Tanium Inc.

Kirkland,  WA 
United States
https://www.federal.tanium.com

Tanium provides endpoint management and security built for the world's most demanding IT environments. Our breakthrough approach decentralizes data collection, aggregation and distribution down to the endpoint, providing real-time visibility, comprehensive control, and rapid response. This is why multiple branches of the US Armed Forces trust Tanium to support their missions with comprehensive visibility, threat detection, and response across global operations. Learn more at federal.tanium.com.

 Videos

 Collateral

• Time to Patch: The Clock’s Ticking on Four More Microsoft Exchange Vulnerabilities (Apr 16, 2021)
  New high-severity Microsoft Exchange vulnerabilities require immediate attention. Here’s how Tanium can help protect your organization from potential cyberattacks.  Read the full blog here: https://www.tanium.com/blog/patch-microsoft-exchange/ 

• Tanium for Endpoint Security and Risk Management (Apr 16, 2021)
  A fast, flexible and end-to-end solution for securing end-user, server and cloud endpoints at any scale. Learn more here: https://www.tanium.com/resources/endpoint-security-solution-brief

• Tanium for Endpoint Management (Apr 16, 2021)
  A fast, flexible and unified solution for managing end-user, server and cloud endpoints at any scale. Download the Solution Brief here: https://www.tanium.com/resources/endpoint-management-solution-brief

• Tanium For Patch Management (Apr 16, 2021)
  Improve patch and OS compliance. Find missing patches and operating system updates and apply them accurately and consistently in hours or minutes across your environment without network or operator strain. Download our Solution Brief here: https://www.tanium.com/solutions/patch-management/ 

 Press Releases

• Next Generation Software Fills Some Gaps – But Agencies Still Need Accelerated Visibility and Control of Endpoints (Apr 16, 2021)

  By Boyd White, Director, Technical Account Management, Tanium | April 10, 2021

  Endpoint management is critical as agencies try to secure the knowns and unknowns in their IT environments. As cybercriminals become more sophisticated, IT teams need to not only mitigate known cyber breaches – but also need faster visibility and control when cybercriminals adapt their techniques. The recent threat of compromised software at SolarWinds is a good example of the quick pace in which agencies were forced to identify risks in record time and respond with never before expected speeds.

  Traditionally, agencies have favored the myriad of compensating controls – mechanisms engineered to respond after a breach has occurred. This leads to tool sprawl – adopting too many one-off specialized solutions that complicate risk decision making. Too many tools negatively impact productivity, complicate management workflows, and dramatically inflate costs.

  Too often, IT teams use compensating controls as a safety net, as they are easier to install and not nearly as complicated to manage as baseline controls – mechanisms put in place to protect information systems and endpoints before a threat occurs. Compensating controls should not be an agency’s primary defense. The efficacy rate of compensating controls dramatically decreases when it comes to blocking new threats.

  These controls should be treated as the name describes, compensating for the rare occasion in which proper baseline controls around privileged access and code execution do not cover the threat. With compensating controls, IT teams will not know about a breach until it occurs – putting data and systems at risk, and creating more work to fix the issue after the fact.

  Next generation software – antivirus, for example – is a type of compensating control designed to solve a specific problem. It was created to fill unprotected gaps in the network left by legacy antivirus software, and incorporates advanced technology to help agencies detect, respond to, and prevent various types of cyber threats in real-time.

  But, do agencies need more next generation software or are they just chasing diminishing returns? Think of it like the evolution of cars – we created the seatbelt, then we created the airbag. But, we never got rid of the seatbelt. Next generation software is the airbag – and we don’t need more airbags. We need to know which cars are crashing and take them off the road – quickly. Agencies need to know where the gaps in their networks are so they can fill them. To do this, agencies need faster and more real-time visibility and control of their endpoints.

  As agencies strengthen preventive security with baseline controls, they should adopt a holistic risk management approach that uses accurate and real-time data to reduce risk and improve security.

  Leveraging a single platform that integrates endpoint management and security unifies teams, effectively breaks down the data silos and closes the accountability, visibility, and resilience gaps that often exist between IT operations and security teams. Hackers can no longer hide in the long timelines that it takes for teams to coalesce and remove threats.

  A truly unified endpoint management platform approach also gives agencies end-to-end visibility across divisions, end users, servers, and cloud endpoints – giving them the ability to identify assets, protect systems, detect threats, respond to attacks, and recover at scale.

  As agencies consider the opportunity to modernize security – investing in modern, advanced, intelligent, and flexible technology and advanced intel to secure users, endpoints, and information will deliver the best return on investment — and most important, best serve the mission.

  https://www.cyberdefensemagazine.com/next-generation-software/ 

• When software reaches end of life, what’s your plan? (Apr 16, 2021)

  By Boyd White, Director, Technical Account Management, Tanium  | April 7, 2021

  When software reaches end of life, support costs and cyber risks drastically increase as vendors discontinue patches and updates. Too often, software EOL doesn’t receive the planning that it deserves, and risks that should be easily avoided are unintentionally left in the environment. 

  Take Adobe Flash Player as an example. At the height of its popularity, the software was installed on nearly 1 billion endpoints. That number has dwindled over the years with an increased reliance on HTML5 to deliver animation and interactive content. In December 2020, more than two decades after the software was created and released, Adobe announced the EOL for Flash, and with it, the end of distribution, support and security updates. Without support, this once popular software with over a 1,000 known vulnerabilities could spell trouble for years to come.

  EOL can increase agency security risk

  Without patches and updates from the vendor, agencies’ endpoints can be left open to both critical and non-critical vulnerabilities. When software is no longer supported by the vendor, everyone knows about it. EOL can be a dream come true for a bad actor and a nightmare for a government organizations. While agencies struggle to sunset the software, attackers can leverage vulnerabilities -- which won’t be patched after EOL -- to gain entry to the organization’s network and launch an attack, threaten to expose data or hold it for ransom, sell sensitive information to foreign countries or take any number of other malicious actions that could be damaging to not just the agency, but to national security as well.

  Plan for the inevitable, even if it’s 20 years away

  Few agency IT teams plan ahead for software EOL, especially for software like Flash, which had been in use for so long. Because the federal procurement process is often lengthy, getting a replacement isn’t always a rapid exercise That means that when it comes time to replace an EOL application or tool, agencies can spend months or years gaining approvals, negotiating contracts, installing new applications and ensuring the safe removal of old software. 

  Every vendor is different, but many will announce EOL at least 12 months ahead of the official sunset. In the case of Adobe Flash, EOL was announced mid-2017, giving agencies more than three years to prepare. Even with advance notice, however, any EOL event can be disruptive. User familiarity with a tool can present cultural or organizational adoption challenges, and processes that require the use of the expiring tool may temporarily cease to run as expected or run in a degraded manner. Those disruptions may impact the mission and business, and it may also mean that some users continue to use the tool if it remains installed beyond EOL. 

  EOL isn’t just about getting rid of the old software -- it’s also about improving agency security. Malware creators are particularly interested in commonly used software that is EOL because they know that not only will the vendor no longer make patches and updates available, but there will be a significant number of organizations that are slow to sunset the software and move to another tool or platform. Attackers will aggressively target systems running old software the moment the opportunity presents itself.

  Actually sunsetting an application after it has reached EOL is hard enough when agencies know they have the software installed; but, in many cases, organizations do not even realize that they have the software running on their networks. Adobe Flash, for example, is often embedded deep within critical systems, making it hard to identify, much less uninstall. And, even if each individual installation can be identified, the size, complexity and reliance of that particular software on other systems can make it even harder to uninstall -- at least without bringing the mission or business to a screeching halt. 

  It’s important that whenever a vendor makes an EOL announcement, those responsible for security as well as those responsible for operations, mission sustainment and business continuity and resilience map out the known issues and a plan for upgrade. They need to start immediately, as development and execution can take months or even years in large organizations. 

  Stay on top of agency software with real-time visibility

  Agency leaders must think ahead, plan for their software’s EOL and adopt a modern approach to rationalize tools and assets. Tool duration should be set by mission needs, risk posture and effectiveness, rather than by the contract or traditional influencing factors.

  When looking to add new software to an agency’s technology, IT teams must first determine if the tool is essential. Small scale or non-disruptive “rip and replace” is most often done through a request for information and new product acquisition. When it takes a significant lift to change items like operating systems or proprietary business systems, changes are usually slow-rolled through a paid expansion of support beyond EOL while alternatives are evaluated. If EOL software is still crucial to mission operations after that analysis, teams might contact the vendor for extended support or search for an alternative to replace or greatly increase security surrounding the software. If the tool is non-essential, teams should uninstall all instances across the network.

  When retiring EOL software, government IT teams need complete, accurate and real-time visibility into their environments to identify which endpoints have the software installed, where it’s actively being used and any vulnerabilities related to it as well as remediation efforts.

  As time passes, the risk of serious, exploitable vulnerabilities rises as fixes are no longer provided by vendors. Often, attackers are able to gain access through a single endpoint -- one that was still running the EOL software, but went undetected by both IT security and IT operations teams because they lacked comprehensive endpoint visibility across their network. Attackers only need access to a single endpoint, and organizations are only as secure as their weakest endpoint – if they can’t see every single endpoint, they’re at risk. In fact, unknown or unmanaged systems are prone to more threats.

  All this means government agencies have a serious need for real-time data. They not only require continual processes that identify unknown assets, but they must also consider enhancing their EOL processes – especially the sunset and deep search removal workflows.

  https://gcn.com/articles/2021/04/07/software-end-of-life-risks.aspx?m=1

• Modern resiliency spans beyond cyber to mission, business, financial, and operational (Apr 16, 2021)

  Over the last nine months, the move to remote working has expanded the threat surface of agencies.

  And it’s not just cybersecurity risk that agencies only have to deal with, it’s increased risks to data, to mission and to people.

  A new survey from the Association for Federal Enterprise Risk Management (AFERM) found 50% of the respondents said their ERM program has been “extremely engaged” or “highly engaged” in their organization’s response to the pandemic.

  The survey found organizations with a chief-risk officer-led ERM program are almost twice as likely as others to be “highly engaged” or “extremely engaged” (65%) versus organizations with non-CRO-led programs (39%).  Additionally, nearly two-thirds (64%) of respondents are anticipating implementing changes to their ERM program specifically in response to the pandemic.

  It seems like agencies are recognizing how their risk posture is changing and how they need to adjust their approach to ERM.

  Ralph Kahn, the vice president of federal for Tanium, said for agencies to effectively respond to COVID-19 they have to balance an ever-growing number of risks.

  “I think, by-and-large, agencies are proud of their response to COVID, and it’s a multi-faceted thing. It’s one thing to get the employees up and running from home, it’s another to make sure that the same employees are doing okay,” Kahn said during the panel Strengthening Technology Risk Management in the Federal Government sponsored by Tanium. “There are a lot of factors that come into the risk equation here. But I think from a technology perspective, many of the agencies are proud of what they’ve accomplished. And they’ve pivoted very quickly from a centralized, core network model to a totally decentralized, everybody’s at home coming in through virtual private network (VPN), what security controls do we use? How do we make sure there’s some amount of monitoring and, by and large, there are a lot of different ways the agencies got there, but they all got there. And so I think there is a lot to be proud of there.”

  The challenge now is how agencies can continue to apply risk management principles to address current and new threats to their mission.

  Anthony Belfiore, the senior vice president and chief security officer of Aon and a Tanium Board Member, said public and private sector organizations found ways to innovate to retain continuity and address operational risks.

  “Because the bad actors, the nation states, the fraudsters know that we’re in this compromised position, our employees are not working in that nice central core of a government facility with all the controls and the oversight and the monitoring that you typically have. So they’ve tried new spear phishing techniques, and new attacks against our employees, new social engineering scams, and we’ve seen a huge uptick in that space and we’ve all had to address that,” Belfiore said. “The biggest thing that COVID spawned is the fact that it’s made a lot of people cognizant of a lot of other risk areas that they weren’t typically dealing with in their day-to-day. I think it’s forced us to look at a much broader view of operational and enterprise risk across our entities. And that’s a wake-up call because guys like me who do security, historically, physical, cyber and threat intelligence, we’re starting to realize the real end game is about operational resilience, and it’s not about cyber resilience. It’s a much bigger play. And that operational resilience is really predicated on a number of other areas that need to be addressed from a risk perspective.”

  Belfiore said agencies are more aware of new risk profiles that impact their operating models. But it also means organizations need to perform risk assessment to gain a better understanding from an enterprise risk perspective.

  “It’s going to take a very diverse set of controls and capabilities to manage risk at scale, and post this event, post SolarWinds and what we realized here is everything from business interruption to data loss to regulatory non-compliance and punitive fines after the breach can hit you on so many different ways. It really forces you to think about a response strategy that is much more comprehensive than just people process and technology,” he said. “It’s inclusive of new products, insurance risk services, retainers with incident response companies, there’s a whole litany of things that we need to do to make sure that we are in a position to respond effectively mitigate severity in as timely a manner as possible, and get back up off the mat. Right, that’s the whole point, you got punched, get up as quickly as possible.”

  Kahn said this is why agencies need to collect, analyze and use data to ensure resilience. He said it’s important for all organizations to use the data to reduce the time it takes to address new and existing risks.

  “You have to put a focus on your key data, your key processes and the things that are really important to keep your mission going. I think making sure you’re instrumented to collect data about your key processes and your people and what they’re doing and the risks that they that are created by things like work from home,” he said. “And being able to see that data in real time, making sure it’s accurate so that the decisions you’re making are timely and effective. So if you need to respond, you have to do it in a timely manner. But it starts with identifying the things that are critical in the first place and making sure that you’ve got timely and effective controls and responses available in the event something does happen.”

  Learn more and view the interview here: https://federalnewsnetwork.com/federal-insights/2021/02/managing-risks-to-gain-operational-resiliency/

 Additional Info