2019-03-11T07:21:00Z

What needs improvement with Tanium?

5

Please share with the community what you think needs improvement with Tanium.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
44 Answers

author avatar
Top 20Real User

The solution can give a lot of false positives. It's an aspect of the solution that could be looked at and worked on. If you deploy all the threat intelligence rules that come with it, you may spend a lot of time suppressing some of the false positives as some of them are very vague. You'll have the indicators due to the fact that you can suppress by hash or by pass or by command and parents process. However, that information is often very limited. You may get an alert for common language image load which can be a hacker technique, however, it's also a normal process between valid Microsoft processes, between the Msiexec, or some sort of system process. It's frustrating that there's not enough data - at least that I've found - to be able to determine whether something is a false positive or true positive. Whether it should be suppressed or whether you should let it go, the number of false positives you may have to deal with, if you enable all of these sources, could be over a hundred thousand. The scalability can be challenging, depending on a company's setup. The ability to calculate risk with one query would be useful. In other words, to be able to combine known vulnerabilities on an asset with known threats that are targeting that vulnerability from Intel. Being able to determine some way or another, which processes you prefer would be ideal. There should be more access to automated processes. Somehow you should be able to determine the business value of that asset and be able to have a true risk meaning and a true way to bubble up these high-value, high-risk assets. They need to get more attention. The solution needs some sort of risk engine that takes into account threat vulnerability and business value.

2021-04-09T22:12:57Z
author avatar
Top 10Real User

Our biggest issue with the solution is its lack of mobility. Also, when it comes to deploying the SaaS, it's more difficult to deploy on-prem.

2020-07-22T08:17:26Z
author avatar
Top 10Real User

Tanium comes with multiple models, so definitely the threat protection is the primary opportunity area my organization is looking for. It is going to be primarily used for event collection, which is being fed into our centralized tools for tracing any kind of vulnerability or any kind of uneven situation.

2020-07-15T07:11:00Z
author avatar
Real User

* I would like to have more integrations and custom plugins to input. Integration is always a big deal in a lot of different environments. * Custom modules would be nice. * Visualization of data could be added to it. * Making the initial process easier always helps.

2019-03-11T07:21:00Z
Find out what your peers are saying about Tanium, Microsoft, ServiceNow and others in Server Monitoring. Updated: May 2021.
511,607 professionals have used our research since 2012.