Cylance vs Tanium for Endpoint Protection and Security

Posted by UpGuard

Tanium vs. Cylance

Cylance and Tanium—both firms are in the billion dollar valuation club, but what does this buy in terms of cybersecurity? Tanium claims 15 seconds to visibility and control, while Cylance combines AI and machine learning with endpoint protection. Let's find out if these security vendors' solutions can give organizations a fighting chance in a digital world fraught with cyber threats.

Endpoint security remains a vital component of enterprise security, even as current solutions on the market continue to fade in their effectiveness at preventing security compromises. Cybersecurity startups like Tanium and Cylance are responding to this efficacy gap with offerings they claim will redefine endpoint threat detection and response (EDR). Better solutions couldn't be more timely—according to new data from Lloyd's of London, 9 out of 10 big business have suffered a major cyber attack. Given that endpoints are the most common soft target compromised by cyber attackers, both firms focus on protecting these highly vulnerable soft targets—one with AI-powered malware protection, the other with 15 second control and visibility. 

Monitor your configs now


Gartner recently named Cylance as a visionary in the 2016 Magic Quadrant for endpoint protection platforms. The company bills its CylancePROTECT solution as an advanced threat protection platform built on artificial intelligence (AI) and machine learning (ML)—heavy-sounding artillery indeed, but what does this entail?  

Cylance UI

The Cylance UI. Source:

The platform essentially applies mathematics, algorithmic intelligence, and machine learning to accurately distinguish between threats and benign actors—a feat traditional solutions are increasingly incapable of accomplishing. Existing security platforms rely on human-generated signatures from previously discovered samples, in conjunction with whitelists, sandboxing, heuristics, and other rule-based detection methods. These methods do little for organizations under 0-day attacks or in the presence of advanced persistent threats (APT). CylancePROTECT is  able to successfully combat malware, viruses, bots, 0-days, and unknown future threats by combining AI/ML with vast data sets; these are in turn compressed/encrypted and deployed across endpoints for quick detection.


Tanium was founded by father/son duo Orion and David Hindawi in 2007 to address the rising tide of polymorphic malware and advanced persistent threats (APT)—digital menaces that current solutions cannot fully protect against.  Its endpoint security and management solution merges advanced features like natural language search and 15-second visibility/control to rapidly discover security gaps and vulnerabilities for quick remediation and protection against cyber attacks. 

Tanium's Dashboard

The Tanium interface. Source:

Regarding its self-purported 15-second visibility/control: Tanium claims it can navigate, interrogate, and act on problematic issues—as well as detect and remediate threats—in 15 seconds, regardless of infrastructure size or complexity. The platform's natural language search capabilities allow users to search box queries for finding configuration items; for example, you would type the following to find all servers in the environment with OpenSSL 1.0.1:

“show all servers with a package called OpenSSL 1.0.1.” 

The platform's performance benefits are achieved through the use of its peer-to-peer model for threat response and remediation. Tanium's server interacts with select agent-installed endpoints—these in turn communicate with adjacent endpoint agents until the last one transmits a consolidated response back to the the mothership. 

Side-by-Side Scoring: Cylance vs. Tanium

1. Capability Set

Both Tanium and Cylance focus on protecting the endpoint—the latter provides next-generation antivirus and malware/threat detection, while Tanium combines different layers of security: endpoint protection (threat detection, incident response, vulnerability assessment, and configuration compliance) and endpoint management (patch management, asset inventory, software distribution, and asset utilization). 

Tanium score_4.png
Cylance score_4.png

2. Ease of Use

Tanium is easy enough to deploy and get up to speed with. The platform sports features and interfaces typical of modern SaaS applications, but its myriad of dashboards can be overwhelming. Similarly, Cylance's intuitive administration panel is trivial to learn and the client can be installed in minutes—upon which it's fully operational, sans reboot.

Tanium score_5.png
Cylance score_5.png

3. Community Support

Tanium's community website contains an active knowledgebase and updated repository of resources for supporting Tanium customers. Cylance hosts a public-facing community support website, as well as a support portal (password-protected) with community-generated content, articles, users guides/documentation, and more.

Tanium score_5.png
Cylance score_4.png

4. Release Rate

May 2016's Tanium 7 release was the result of a complete overhaul of the platform's administration console, user experience, and user workflows. The product has been seeing regular releases over the years; in contrast, Cylance's release history is a bit opaque, with several product rebrandings and consolidations.

Tanium score_760.png
Cylance score_570-2-1.png

5. Pricing and Support

Though not publicly available, Tanium is certainly well beyond the means of SMEs. Final pricing is usually determined through consultation with the company and/or professional services. In terms of support, Tanium offers an assortment of online and paid-for (phone and email) support options. 

For Cylance, pricing reportedly starts at $55 per year per endpoint—also prohibitively expensive for cash-strapped firms. 8 hours/day, 5 days/week support is included, with various fee-based support options also are available. 

Tanium score_570-2-1.png


6. API and Extensibility

 Tanium provides a non-RESTful SOAP API for customizations such as integrating the Server component with a CMDB, SIEM, or in-house tool. For Cylance customers, a a REST SSL API and console called CylanceV enables integrating the platform with others tools—FireEye, Splunk, Encase, and more. Additionally, the platform's architecture allows fo custom-built utilities to be invoked through CURL or WGET.

Tanium score_570-2-1.png
Cylance score_5.png

7. 3rd Party Integrations

Tanium provides Connect: an integration layer for integrating endpoint data access with third-party systems: SIEMs, log analytics tools, ticketing systems, CMDBs, automation tools, and more. Ready-to-use "connector templates" come with the offering for integrating solutions like ArcSight, LogRhythm, and Splunk, and more. Cylance comes with no 3rd party integrations out of the box, though custom applications/integrations can be developed using the provided REST API.

Tanium score_570.png
Cylance score_570.png

8. Companies that Use It

Tanium claims it has over a million users and over 20,000 enterprise customers across the globe: Verizon, PWC, Target, eBay, Amazon, Nasdaq, and more. Not to be outdone, Cylance boasts hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions—Panasonic, Stearns, Rovi, Apria Healthcare, Toyota, and Charles River Laboratories, among others.

Tanium score_570.png
Cylance score_570.png

9. Learning Curve

Tanium's solution—while easy enough to get started with—may feel complicated for the less technically-inclined. Cylance presents a mild learning curve and is trivial to get up to speed with.

Tanium score_570.png
Cylance score_570.png


Tanium scores well when it comes to website perimeter security and secure email communications. Similarly, Cylance also scores high marks when it comes to shoring up its website security—but both exhibit shortcomings like disabled DNSSEC and HTTP strict transport security.






Scoreboard and Summary

  Tanium Cylance
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_4.png
Release Rate score_570.png score_3.png
Pricing and Support score_570.png score_3.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_1.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_4.png



Total  4.1 out of 5  3.9 out of 5

In short, reinventing EDS is the name of the game for both the security vendors featured in this comparison. Tanium is focusing on layered protection while Cylance is using AI/ML to combat unknown threats. As polymorphic malware and advanced persistent threats (APT) continue to dot the cyber threat landscape, these two companies are taking new approaches to protecting enterpise IT infrastructures from evolving threats. However, organizations buying into either platform may—to a greater or lesser degree—feel the pain of sticker shock.  

Get the Digital Resilience eBook

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.



Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 


Topics: vulnerabilities, continuous security

UpGuard customers