Category: tanium tale

Can you tell us about your professional history and Tanium story?

I have been working in the world of Tanium for eight years now. I started my technical career over 20 years ago in desktop support, and moved up the ranks to security operations.

How did that path lead you to Tanium?

My first experience with Tanium was as a security engineer for a very large company in the travel industry. The company already had Tanium in place, although this was way before Tanium Threat Response was available.

I just remember the light bulbs going off when I first saw Tanium in action, seeing that it could give an accurate inventory of all the software in our environment. I couldn’t wait to find out more: How could I use it with the other security tools I was managing? What could Tanium allow us to see, which other tools couldn’t?

I eventually joined Tanium as an employee because I could see the power of the tool and wanted to learn all the best practices for using it in a corporate environment. I was hooked.

I was a director of technical account management at Tanium. In that role, I worked with a wide range of organizations to adopt and get the most of out their investments in the platform. I also learned a lot. When the opportunity arose to join Chuco, I was excited by the chance to take my client involvement one step further – with hands on keyboard, we can help organizations reap the benefits of using Tanium faster.

Can you share more about your role now as a senior consultant at Chuco?

I work directly with Chuco clients on a weekly basis, helping them use Tanium to address their security and business objectives.
One of the best parts of my job is getting to “re-live” time and again, the reaction of new users of Tanium —when the light bulb goes off, and they finally have that “Aha!” moment about what the platform can do for them and their organization.

Of course, when you first turn on Tanium, it can be a big shock. You suddenly see all the vulnerabilities and risks in your environment. I worked with one client that was shocked to discover it had many Windows servers with 400, and even 600 days of uptime — meaning they had not been rebooted and thus hadn’t been patched to address critical issues.

Is that an extreme or unusual example?

No, we often remind CIOs and CISOs that no organization is immune from vulnerabilities. These types of issues are often par for the course.

Everyone has been using the same endpoint management tools with the same limitations. Every company has critical patches outstanding since 2007. And many organizations are running antivirus and EDR software on desktop environments, that are not installed correctly or maintained poorly. The good news is that now you have Tanium, and this can be dealt with in minutes.

For IT operations teams, turning on Tanium can be overwhelming at first, because there is so much data available. People who are new to Tanium feel like they’re not sure where to start.

How does Chuco help?

Chuco comes in and we help teams prioritize and get to the heart of what they can do with Tanium. We like to go in and pursue a jointly-defined list of “quick wins”. As part of that, we’ll start by assessing their environment and making recommendations for what to focus on first. Often, we help our clients set up dashboards to make it easier for them to track the things they care about most.

I speak directly to CIOs and CISOs in regular status meetings. And I also work with engineers and IT teams, setting up best practices in Tanium, automating self-heal of other agents, helping them make sense of the data, and giving them context. SecOps teams often say they appreciate how quickly we can go in and help them generate reports that communicate what management needs to know.

Recently, Chuco launched a new “rapid deployment” service offering. It’s designed to help brand-new Tanium clients get up and running within an accelerated timeframe, so they can achieve results even faster.

You spoke earlier about education and training, how does that factor into your approach to client service?

We want to train clients to fish for themselves, or at least to the degree they want to. That often means training the in-house team on how to ask the right questions on the Tanium platform.

An example of this is going over what to do when notified of a critical zero day exploit. That includes using available resources like Tanium Community, learning how to find the sensors that you need, and filtering for what you care about.

When you’re dealing with the threat of the day, in the past, your desktop operations team had to go from workstation to workstation to find and mitigate vulnerabilities. With Tanium, you can do it all from one console, in seconds.

Overall, how would you describe working at Chuco?

I had always heard great things about Kevin Chu [president]. He has known Tanium since the early days and his passion for helping organizations succeed with Tanium is clear in everything he does. I knew going into this role that this would be a great fit, and it is satisfying to be part of such a committed team.

Working with Chuco, I get to help our clients hit the ground running with Tanium. Depending on the engagement, I can have my hands on the keyboard in the customer environment from Day One. It makes a world of difference. We don’t have to spend 30 minutes walking through how to set things up.

I help our clients set up reporting and patching, pointing out outdated software, generating compliance reports, and working with the data to help prove the point. With Tanium, reporting is no longer a time sink. Once our clients start seeing the improvement, once they see outcomes, then they are sold.

For me, it has been rewarding to help our customers catch up quickly with patch management, and respond to new threats, but also set up the framework to stay ahead of potential vulnerabilities in the future. Tanium is a game changer in endpoint management, and it’s a great feeling to help set up our clients for success.

A non-profit medical provider with over 72,000 employees globally, offering services including clinical and hospital care, research and education, had a serious IT ailment.

The head of its workstation team knew that security vulnerabilities lurked across their 90,000 endpoints, distributed over nearly 250 international locations. But with only limited and anecdotal evidence — and no ability to thoroughly examine its environment or effectively patch and update ailing systems — the prognosis for maintaining long term health was dim.

And that meant, absent intervention, the organization faced continued uncertainty and very real security risk — a question of when, not if, a major breach would occur.

The workstation team knew that in order to secure the buy-in, budget and resources necessary to address both the symptoms and the underlying causes at scale, it had to address two related needs:

• First, it needed detailed visibility of the scope and severity of the issues — granular understanding of the state of the operating system and software landscape across all internal endpoints.
  
  
• Building on that capability and knowledge, it also needed modern tools that would empower them to prioritize, patch and update that software to fix those critical issues.

Turning to Tanium — and skipping to the happy end in this story — the IT team found a single solution that could fully address these needs. Working with Chuco, the IT team has enhanced the organization’s risk assessment and patching practices, putting the organization’s security profile on much healthier footing for the long term. As we’ll discuss in greater detail below, while an initial assessment revealed over 46 million vulnerabilities, that number was reduced by 70% within six months, with priority issues reduced by 90% in that timeframe.

One of the questions we hear all the time from Chuco clients is, “Can you help us with integration between ServiceNow and Tanium?”

The benefits of integrating ServiceNow with Tanium are so clear, we can’t think of a reason you wouldn’t want to do it. Relying on siloed data sources increases the risk of inaccurate inventories, visibility gaps, and delays in response times.

Through integration, workflows created in ServiceNow can access accurate, real-time endpoint data from Tanium — regardless of whether the endpoints are physical, virtual, cloud-based, or in the IoT. Better information means more efficient and more effective automation.

So if you’re asking whether Chuco can help make
this integration a reality in a way that works within a specific timeline and budget, the answer is a
resounding “Yes, absolutely!”

We’ll share an example of how we worked with a Chuco client in improving their ROI from ServiceNow by using Tanium as a unified platform for IT security and operations. We’ll also discuss several use cases for integrating Tanium with ServiceNow.

There are several compelling use cases including:

• Enhancing your configuration management database (CMDB) in ServiceNow through real-time updates from Tanium
• Optimizing IT and software asset management
• Further streamlining and automating patch management and compliance
• Implementing security orchestration, automation and response (SOAR)

Fresh off the virtual press, the Cybersecurity and Infrastructure Security Agency (CISA) has just published its annual list of the most commonly exploited vulnerabilities for 2021. The report found that in 2021, malicious cyber actors heavily targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities like Log4Shell.

Three of the top 15 exploited vulnerabilities were also routinely exploited in 2020 and demonstrates the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor. 

The list comprises Common Vulnerabilities and Exposures (CVEs) that are seen actively and frequently exploited in the real world. So for security professionals, if anything should keep you up at night — issues to investigate, check, correct, and then double-check — these should top the list.

Given the high-profile nature of how the CISA report shines a spotlight on these particular attack vectors, time is increasingly of the essence for any organization to get on top of their security housekeeping.

CISA noted that patch management is critical. The abrupt shift to remote and distributed working environments driven by the COVID-19 pandemic is now causing new strain on organizations patching procedures, effectiveness, and compliance levels. As the world re-orients into hybrid working models, organizations that invest in the right risk strategies will be positioned to address not only the fresh CISA exploit list, but also the ongoing (never ending) security hygiene challenges they face.

Having worked with many clients to address a broad ranges of security issues, I wanted to share some thoughts, advice, and practical steps to manage your endpoints using Tanium, a leader in converged endpoint management.

When it comes to seeing and controlling every endpoint across your network, there simply is no platform that can compare to Tanium.

However, in our extensive work with a diverse set of clients, we’ve found that some users really want a faster way to execute specific tasks – without having to navigate the Tanium console.

The first class of users – Windows administrators and Linux administrators – is highly technical. These users are often accustomed to getting most of their work done using a shell. With so many other day-to-day responsibilities, these Linux and Windows administrators often ask if they can access Tanium via a simpler console interface in order to patch and secure their systems quickly and efficiently.

Another class of users is help desk support staff. Depending on how IT support staff are organized, the Tier 1 and Tier 2 help desk may need to deploy software updates targeting specific machines using Tanium. In reality, they require only limited access to Tanium and want to avoid deploying packages to the wrong machines or perform other actions by mistake.

In order to get maximum benefit out of endpoint security management using Tanium, clients have asked us to develop a tool with a web console to enable these users to perform basic tasks without becoming a fully certified Tanium operator.

When a global $13b business protecting the most critical information assets of thousands of customers sought to take greater control over its Windows workstation environment for 13,000 employees, it turned to Tanium.

When Tanium sought to engage the best partner to enable its customer’s long-term success with the platform, it tapped Chuco. We’ll take a closer look at some of the highlights of that collaboration over the past year.

When a $30 billion dollar transportation company with 10,000 endpoints and hundreds of servers adopted Tanium, they realized that improving their patching capabilities, efficiency and overall compliance levels could have a significant impact on their ROI. Tanium introduced them to Chuco, and we got moving — fast.