15 second visibility versus three decades of infosec experience, which will ultimately prevail? Tanium claims it can provide security teams with visibility and control over every endpoint in 15 seconds or less, regardless of network size; Intel Security is of course the venerable McAfee, rebranded/repositioned after being acquired by its current namesake in 2011. Find out how these two compare when it comes to protecting today's enterprises against cyber threats.
It's tempting to dismiss the old infosec guard as being too antiquated or detached from the current cyber threat landscape to be effective. Symantec's recent downfall has certainly rattled the public's trust in some of the most battle-tested security brands; keep in mind, however, that the majority of attacks utilize unsophisticated methods that traditional solutions are highly adept at protecting against. That said, new threats like polymorphic malware and advanced persistent threats (APT) are becoming more commonplace, giving new entrants with novel approaches to security ample opportunity to prove their technologies. Suffice to say, the best approach to enterprise security these days combines proven solutions with newer offerings for layered protection.
Endpoints remain the most attractive soft target for cyber attackers; for this reason, solutions offering endpoint protection are still vital for enterprise security—in fact, a renaissance of sorts in the endpoint detection and response (EDR) security space is currently underway. Tanium and Intel Security are two main security players providing solutions in the EDR arena.
Security upstarts have been capitalizing on the alarming rise in cybersecurity incidents with new approaches for combating advanced threats. Tanium, one of the most celebrated of the lot, was founded in 2007 by father/son team Orion and David Hindawi, creators of the endpoint management solution BigFix (sold to IBM in 2010).
The Tanium interface. Source: kb.tanium.com.
Like BigFix, Tanium is also an endpoint security and management solution. But unlike BigFix, Tanium includes advanced features like natural language search and 15-second visibility and control: the platform can purportedly navigate, interrogate, and act on problematic issues in 15 seconds, regardless of infrastructure size or complexity. This goes for detecting and remediating threats as well. In terms of natural language search, the solution's web-based management console offers a search box for typing in natural language queries. Need a list of all servers in your environment with OpenSSL 1.0.1? Simply type:
“show all servers with a package called OpenSSL 1.0.1.”
The platform uses a peer-to-peer model to enable faster threat response and quicker remediation. Tanium's server communicates with a few select endpoints on which agents are installed, who then in turn communicate with their neighbors and so forth—until the final agent-installed endpoint sends the aggregated responses back to the Tanium server.
Security firm McAfee's long and storied three decades of existence is fraught with controversial acquisitions, devastating software bugs, and employee-driven class action lawsuits. For the sake of this comparison, however, we'll focus on McAfee's latest incarnation following its $7.7 billion dollar acquisition by Intel in August of 2015, the largest security transaction to date.
The McAfee Complete Endpoint Protection UI. Source: Intel Security Technical / YouTube.com.
The Intel Security product line, many of which are still branded under the McAfee name, runs the gamut from consumer desktop, malware, and virus protection to security-as-a-service and data center products. For this comparison, we'll be focusing on Intel Security/McAfee Endpoint Protection, the company's flagship endpoint security product.
Side-by-Side Scoring: Tanium vs. Intel Security
1. Capability Set
Intel Security/McAfee Endpoint Protection and Tanium are both comprehensive security suites that focus on the endpoint: for Tanium, protection is segmented into endpoint security (threat detection, incident response, vulnerability assessment, and configuration compliance) and endpoint management (patch management, asset inventory, software distribution, and asset utilization). Intel Security/McAfee Endpoint Protection features dynamic whitelisting, anti-malware, firewall, and IDPS capabilities. Both solutions cover many different bases when it comes to bolstering your security posture.
2. Ease of Use
Both Tanium and Intel Security/McAfee Endpoint Protection are easy to deploy and get up to speed with. The latter's user interface is intuitive and familiar, though setting up firewall policies and policy catalogs can be challenging. Tanium features an inteface typical of a modern SaaS, but some dashboards and features can feel a bit overwhelming upon first glance.
Ease of Use
3. Community Support
McAfee/Intel Security hosts the Intel Security Group Support Community, a community of over 90,000 members and 200,000 contributed support resources. Tanium also hosts a community website with an active knowledgebase and updated repository of resources for Tanium deployments.
4. Release Rate
Tanium 7 was released in May of 2016 and features a completely redesigned console, enhanced user experience, and enhanced user workflows between product modules. The platform has been seeing regular releases over the years; in contrast, McAfee Endpoint Protection/Security 10's release history is difficult to ascertain.
5. Pricing and Support
Tanium's pricing is not publicly available, though the cost of acquiring/deploying the solution is certainly well beyond the means of non-enterprises. In contrast, Intel/McAfee Endpoint Protection ranges from $30 for the SMB edition to the $100 enterprise product.
Both vendors offer ample online and paid-for (phone and email) support, though Intel/McAfee include more out-of-the-box—for example, both McAfee Endpoint Protection for business and enterprise come with 1 year of Gold business support.
Pricing and Support
6. API and Extensibility
Users wishing to integrate Tanium Server with a CMDB, SIEM, or in-house tool can use the SOAP API for custom interactions—not RESTful, but better than nothing. In contrast, McAfee limits its API access to select technology and OEM partners and requires approval by a committee to allow a partner to deploy the web service.
API and Extensibility
7. 3rd Party Integrations
Tanium Connect is an integration layer for providing/connecting endpoint data to any number of external or third-party systems: SIEMs, log analytics tools, ticketing systems, CMDBs, automation tools, and more, with a variety of ready-to-use connectors to boot. These so-called "connector templates" are available for solutions like ArcSight, LogRhythm, Splunk, and yes—even McAfee. Intel/McAfee offer no such capabilities, albeit a select group of vendor solutions have been integrated into McAfee's product line.
3rd Party Integrations
8. Companies that Use It
Both vendors' solutions are being used by some of the most well-known global brands and enterprise. Tanium boasts more than one million users and over 20,000 enterprise customers worldwide: Verizon, eBay, Amazon, Nasdaq, PWC, Target, and more. McAfee's customer list is equally impressive, with 90 of the fortune 100 and 82% of the world's largest banks using its solutions. Some notable McAfee customers include Vidant Health, Xcel Energy, Berkshire Health Systems, and Boston Medical Center, among others.
Companies that Use It
9. Learning Curve
Tanium's solution is more in line with the expectations of contemporary users; that said, the complexity of the solution can be a challenge for those less technically-inclined. McAfee/Intel Endpoint Protection is simply an easier tool to use, out-of-the-box.
Tanium scores well when it comes to website perimeter security and secure email communications. On the other hand, Intel Security has numerous security flaws and resilience issues, namely—lack of sitewide SSL, data leakage of privileged server information, lack of DMARC and DNSSEC, and more.
Scoreboard and Summary
|Ease of Use|
|Pricing and Support|
|API and Extensibility|
|3rd Party Integrations|
|Companies that Use It|
|Total||4.1 out of 5||3.4 out of 5|
In short, endpoint detection and response is nothing new; that said, today's threats and malware types make traditional signature-based detection ineffective. Newer EDS solutions like Tanium and Intel/McAfee Endpoint Security combine new takes on enterprise protection with traditional security essentials like vulnerability and patch management for comprehensive security. Organizations with the need and budget for Tanium's capabilities will no doubt find a bleeding edge, albeit expensive solution for continuous security. Businesses in the market for a more affordable option—in this case, orders of magnitude more affordable—may want to take a look at Intel Security/McAfee Endpoint Protection instead.
Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.
As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.