We had some issues with the solution's OS upgrade. We had just downloaded one HP driver through the HP site, and the pack used, like, for more than 1 GB. Now, when I was deploying this package or the machine, its sync was getting so delayed because when I was installing it, I was not able to see the complete status, whether it was installed or not. The aforementioned areas in the solution I faced, especially for the driver, have room for improvement in this section.

Any movement into a SaaS solution has challenges since the processes and data flows are not well defined. Hence, you need to build it at the same time. 

Tanium's limitations should be improved because although it is a great tool, it is limited to only a few classes during a session. That doesn't do me any good if I do more than 300 classes.

Tanium’s user interface should be made better by making it a little bit more simplistic.

The most painful thing is the interface. It's a bit unclear sometimes.

The user interface also has to be more secure. If the end users are trying to patch a whole set of machines, they should be warned that it's going to be a deployment on the huge environment.

Tanium’s scalability could be improved. When we first deployed Tanium to Bank of America, it caused a massive contention issue on the network due to the size of the network and the amount of traffic coming back from SMB.

Tanium's dashboard UI could be similar to CrowdStrike.

The solution needs to improve the reporting and tracking capabilities. 

The solution can give a lot of false positives. It's an aspect of the solution that could be looked at and worked on.

If you deploy all the threat intelligence rules that come with it, you may spend a lot of time suppressing some of the false positives as some of them are very vague. You'll have the indicators due to the fact that you can suppress by hash or by pass or by command and parents process. However, that information is often very limited. You may get an alert for common language image load which can be a hacker technique, however, it's also a normal process between valid Microsoft processes, between the Msiexec, or some sort of system process. 

It's frustrating that there's not enough data - at least that I've found - to be able to determine whether something is a false positive or true positive. Whether it should be suppressed or whether you should let it go, the number of false positives you may have to deal with, if you enable all of these sources, could be over a hundred thousand.

The scalability can be challenging, depending on a company's setup.

The ability to calculate risk with one query would be useful. In other words, to be able to combine known vulnerabilities on an asset with known threats that are targeting that vulnerability from Intel. 

Being able to determine some way or another, which processes you prefer would be ideal. There should be more access to automated processes. Somehow you should be able to determine the business value of that asset and be able to have a true risk meaning and a true way to bubble up these high-value, high-risk assets. They need to get more attention. The solution needs some sort of risk engine that takes into account threat vulnerability and business value.

Tanium comes with multiple models, so definitely the threat protection is the primary opportunity area my organization is looking for. It is going to be primarily used for event collection, which is being fed into our centralized tools for tracing any kind of vulnerability or any kind of uneven situation. 

The problem or challenge is a pre-sales and go-to strategy for the SMB market delivered through a channel or model.

It's very convoluted and vague, which leads to some confusion about the various types of modules, and the device-to-seat cost is extremely difficult to calculate.

You could have six different modules with 15 to 20 different device counts, which raises some red flags regarding service support and operational operations availability.

To be honest, I don't have enough time in the seat, or on the technology, to say whether or not there is a gap in terms of function or software.

It is not really additional functions, or the features that are needed, rather the complexity would be reduced based on the number of modules required to put together a comprehensive operational security and risk compliance model.

The reporting could be improved.

• I would like to have more integrations and custom plugins to input. Integration is always a big deal in a lot of different environments.
• Custom modules would be nice.
• Visualization of data could be added to it. 
• Making the initial process easier always helps.

The main issues are the network connection because different customers have issues with their networks. It's difficult implementing this type of solution because the network is the main feature in the architecture for these types of solutions. Tanium could improve by creating some network optimization.

The performance could improve in future releases. We have had performance issues in specialized web environments, but overall I think the problems are less than 2% of the computer systems being used.

Our biggest issue with the solution is its lack of mobility. Also, when it comes to deploying the SaaS, it's more difficult to deploy on-prem.