Cylance and Tanium—both firms are in the billion dollar valuation club, but what does this buy in terms of cybersecurity? Tanium claims 15 seconds to visibility and control, while Cylance combines AI and machine learning with endpoint protection. Let's find out if these security vendors' solutions can give organizations a fighting chance in a digital world fraught with cyber threats.
Endpoint security remains a vital component of enterprise security, even as current solutions on the market continue to fade in their effectiveness at preventing security compromises. Cybersecurity startups like Tanium and Cylance are responding to this efficacy gap with offerings they claim will redefine endpoint threat detection and response (EDR). Better solutions couldn't be more timely—according to new data from Lloyd's of London, 9 out of 10 big business have suffered a major cyber attack. Given that endpoints are the most common soft target compromised by cyber attackers, both firms focus on protecting these highly vulnerable soft targets—one with AI-powered malware protection, the other with 15 second control and visibility.
Gartner recently named Cylance as a visionary in the 2016 Magic Quadrant for endpoint protection platforms. The company bills its CylancePROTECT solution as an advanced threat protection platform built on artificial intelligence (AI) and machine learning (ML)—heavy-sounding artillery indeed, but what does this entail?
The Cylance UI. Source: cylance.com.
The platform essentially applies mathematics, algorithmic intelligence, and machine learning to accurately distinguish between threats and benign actors—a feat traditional solutions are increasingly incapable of accomplishing. Existing security platforms rely on human-generated signatures from previously discovered samples, in conjunction with whitelists, sandboxing, heuristics, and other rule-based detection methods. These methods do little for organizations under 0-day attacks or in the presence of advanced persistent threats (APT). CylancePROTECT is able to successfully combat malware, viruses, bots, 0-days, and unknown future threats by combining AI/ML with vast data sets; these are in turn compressed/encrypted and deployed across endpoints for quick detection.
Tanium was founded by father/son duo Orion and David Hindawi in 2007 to address the rising tide of polymorphic malware and advanced persistent threats (APT)—digital menaces that current solutions cannot fully protect against. Its endpoint security and management solution merges advanced features like natural language search and 15-second visibility/control to rapidly discover security gaps and vulnerabilities for quick remediation and protection against cyber attacks.
The Tanium interface. Source: kb.tanium.com.
Regarding its self-purported 15-second visibility/control: Tanium claims it can navigate, interrogate, and act on problematic issues—as well as detect and remediate threats—in 15 seconds, regardless of infrastructure size or complexity. The platform's natural language search capabilities allow users to search box queries for finding configuration items; for example, you would type the following to find all servers in the environment with OpenSSL 1.0.1:
“show all servers with a package called OpenSSL 1.0.1.”
The platform's performance benefits are achieved through the use of its peer-to-peer model for threat response and remediation. Tanium's server interacts with select agent-installed endpoints—these in turn communicate with adjacent endpoint agents until the last one transmits a consolidated response back to the the mothership.
Side-by-Side Scoring: Cylance vs. Tanium
1. Capability Set
Both Tanium and Cylance focus on protecting the endpoint—the latter provides next-generation antivirus and malware/threat detection, while Tanium combines different layers of security: endpoint protection (threat detection, incident response, vulnerability assessment, and configuration compliance) and endpoint management (patch management, asset inventory, software distribution, and asset utilization).
2. Ease of Use
Tanium is easy enough to deploy and get up to speed with. The platform sports features and interfaces typical of modern SaaS applications, but its myriad of dashboards can be overwhelming. Similarly, Cylance's intuitive administration panel is trivial to learn and the client can be installed in minutes—upon which it's fully operational, sans reboot.
3. Community Support
Tanium's community website contains an active knowledgebase and updated repository of resources for supporting Tanium customers. Cylance hosts a public-facing community support website, as well as a support portal (password-protected) with community-generated content, articles, users guides/documentation, and more.
4. Release Rate
May 2016's Tanium 7 release was the result of a complete overhaul of the platform's administration console, user experience, and user workflows. The product has been seeing regular releases over the years; in contrast, Cylance's release history is a bit opaque, with several product rebrandings and consolidations.
5. Pricing and Support
Though not publicly available, Tanium is certainly well beyond the means of SMEs. Final pricing is usually determined through consultation with the company and/or professional services. In terms of support, Tanium offers an assortment of online and paid-for (phone and email) support options.
For Cylance, pricing reportedly starts at $55 per year per endpoint—also prohibitively expensive for cash-strapped firms. 8 hours/day, 5 days/week support is included, with various fee-based support options also are available.
6. API and Extensibility
Tanium provides a non-RESTful SOAP API for customizations such as integrating the Server component with a CMDB, SIEM, or in-house tool. For Cylance customers, a a REST SSL API and console called CylanceV enables integrating the platform with others tools—FireEye, Splunk, Encase, and more. Additionally, the platform's architecture allows fo custom-built utilities to be invoked through CURL or WGET.
7. 3rd Party Integrations
Tanium provides Connect: an integration layer for integrating endpoint data access with third-party systems: SIEMs, log analytics tools, ticketing systems, CMDBs, automation tools, and more. Ready-to-use "connector templates" come with the offering for integrating solutions like ArcSight, LogRhythm, and Splunk, and more. Cylance comes with no 3rd party integrations out of the box, though custom applications/integrations can be developed using the provided REST API.
8. Companies that Use It
Tanium claims it has over a million users and over 20,000 enterprise customers across the globe: Verizon, PWC, Target, eBay, Amazon, Nasdaq, and more. Not to be outdone, Cylance boasts hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions—Panasonic, Stearns, Rovi, Apria Healthcare, Toyota, and Charles River Laboratories, among others.
9. Learning Curve
Tanium's solution—while easy enough to get started with—may feel complicated for the less technically-inclined. Cylance presents a mild learning curve and is trivial to get up to speed with.
Tanium scores well when it comes to website perimeter security and secure email communications. Similarly, Cylance also scores high marks when it comes to shoring up its website security—but both exhibit shortcomings like disabled DNSSEC and HTTP strict transport security.
Scoreboard and Summary
|Ease of Use|
|Pricing and Support|
|API and Extensibility|
|3rd Party Integrations|
|Companies that Use It|
|Total||4.1 out of 5||3.9 out of 5|
In short, reinventing EDS is the name of the game for both the security vendors featured in this comparison. Tanium is focusing on layered protection while Cylance is using AI/ML to combat unknown threats. As polymorphic malware and advanced persistent threats (APT) continue to dot the cyber threat landscape, these two companies are taking new approaches to protecting enterpise IT infrastructures from evolving threats. However, organizations buying into either platform may—to a greater or lesser degree—feel the pain of sticker shock.
Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.
As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.