Tanium vs IBM BigFix

You may have heard that perimeter security is dead, but rest assured, IT folks aren't about to do way with their corporate firewalls just yet. The perimeter is just one—albeit critical—dimension of your organization's digital attack surface, and endpoint security is no less important, especially with the continued enterprise adoption of cloud and mobile technologies. Tanium and IBM BigFix are competing solutions in this space that were, interestingly, born from the same progeny.

According to Research and Markets, the global consumer endpoint security market is expected to grow 11.81% between 2016-2020. Both fledgling and veteran cybersecurity vendors recognize the enterprise's dire needs in the endpoint security and management space—increasingly, catastrophic outages and security compromises are due to simple misconfigurations and unpatched systems.

Free DevOps and Security eBooks

In fact, the SANS Institute cites unpatched software as being the most critical cyber security risk to businesses today. And in this age of business digitization, such disruptions carry a definitive price tag—whether it be a data breach or service interruptionIDC estimates that infrastructure downtime for large enterprises costs on average $100,000/hour, with critical application failures between $500,000 and $1 million/hour. IBM BigFix and Tanium focus on remediating and preventing these costly incidents through effective endpoint security and management.

IBM BigFix

As mentioned previously, both BigFix and Tanium were created by father/son duo David and Orion Hindawi. A decade before founding Tanium in 2007, the team developed BigFix for enterprise endpoint management—the company was later sold to IBM in 2010. Post-acquisition, the product was merged with IBM's Tivoli line and branded as Tivoli Endpoint Manager (TEM). TEM was later renamed IBM Endpoint Manager and more recently, simply IBM BigFix. 

BigFix InterfaceThe IBM BigFix UI. Source: ibm.com.

Today's IBM BigFix consists of a suite of complimentary offerings for finding, fixing, and securing endpoints: IBM BigFix Compliance for continuous adherence with regulatory measures, IBM BigFix Patch for real-time patch management/enforcement, IBM BigFix Inventory for software audits and license management, and more.

Tanium

Speed is critical to effective endpoint security and management, whether it be spotting vulnerabilities before cyber attackers do or applying crucial patches/fixes en masse. To this end, Tanium offers its 15-second visibility/control and natural language search capabilities for querying endpoint configurations. These capabilities enable enterprises to detect security flaws and disseminate critical patches and updates faster than with traditional client management solutions.

Tanium InterfaceTanium IOC Detect interface. Source: tanium/vimeo.com.

Tanium's performance benefits are due to the platform's unique architecture: by using a peer-to-peer "linear chain" configuration, endpoint agents can communicate adjacently in dynamic configurations, with only select agents at the chain's endpoints communicating with the server directly. This allows for significant performance benefits for faster threat response and remediation.

Side-by-Side Scoring: IBM BigFix vs. Tanium

1. Capability Set

Both platforms offer threat detection, vulnerability assessment, patch management, asset inventory management, and software distribution capabilities, among others; that said, BigFix is more on the IT operations management (ITOM) side of affairs. The platform's single-agent management console houses 18 applications for managing endpoints and infrastructure IT assets in one streamlined interface. Tanium is arguably more cybersecurity-focused, with various modules such as Compy, Discover, Incident Response, and more rounding out the platform's capabilities.

BigFix score_570.png
Tanium score_570.png


2. Ease of Use

BigFix can be complicated and difficult-to-use, with an abundance of submenus and confusing interface elements. In contrast, Tanium—with its familiar SaaS interface—is relatively trivial to get up to speed with; that said, an overload of dashboards make it somewhat unwieldy for novices. 

BigFix score_3.png
Tanium score_4.png

3. Community Support

A myriad of community support resources exist for IBM BigFix, including the official BigFix forum and the community-driven BigFix.me community portal, to name a few. For an exhaustive list of BigFix community support resources, check out the product's developerWorks wikion the IBM website. Tanium also maintains a community website with an updated knowledgebase and repository of support resources.

BigFix score_5.png
Tanium score_4.png

4. Release Rate

BigFix has evolved significantly over the years, from its early incarnation as part of the Tivoli systems management platform to the latest IBM BigFix endpoint security and management suite, currently on version 9.5 at the time of this writing. Tanium 7 was released in May and includes a revamp of its administration console and workflows. Release histories for both Tanium and BigFix are available from the vendors' websites.

BigFix score_570.png
Tanium score_5.png

5. Pricing and Support

Both Tanium and IBM BigFix platform are decidely enterprise-level products and beyond the means of most SMEs. Specific pricing for Tanium is not publicly available, so be prepared to consult with Tanium sales and/or professional services.

However, various IBM BigFix components can be had quite affordably via the IBM Marketplace for certain use cases and applications—for example, its IBM BigFix Patch Management solution is available from $5.46 USD per user/year. Both vendors offer a myriad of online and paid-for (phone and email) support options to customers.

BigFix score_4.png
Tanium

score_3.png

6. API and Extensibility

IBM BigFix can be readily extended using its well-documented APIs for customizing various platform components. For example, the Endpoint Manager Server can be accessed using the BigFix REST API; previous platform versions (e.g, TEM) can be extended with a SOAP API. Similarly, Tanium ships with a REST API for its IOC Detect service and SOAP API for integrating the Server platform with third-party or in-house developed solutions.

BigFix score_3.png
Tanium score_4.png

7. 3rd Party Integrations

Though BigFix integrations with Carbon Black, ServiceNow, and IBM's own QRadar SIEM are available, they pale in comparison to Tanium's ecosystem. The latter's Connect solution module allows for integrations with third-party systems, from SIEMs and ticketing systems to automation tools, with out-of-the-box connector templates for ArcSight, LogRhythm, Splunk, and others readily available.

BigFix score_3.png
Tanium score_4.png

8. Companies that Use It

BigFix's customer list includes some of the world’s largest and most prestigious organizations: HP, Northwestern University, CBS, UCSF, and Stanford University, to name a few. Not to be outdone, Tanium is used by leading global enterprises such as Amazon, Nasdaq, JPMorgan Chase, Amazon, US Bank, MetLife, eBay, Verizon, to name a few. 

BigFix score_570.png
Tanium score_570.png

9. Learning Curve

Unfortunately, a steep learning curve in store for new IBM BigFix users—the complex offering is certainly not for the technically faint-of-heart. Fixlet authoring in particular can be challenging for novice/intermediate IT administrators. Tanium is better in this regard, but the platform may still feel complicated for novice/intermediate level IT folk, especially when learning its different queries and commands. 

BigFix score_2.png
Tanium score_4.png

10. CSTAR

BigFix scores an average CSTAR score of 608, with security flaws like lack of sitewide SSL, missing HTTP strict transport security, and disabled DNSSEC impacting its website perimeter security posture. Tanium scores a better CSTAR score of 836, but also suffers from various security flaws such ass lack of HTTP strict transport security, secure cookies, and DNSSEC.

BigFix

Screen Shot 2016-12-27 at 1.08.53 PM.png

Tanium

Screenshot 2016-11-28 at 9.30.00 PM-1.png

 

Scoreboard and Summary

  BigFix Tanium
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png
CSTAR

Screen Shot 2016-12-27 at 1.08.53 PM.png

Screenshot 2016-11-28 at 9.30.00 PM-1.png

Total  3.8 out of 5 4.1 out of 5

Firms in the market for an ITOM-oriented endpoint solution will feel more at home with IBM BigFix, especially if other IBM solutions are in use (e.g., QRadar, IBM Security Access Manager). On the other hand, organizations looking to integrate endpoint management and cybersecurity into an existing, disparate toolset will likely get more value out of Tanium. In either case, UpGuard's resilience platform validates that your security efforts are working as expected by taking into account both internal and external measures of cybersecurity fitness. Give it a try today—it's free for up to 10 nodes.

Get a Guided UpGuard Demo

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

 

 

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

 

Topics: data breaches, vulnerabilities, continuous security