IT admins managing expansive infrastructures require specialized tools for discovering IT assets living in their environments—no trivial task, considering the myriad of nodes connected at any given time: guest laptops, mobile devices, dev/test servers, virtual machines, old desktops, and more. Cybersecurity suites such as ForeScout and Tanium have made infrastructure discovery and visibility their bread-and-butter; let's see how they stack up in this comparison.
How real is the problem of rogue IT assets introducing critical vulnerabilities into an environment? Just ask ClixSense—last year, the leading paid-to-click survey firm saw its live user records breached by way of an old, unused server still connected to the database. The issue is compounded by today's virtual environments: cloud servers, software containers—even networks are being virtualized with software-defined networking (SDN) for better flexibility and agility. In a world where IT resources are flexible and on-demand, security needs to follow suit—but keeping tabs on these dynamic IT assets quickly becomes unwieldy.
ForeScout and Tanium both focus on helping organizations know what's in their environments. The more senior of the two security vendors, ForeScout quickly detects known/unknown devices the instant they appear on the network. Tanium also touts speed benefits due to its platform's unique backend architecture, enabling what it labels "15 second visibility and control."
ForeScout Technologies was founded by three Israeli entrepreneurs back in 2000. The company's flagship CounterACT product gives organizations the ability to see devices immediately when they appear in the environment, as well as control/manage and orchestrate security information about devices to other security tools. For forward-thinking enterprises operating in an age where IoT and BYOD adoption is the norm, this discovery capability is critical for maintaining a resilient posture.
The ForeScout CounterACT UI. Source: forescout.co.kr.
It's worth noting that ForeScout functions without employing software agents to manage individual IT assets. This is accomplished by way of its unique ControlFabric Architecture: an innovation that enables real-time network access control (NAC) and visibility across all its endpoints, as well as multivendor interoperability and orchestration capabilities.
Like ForeScout, Tanium has made speed its primary enteprise value proposition. The company markets its 15-second visibility/control quite heavily, as these capabilities allow organizations to detect security flaws and disseminate critical patches and updates faster than with traditional endpoint security and management solutions. The company also bills itself as the "Google of Enterprise IT"—its product's natural language search engine for querying endpoint configurations offers a quick, intuitive mechanism for infrastructure discovery.
Tanium IOC Detect interface. Source: tanium/vimeo.com.
The key to Tanium's performance is its unique platform architecture: a peer-to-peer "linear chain" configuration allows endpoint agents to communicate adjacently in dynamic configurations. Since only a few agents situated at the chain's endpoints communicate directly with the server, significant performance benefits and faster threat response and remediation time can be achieved when fixing vulnerabilities or applying crucial patches/fixes en masse.
Side-by-Side Scoring: ForeScout vs. Tanium
1. Capability Set
Both solutions boast comprehensive capabilities, though ForeScout is more NAC-oriented while Tanium focuses on endpoint protection. ForeScout offers Extended Modules for expanding the platform's capabilities through third-party integrations for vulnerability assessment, SIEM, endpoint detection and response, and more. Tanium also offers various modules such as Compy, Discover, Incident Response, and more to round out its capabilities.
2. Ease of Use
ForeScout's initial setup is fairly trivial—the platform comes with an Enterprise Manager that acts as a single pane of glass for all devices managed by CounterACT appliances. However, its UI is decidedly old-school in comparison with Tanium's modern SaaS interface. And while Tanium is relatively trivial to get up to speed with, its overload of dashboards can make it difficult to use.
3. Community Support
ForeScout provides a password-protected community portaland knowledgbase, but not much else exists in terms of community support. Similarly, Tanium's community support resources include a community website with an updated knowledgebase and repository of support resources.
4. Release Rate
Back in May 2016, Tanium released the highly-anticipated version 7 of its platform that included a major overhaul of its administration console and workflows. A release history is available on the vendor's website. ForeScout is less opaque with its releases—CounterACT is currently on version 7.x.
5. Pricing and Support
Tanium's pricing is not publicly available, so interested parties must consult with Tanium sales directly and/or professional services in order to price out a deployment. Suffice to say, the platform is enterprise-focused and is priced accordingly. Premium phone/email support options are available, at a cost.
ForeScout's CounterACT hardware and virtual appliance aren't exactly priced for budget-conscious organizations, either—a single appliance runs upwards of $10,000. In terms of support, customers get around-the-clock technical support during the terms of their support subscriptions.
6. API and Extensibility
ForeScout's offering comes with an Open Integration Module for building extending the platform and building custom applications. This module—installed on CounterACT appliances—enables REST-based (XML) data exchange. Tanium also ships with a REST API for its IOC Detect service and SOAP API for integrating the Server platform with third-party solutions.
7. 3rd Party Integrations
ForeScout's ControlFabric Architecture is central to the offering's integration capabilities, enabling the exchange of information across the entire security toolchain. Currently, an impressive array of over 70 different hardware and software products can be integrated with ForeScout Base and Extended Modules: Bromium, FireEye, Qualys, Tenable, and more. Similarly, Tanium's Connect solution module enables integrations with third-party systems, from SIEMs and ticketing systems to automation tools: ArcSight, LogRhythm, Splunk, to name a few.
8. Companies that Use It
Both companies' products are in use by the world's leading enterprises and organizations—for example, ForeScout counts JP MorganChase, Bremer Bank, Meritrust, the State of Missouri as a few of its marquee customers. Tanium is used by leading global enterprises such as Amazon, Nasdaq, JPMorgan Chase, Amazon, US Bank, MetLife, eBay, Verizon, and more.
9. Learning Curve
Out-of-the-box, ForScout is easy enough to set up—but expect a steep learning curve when it comes to fine-tuning/optimization and policy management. Tanium may be easier to get up to speed with, but will still be daunting for novice/intermediate level IT folk—especially when learning the platform's different queries and commands.
ForeScout scores a mediocre CSTAR score of 627 for its various security flaws like lack of lack of HTTP strict transport security, missing DMARC/DNSSEC, and open administration ports. Tanium's CSTAR score of 836, while better, still falls short of ideal due to various security flaws such as lack of HTTP strict transport security, secure cookies, and DNSSEC.
Scoreboard and Summary
|Ease of Use|
|Pricing and Support|
|API and Extensibility|
|3rd Party Integrations|
|Companies that Use It|
|Total||3.7 out of 5||4.1 out of 5|
In short, ForeScout is ideal for enterprises looking for a next-generation NAC solution capable of integrating with leading security solutions on the market, while Tanium's endpoint security-focused solution and advanced search capabilities are more geared for intermediate IT professionals. In both cases, UpGuard's resilience platform uses both internal and external measures of cybersecurity fitness to help determine if these tools are doing their jobs effectively. Give it a try today—it's free for up to 10 nodes.
Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.
As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.