CDW + Tanium — The Best Prescription for Security Risk & Patching Pain

A non-profit medical provider with over 72,000 employees globally, offering services including clinical and hospital care, research and education, had a serious IT ailment.

The head of its workstation team knew that security vulnerabilities lurked across their 90,000 endpoints, distributed over nearly 250 international locations. But with only limited and anecdotal evidence — and no ability to thoroughly examine its environment or effectively patch and update ailing systems — the prognosis for maintaining long term health was dim.

And that meant, absent intervention, the organization faced continued uncertainty and very real security risk — a question of when, not if, a major breach would occur.

The workstation team knew that in order to secure the buy-in, budget and resources necessary to address both the symptoms and the underlying causes at scale, it had to address two related needs:

  • First, it needed detailed visibility of the scope and severity of the issues — granular understanding of the state of the operating system and software landscape across all internal endpoints.

  • Building on that capability and knowledge, it also needed modern tools that would empower them to prioritize, patch and update that software to fix those critical issues.

Turning to Tanium — and skipping to the happy end in this story — the IT team found a single solution that could fully address these needs. Working with Chuco, the IT team has enhanced the organization’s risk assessment and patching practices, putting the organization’s security profile on much healthier footing for the long term. As we’ll discuss in greater detail below, while an initial assessment revealed over 46 million vulnerabilities, that number was reduced by 70% within six months, with priority issues reduced by 90% in that timeframe.

The CDW Connection — A Tanium Trial Builds Trust in the Technology

While the organization had an existing patching software in place — a tool from a large vendor offering dozens of products addressing broad IT categories — that utility was not able to deliver results in practice.

For one, their existing tool provided limited visibility across systems and configuration details — in practice, these were significant blind spots preventing an informed response. Moreover, using the tool to automate patching was painful and impractical.

So the IT team turned to CDW, its primary supplier of hardware, software and professional services. And in turn, CDW identified Tanium as the better option. Tanium’s fresh vision of converged endpoint management, combined with practical, integrated tools designed to deliver real-world results offer incredible potential.

To test that in practice, the organization worked with CDW to secure Tanium software for a trial deployment. Through that proof of concept, the in-house team found it straightforward to validate Tanium’s ability to address its patch management challenges effectively in a real-world environment.

The team also decided to get help from seasoned experts, rather than spend time and resources re-inventing the wheel. So it asked CDW to introduce a consulting partner with the understanding, experience and ability to execute — and CDW brought Chuco into the mix.

Chuco Changes the Tanium Game

Through our relationships with both CDW and Tanium, Chuco is able to quickly deliver success at scale.

Engaging with this new client, our team first worked to understand its environment and objectives, and then extend and operationalize its Tanium trial infrastructure. The project included addressing configuration challenges, implementing best practices, and scaling tools across the organization.

As part of those efforts, we worked closely with the IT workstation team to answer questions, train and educate. We welcome the opportunity to teach and enable individuals to develop their Tanium proficiency, so they can get more out of the system.

From a Challenging Risk Landscape, to Chuco Intervention, to Choice Outcomes

Working to extend the deployment and adoption of 11 Tanium modules, Chuco quickly enabled broad visibility across a number of endpoint security issues. Tanium Comply comprehensively surfaced vulnerabilities, allowing the team to prioritize response measures.

For example, the PDF software and Java versions in place on many systems was out of date and in need of urgent updates.

Results were achieved rapidly. Using Tanium Deploy, the team could apply patches easily, and then observe those vulnerabilities fall off of subsequent daily system scans. Seeing immediate results gave the client instant comfort, and the ability to point to early success with management.

In some instances, the Chuco worked to map Tanium’s patch capabilities to software products not already part of the platform’s gallery of 100+ supported products.

All told, the initial assessment revealed over 46 million vulnerabilities. Executing to plan over about six months, that aggregate number was slashed by 70% to 8 million. And the most urgent, prioritized issues, like Java updates — which represented nearly half of all flagged vulnerabilities — were cut even further, by 90%.

[For more detail on how Chuco approaches patch management with Tanium, including an in-depth client case study, see: https://chuco.com/tanium-tale-navigating-a-path-to-more-perfect-patch-management/]

Scaling Success, Working on Windows

Another area where Tanium quickly shined was addressing Windows 10 updates and upgrades. Again, the client’s third-party software was unable to perform. But with Tanium in place, we were able to distribute Windows releases to necessary endpoints, reconcile local version and update requirements, and launch the update process with great efficiency and ease.

To streamline this workflow and avoid internal disruptions, we set up a user notification and confirmation process — so no one was surprised, particularly in those instances where these updates can take some time and/or require a workstation reboot.

As expected, we encountered instances where legacy applications running on systems prevented updates from succeeding. Tanium flagged those occasional edge cases, enabling our team to identify the cause and remediate those issues.

The net result of our joint Windows work is that the client’s operating system infrastructure is now far more up to date and secure as well.

[For more on Chuco’s approaches, lessons and best practices for upgrading and updating Windows 10, including an in-depth client case study, see: https://chuco.com/tanium-tale-welcoming-more-efficient-windows-upgrades-and-patching/]

Tanium Success Summarized — Achieving New Levels of IT Health, Efficiency and Possibility

The tailored consulting and training from Chuco has enabled this organization to meet and exceed its objectives. With the system hygiene and security posture of the organization now on much more solid footing, the workstation team is now managing day-to-day use of Tanium internally.

Having achieved measurable results and significant impact, the workstation team can point to clear ROI when explaining its progress to management (and advocating for continued investment in its critical endpoint management activities).

Continuing our collaboration, the Chuco team is turning to implement more Tanium capabilities to address new security objectives with the team.

Finally, seeing the success achieved by the workstation group, this organization’s server team is now adopting Tanium as well. Chuco is providing the server team with advice, guidance, best practices and troubleshooting support.

In summary, because CDW understood the client’s key challenges and objectives, it was able to connect the client with the right technology (Tanium) and the right consulting partner (Chuco) that has put it on a path for long term IT health, security and success.

To Learn More

Whether you’re a CDW customer, just starting to evaluate Tanium, or looking to take an existing Tanium investment to the next level, we would love to connect. With years of hands-on experience, our team of Tanium veteran experts has developed a deep understanding of the platform, unique perspectives, and unrivaled capabilities.

Whether you’re looking for seasoned advice, help in executing a specific project, or having us join as a virtual member of your internal Tanium team with our managed services model, our team is 100% focused on enabling clients to get the most from their Tanium investments.

To learn more, feel free to contact us.

Read More Tanium Tales:

Tanium Tale — Trading Tripwire Toll for Tanium Treasure

A healthcare provider serving over 12 million members nationally recently seized a tremendous opportunity to achieve significant cost savings, simplify its IT infrastructure, and reduce internal support costs by replacing Tripwire File Integrity Manager with the equivalent capabilities in Tanium Integrity Monitor.

Read More »

The Log4Shell Threat to Businesses — Not Out of the Woods Yet

The FTC means business when it comes to pushing organizations to patch Log4j promptly. Even if you’ve taken the initial steps to patch your systems, the problem is that Log4Shell is not your typical vulnerability. Log4j is not software from a single vendor. Read more about the Tanium advantage in surfacing and remediating Log4Shell.

Read More »

CDW + Tanium — The Best Prescription for Security Risk & Patching Pain

See how CDW connected its customer, non-profit medical provider with 250 international locations and 90,000 endpoints, with Tanium and Chuco to tackle #endpointsecurity, #patchmanagement, and #windows10 updates. With a single solution for Converged Endpoint Management (XEM), our client identify 46 million security vulnerabilities, eliminating 90% of priority issues within six months. Read more below.

Read More »

Tanium Tale — A Simpler Way to Execute Tasks in Tanium

When it comes to seeing and controlling every endpoint across your network, there simply is no platform that can compare to Tanium. In order to get maximum benefit out of endpoint security management using Tanium, clients have asked us to develop a tool with a web console to enable these users to perform basic tasks without becoming a fully certified Tanium operator.

Read More »

Better Together — Driving Even Greater ROI from ServiceNow with Tanium

The benefits of integrating ServiceNow with Tanium are so clear, we can’t think of a reason you wouldn’t want to do it. Through integration, workflows created in ServiceNow can access accurate, real-time endpoint data from Tanium — regardless of whether the endpoints are physical, virtual, cloud-based, or in the IoT. Better information means more efficient and more effective automation.

Read More »