Tanium Review

Great inventory tool that that scans well for vulnerabilities and offers minimal end-user disruption

What is our primary use case?

We primarily use the solution for inventory and incident response for the most part.

What is most valuable?

The inventory aspect of the solution has been the product's most valuable aspect for us so far.

The scalability is very good overall.

It's a really good tool. 

For inventory purposes, it's from one of the best things on the scene, as you can get live inventory. 

I like the architecture for a vulnerability scan, for example, as it doesn't put a whole lot of load on the asset. It basically queries. This is not a hub-and-spoke. It's more like a circling of the wagons that all the other assets in the circle or in that particular chain can report on things, that have not logged into Tanium, can report on each other, can grab near real-time data. For incident response tasks, all these tasks can get done in minutes with minimal disruption to the end-user.

What needs improvement?

The solution can give a lot of false positives. It's an aspect of the solution that could be looked at and worked on.

If you deploy all the threat intelligence rules that come with it, you may spend a lot of time suppressing some of the false positives as some of them are very vague. You'll have the indicators due to the fact that you can suppress by hash or by pass or by command and parents process. However, that information is often very limited. You may get an alert for common language image load which can be a hacker technique, however, it's also a normal process between valid Microsoft processes, between the Msiexec, or some sort of system process. 

It's frustrating that there's not enough data - at least that I've found - to be able to determine whether something is a false positive or true positive. Whether it should be suppressed or whether you should let it go, the number of false positives you may have to deal with, if you enable all of these sources, could be over a hundred thousand.

The scalability can be challenging, depending on a company's setup.

The ability to calculate risk with one query would be useful. In other words, to be able to combine known vulnerabilities on an asset with known threats that are targeting that vulnerability from Intel. 

Being able to determine some way or another, which processes you prefer would be ideal. There should be more access to automated processes. Somehow you should be able to determine the business value of that asset and be able to have a true risk meaning and a true way to bubble up these high-value, high-risk assets. They need to get more attention. The solution needs some sort of risk engine that takes into account threat vulnerability and business value.

For how long have I used the solution?

I've been using the solution for less than a year. It hasn't been that long.

What do I think about the stability of the solution?

The stability is actually quite good. There are no bugs or glitches. It doesn't crash or freeze. Its performance is reliable.

What do I think about the scalability of the solution?

The scalability isn't as straightforward as it seems in that adding more assets. Sometimes it depends on where those assets are - such as remote offices that have different controls. If it's a large organization that has bought other businesses, then there are different architectures and different protections and protocols. In that sense, Tanium may have difficulty with some of those different architectures due to the fact that you may have to go and troubleshoot one type also another. Of course, the most painful part is having to put RDP into assets and try and restart the services. 

How are customer service and technical support?

The technical support on offer is below average.

For some of our other systems, I have a phone number I can call. I wait a few minutes, I get a ticket, I get a live agent. Then we troubleshoot live. Tanium doesn't have that. Instead, you can send in an email and when the technical support person has time, your cam will contact you. It's painful, that part, they get a C-rating on their level of support. We aren't quite satisfied.

How was the initial setup?

I can't speak to the implementation process. I can't comment on if it was a difficult or straightforward process or how long the deployment actually took.

What about the implementation team?

I can't speak to if the solution was delivered by a consultant or integrator or if it was handled in-house.

What other advice do I have?

I'm a customer and end-user.

We are using the most current version of the solution in our organization at this time.

I'm not sure how the solution is typically deployed.

It's great for inventory and even incident response. It's right up there with some other top-notch products. However, in terms of the implementation, getting everything on board, all that sort of thing, a company initially setting it up is going to need help troubleshooting. I would advise a company takes the time to definitely engage with some sort of professional services. It's going to be required.

I'd rate the solution nine out of ten.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Tanium reviews from users
...who compared it with BigFix
Find out what your peers are saying about Tanium, CrowdStrike, HCL and others in Endpoint Protection for Business (EPP). Updated: September 2021.
536,244 professionals have used our research since 2012.
Add a Comment
ITCS user