Cloud Security Showdown: Tanium vs. CloudPassage

Posted by UpGuard

Traditional IT security mechanisms are simply ineffective at protecting today's enterprise cloud and hybrid infrastructures against cyber attackers. For this reason, numerous upstarts have risen to the challenge with innovative approaches to implementing security in the data center and beyond. Two leaders in this category—Tanium and CloudPassage—utilize peer-to-peer and botnet-based technologies for quicker breach detection and remediation. Let' see how the two stack up in this comparison.

Tanium

Tanium offers an endpoint security and management platform that combines natural language search with 15-second visibility and control, that is—threat detection and remediation within 15 seconds, regardless of infrastructure size or complexity. 


The Tanium dashboard. Source: Tanium.com.

As mentioned, the platform's natural language search feature is a major selling point of the solution. A prominent search box at the top of Tanium’s web-based management console accepts natural language queries for interrogation and discovery. For example, typing in the following would retrieve a list of all servers in the environment with OpenSSL 1.0.1:

“show all servers with a package called OpenSSL 1.0.1.”

The platform uses a peer-to-peer model for threat response and remediation. Once installed on the network, the Tanium server communicates with a few select endpoints on which agents are installed. These agent-installed endpoints in turn communicate with their adjacent peers and relay collective information to the next agent-installed endpoint down the line. The final agent-installed endpoint then sends the aggregated responses back to the Tanium server. Because of this peer-to-peer architecture and streamlined interrogation/communications flow, the platform is able to deliver significant performance and scalability benefits over competing security solutions.

CloudPassage

CloudPassage was founded in 2010 with $21 million in VC funding; a year and some change later, the first production version of its Halo cloud firewall platform was released. The company prides itself as being the first to market for security products built for elastic cloud environments, though initially—its platform was solely *nix-based. The platform has since evolved to support both Windows and *nix-based cloud environments and now encompasses a broad range of security functionalities: regulatory compliance, file integrity monitoring (FIM), software vulnerability scanning, and intrusion detection, among others—along with its initial firewall automation capabilities.

The CloudPassage Halo dashboard. Source: CloudPassage.

Side-By-Side Scoring: Tanium vs. CloudPassage

1. Capability Set

Tanium bets the bank on its natural language endpoint search and peer-to-peer-based 15-second visibility and control. CloudPassage Halo features a broad range of SaaS-based security features, including configuration security monitoring, software vulnerability assessment, dynamic/virtual firewall management, server access management, file integrity monitoring, and log-based intrusion detection, among others.

Capability Set
Tanium
CloudPassage

2. Ease Of Use

Tanium's web-based GUI is straigtforward and the natural language search feature works as expected. That said, viewing/managing large datasets of node information for an environment (e.g., system statuses for nodes) can get unwieldy, even after filtering the result set. CloudPassage's GUI is well laid-out, but configuring the SaaS-only solution to work with one's infrastructure can be a challenge. In general, the Halo platform carries with it a steep learning curve and requires considerable time to gain proficiency with. 

Ease Of Use
Tanium
CloudPassage star5.png

3. Community Support

Tanium's knowledgebase and community board are vendor-maintained and actively frequented/populated by its users.  CloudPassage's support site also contains a plethora of community-generated resources including a public Q&A system, tip sharing, and a public toolbox.

Community Support
Tanium star5-2.png
CloudPassage star5.png

4. Security and Surface Attack Probability

No documented vulnerabilities for either platform were found in the CVE database, though this Tanium security alert from back in June 2015 details an exploitable scripting vulnerability in the platform's sensors. 

Security and Surface Attack Probability
Tanium star5.png
CloudPassage star2-1.png

5. Release Rate

Tanium—with just about half a decade under its belt—is currently at version 6.5 of its server platform. Launched around the same time period, CloudPassage is currently on version 3.4. Both products see regular monthly releases and updates to their platforms and components.

Release Rate
Tanium
CloudPassage star2-1.png

6. Pricing And Support

Both Tanium and CloudPassage are enterprise security solutions mostly suited for enterprise-level budgets. For example, Halo is utility-based/metered and priced per server hour. As a result, organizations with large infrastructures and continuous security monitoring requirements should expect hefty, unpredictable billing cycles. Tanium's pricing is not publicly available. Both vendors offer ample online and paid-for (phone and email) support.

Pricing and Support
Tanium
CloudPassage star4.png

7. API and Extensibility

CloudPassage Halo features a well-documented REST API that allows developers to access/integrate CloudPassage functionality with other applications. For example, common API methods enable firewall settings management, account management, and server information management. Similarly, Tanium also ships with REST, SOAP, and syslog APIs for connecting Tanium query results to other tools such as SIEM solutions and ticketing systems.

API and Extensibility
Tanium
CloudPassage star2-1.png 

Free eBooks on DevOps and Security

8. 3rd Party Integrations

Both vendors have made 3rd party integrations a crucial facet of their respective platforms. The Halo Event Connector provides direct integration with Splunk Enterprise and SumoLogic and integration through syslog to ArcSight and other tools. Integrations with cloud management and IT automation tools such as RightScale, Puppet, and Chef is also streamlined with Halo. Tanium's integration layer to its platform is called Tanium Connect, and can feed  immediate and current endpoint data to external/3rd-party systems like SIEMs, log analytics tools, ticketing systems, and more. It also provides a myriad of ready-to-use connectors for simplifying the configuration such 3rd party integrations.

3rd Party Integrations
Tanium star2-1.png
CloudPassage star2-1.png

9. Bug Bounty Program

Neither company has been known to run bug bounties for their own products, though CloudPassage recently ran a highly-publicized program called The Gauntlet to find out how quickly an unsecured server could get hacked.

Bug Bounty Programs
Tanium star2-1.png
CloudPassage star2-1.png

10.  Companies That Use It

Tanium counts Visa, Amazon, Best Buy, the U.S. Department of Defense and Nasdaq as some of its more high profile customers, though its client list now includes half of the 100 largest U.S. companies by revenue, with five of the top ten banks and four of the top ten retailers. Similarly, CloudPassage Halo also has some big-name adopters, including some of the world's leading banks and software companies (Citrix and RightScale are a couple notable names in the lot).

Companies That Use It
Tanium
CloudPassage star5.png 

11.  Platforms Supported

Tanium's application servers only support Windows (Windows 2012/Server 2008 R2 SP1 or later), though its client supports various Linux distros. CloudPassage supports both Windows and *nix-based systems to include Windows 2008 R1 and R2, RedHat Enterprise Linux, Fedora, CentOS, Debian, Ubuntu, and Amazon Linux, among others.

Platforms Supported
Tanium
CloudPassage star2-1.png

12.  Learning Curve

Both solutions require substantial effort to get up to speed in managing; that said, Tanium has clearly made efforts to build a platform usable by both operators/administrators and CIOs/CSOs. As mentioned previously, CloudPassage Halo's steep learning curve means that considerable time is required to gain proficiency with the platform.

Learning Curve
Tanium star2-1.png
CloudPassage star2-1.png

Scoreboard and Summary

The following is the scoreboard for Tanium vs. CloudPasage based on the 12 criteria listed above:

               Tanium        CloudPassage
Capability Set    star2-1.png  
Ease Of Use    star2-1.png   star2-1.png
Community Support    star2-1.png  
Security and Surface Attack Probability     star2-1.png  
Release Rate      star2-1.png
Pricing And Support    star2-1.png   star2-1.png
API and Extensibility      star2-1.png
3rd Party Integrations     star2-1.png
Bug Bounty Program    star2-1.png   star2-1.png
Companies That Use It    
Platforms Supported     star2-1.png
Learning Curve    
Total   43   48
Average Score    

So for a SaaS-based approach to security that includes a broad range of features for firewall management/automation, regulatory compliance, FIM, vulnerability scanning, and IDS, go with CloudPassage's Halo. Tanium can be an effective solution for enterprises in need an additional layer for further smoothing attack surfaces; additionally, it may be an attractive option for organizations requiring a system easier to install and learn than Halo. And in either casefor continuous security monitoring and vulnerability assessment, ScriptRock is the platform to beat. Try it today, the first 10 nodes are on us. 

See your website's faults before your competitors

 

Source(s):

http://www.infoworld.com/article/2978987/endpoint-protection/tanium-review-endpoint-security-at-the-speed-of-now.html

http://www.computerworld.com/article/2904263/taniums-fast-acting-endpoint-management-tool-grows-up.html

http://www.forbes.com/sites/briansolomon/2015/04/15/meet-tanium-the-secret-cybersecurity-weapon-of-target-visa-and-amazon/

http://a16z.com/2014/06/22/tanium-magic/

http://www.pcmag.com/article2/0,2817,2488285,00.asp

 
UpGuard customers