in highly regulated industries, and the complexities of the existing software and configuration parameters in place, this was not a journey without potential challenges and traps.

I’d like to share the highlights of how Chuco quickly tackled those issues, set our client up for long-term success, and delivered significant budget savings in the process.

Understanding Scope and Defining Success

With a Tripwire license renewal deadline approaching, and an opportunity to dramatically reduce that expense with a swap out, this healthcare provider engaged Chuco in late 2020, based on a recommendation from Tanium. The client had an aggressive deadline in mind, and we love a challenge — particularly when we can put our team’s skills to effective use (in this case, literally in the fourth quarter, with the clock ticking).

While the organization had over 500,000 endpoints, there were 2,500 key systems subject to file integrity management requirements. And they wanted to bring over the specific and exact configuration of the monitoring rules, reports and other key parameters they already had in place.

In many respects, success looked like the status quo — but with a significant license cost slashed from their budget, and one less software system to administer and wrestle with.

In many respects, success looked like the status quo — but with a significant license cost slashed from their budget, and one less software system to administer and wrestle with.

Assessing a Complex Compliance Landscape

File integrity management plays a critical role in addressing regulatory, compliance and security requirements.

On relevant systems, monitoring rules define folders and files where operations need to be actively logged (e.g. create, delete, write, rename, change permissions). And reporting rules communicate summaries and alerts to key stakeholders on an event-based or scheduled basis.

So if the signature of a file changes, particularly outside of a normal upgrade window, someone can actively intervene and execute any security review procedures.

And in Tripwire, those systems are categorized in a massive tree structure where servers are tagged with relevant criteria labels. Those labels determine the specific rules and reports that may be applicable to any given server. It’s a many-to-many relationship — there are a lot of leaves in this forest and none can be left out.

Chuco Automates Endpoint Configurations (Without Any Changes)

To smoothly execute this migration, Chuco developed a set of custom tools to analyze existing Tripwire data and provide the automation necessary for a quick, error-free, and exact import into Tanium.

Our toolkit addressed several critical stages of the journey. But, fundamentally, we built a solution for parsing the enormous Tripwire dataset describing the system node structure: all the endpoints, configuration details and descriptive tags, and then re-creating the Tanium compatible equivalent data structure for import into Tanium Integrity Monitor.

By taking the time to solve the hard technical problem, we made the actual migration look easy. Put otherwise, we had collectively agreed that a manual process to do the extract, reconfiguration and loading into Tanium would have taken 4-6 months.

Our approach — which resulted in the creation of 200 system groups and configurations for all 2,500 endpoints, including different 1000 custom tags — took about 15 minutes. And what’s more, by avoiding a manual process, we eliminated the risk of human error.

Our approach — which resulted in the creation of 200 system groups and configurations for all 2,500 endpoints, including different 1000 custom tags — took about 15 minutes.

The ROI, Lessons and the Larger Opportunity

Here are some key takeaways to consider:

  • There is significant, hard ROI to be had from swapping out Tripwire for Tanium. And the savings can be tremendous — with a switch to Tanium, organizations can cut their license fees by 66% compared to Tripwire.

  • Beyond the budget, there is softer return worth considering as well. One fewer system to manage means a simplified IT architecture, one less tool to manage, update, reconfigure and train staff to effectively use.

    Put otherwise — taking greater advantage of Tanium makes both economic and operational sense.

  • This is a repeatable journey and Chuco can help you achieve similar success.

    Having navigated this journey swiftly and successfully with a client, Chuco now stands ready to apply the knowledge and tools we’ve developed to other organizations looking to achieve similar results.

    (We expect that systems and objectives will vary. So we’re not promising a pushbutton, fifteen minute migration without laying some necessary groundwork. But we are confident in our ability to execute, and ready to work with all comers.)

  • Finally, a Tripwire-to-Tanium swap out is yet another great case for Tanium — either adding Integrity Monitor to your existing solution configuration, or justifying an initial Tanium investment in the first place.

    And it’s another great way for IT, security and compliance teams to deliver a budget win for the business, while also making their own operational lives easier.

A Tripwire-to-Tanium swap out is yet another great case for Tanium… Having navigated this journey swiftly and successfully with a client, Chuco now stands ready to apply the knowledge and tools we’ve developed to other organizations looking to achieve similar results.

To Learn More

If you’d like to learn more about how we work to support organizations get the most from their Tanium investments, we’d love to connect. Through years of hands-on experience, working both at Tanium and now as independent consultants, the Chuco team has developed a deep understanding.

So whether you’re just starting to work with Tanium, or looking to really push things to the next level, we have experience, insight, and hands ready to assist — be that offering some seasoned advice, working to help execute a specific project, or taking on a role as a virtual member of your internal Tanium team.

Read More Tanium Tales:

Tanium Tale — A Simpler Way to Execute Tasks in Tanium

When it comes to seeing and controlling every endpoint across your network, there simply is no platform that can compare to Tanium. In order to get maximum benefit out of endpoint security management using Tanium, clients have asked us to develop a tool with a web console to enable these users to perform basic tasks without becoming a fully certified Tanium operator.

Read More »

Better Together — Driving Even Greater ROI from ServiceNow with Tanium

The benefits of integrating ServiceNow with Tanium are so clear, we can’t think of a reason you wouldn’t want to do it. Through integration, workflows created in ServiceNow can access accurate, real-time endpoint data from Tanium — regardless of whether the endpoints are physical, virtual, cloud-based, or in the IoT. Better information means more efficient and more effective automation.

Read More »

The Log4Shell Threat to Businesses — Not Out of the Woods Yet

The FTC means business when it comes to pushing organizations to patch Log4j promptly. Even if you’ve taken the initial steps to patch your systems, the problem is that Log4Shell is not your typical vulnerability. Log4j is not software from a single vendor. Read more about the Tanium advantage in surfacing and remediating Log4Shell.

Read More »

Tanium Tale — TaaS Cloud Migration

A $13b global manufacturing powerhouse with over 180,000 employees was ready to take its Tanium investment to the next level — moving its on-premises Tanium infrastructure to the cloud. As substantial users of Tanium with broad adoption of the platform, they knew they needed a seriously skilled partner to help execute their transition to Tanium as a Service (TaaS).

Read More »