Tanium vs Intel Security for Endpoint Detection and Response

Posted by UpGuard

Tanium vs. Intel Security for Endpoint Detection and Response

15 second visibility versus three decades of infosec experience, which will ultimately prevail? Tanium claims it can provide security teams with visibility and control over every endpoint in 15 seconds or less, regardless of network size; Intel Security is of course the venerable McAfee, rebranded/repositioned after being acquired by its current namesake in 2011. Find out how these two compare when it comes to protecting today's enterprises against cyber threats.

It's tempting to dismiss the old infosec guard as being too antiquated or detached from the current cyber threat landscape to be effective. Symantec's recent downfall has certainly rattled the public's trust in some of the most battle-tested security brands; keep in mind, however, that the majority of attacks utilize unsophisticated methods that traditional solutions are highly adept at protecting against. That said, new threats like polymorphic malware and advanced persistent threats (APT) are becoming more commonplace, giving new entrants with novel approaches to security ample opportunity to prove their technologies. Suffice to say, the best approach to enterprise security these days combines proven solutions with newer offerings for layered protection.

Endpoints remain the most attractive soft target for cyber attackers; for this reason, solutions offering endpoint protection are still vital for enterprise security—in fact, a renaissance of sorts in the endpoint detection and response (EDR) security space is currently underway. Tanium and Intel Security are two main security players providing solutions in the EDR arena. 

Monitor your configs now

Tanium

Security upstarts have been capitalizing on the alarming rise in cybersecurity incidents with new approaches for combating advanced threats. Tanium, one of the most celebrated of the lot, was founded in 2007 by father/son team Orion and David Hindawi, creators of the endpoint management solution BigFix (sold to IBM in 2010).

Tanium's Dashboard

The Tanium interface. Source: kb.tanium.com.

Like BigFix, Tanium is also an endpoint security and management solution. But unlike BigFix, Tanium includes advanced features like natural language search and 15-second visibility and control: the platform can purportedly navigate, interrogate, and act on problematic issues in 15 seconds, regardless of infrastructure size or complexity. This goes for detecting and remediating threats as well. In terms of natural language search, the solution's web-based management console offers a search box for typing in natural language queries. Need a list of all servers in your environment with OpenSSL 1.0.1? Simply type:

“show all servers with a package called OpenSSL 1.0.1.” 

The platform uses a peer-to-peer model to enable faster threat response and quicker remediation. Tanium's server communicates with a few select endpoints on which agents are installed, who then in turn communicate with their neighbors and so forth—until the final agent-installed endpoint sends the aggregated responses back to the Tanium server. 

Intel Security

Security firm McAfee's long and storied three decades of existence is fraught with controversial acquisitions, devastating software bugs, and employee-driven class action lawsuits. For the sake of this comparison, however, we'll focus on McAfee's latest incarnation following its $7.7 billion dollar acquisition by Intel in August of 2015, the largest security transaction to date.

McAfee/Intel Security's DasboardThe McAfee Complete Endpoint Protection UI. Source: Intel Security Technical / YouTube.com.

The Intel Security product line, many of which are still branded under the McAfee name, runs the gamut from consumer desktop, malware, and virus protection to security-as-a-service and data center products. For this comparison, we'll be focusing on Intel Security/McAfee Endpoint Protection, the company's flagship endpoint security product. 

Side-by-Side Scoring: Tanium vs. Intel Security

1. Capability Set

Intel Security/McAfee Endpoint Protection and Tanium are both comprehensive security suites that focus on the endpoint: for Tanium, protection is segmented into endpoint security (threat detection, incident response, vulnerability assessment, and configuration compliance) and endpoint management (patch management, asset inventory, software distribution, and asset utilization). Intel Security/McAfee Endpoint Protection features dynamic whitelisting, anti-malware, firewall, and IDPS capabilities. Both solutions cover many different bases when it comes to bolstering your security posture.

Capability Set

Tanium score_4.png
Intel Security score_4.png

2. Ease of Use

Both Tanium and Intel Security/McAfee Endpoint Protection are easy to deploy and get up to speed with. The latter's user interface is intuitive and familiar, though setting up firewall policies and policy catalogs can be challenging. Tanium features an inteface typical of a modern SaaS, but some dashboards and features can feel a bit overwhelming upon first glance.

Ease of Use

Tanium score_5.png
Intel Security score_4.png

3. Community Support

McAfee/Intel Security hosts the Intel Security Group Support Community, a community of over 90,000 members and 200,000 contributed support resources. Tanium also hosts a community website with an active knowledgebase and updated repository of resources for Tanium deployments.

Tanium score_5.png
Intel Security score_5.png

4. Release Rate

Tanium 7 was released in May of 2016 and features a completely redesigned console, enhanced user experience, and enhanced user workflows between product modules. The platform has been seeing regular releases over the years; in contrast, McAfee Endpoint Protection/Security 10's release history is difficult to ascertain. 

Release Rate

Tanium score_760.png
Intel Security score_570-2-1.png

5. Pricing and Support

Tanium's pricing is not publicly available, though the cost of acquiring/deploying the solution is certainly well beyond the means of non-enterprises. In contrast, Intel/McAfee Endpoint Protection ranges from $30 for the SMB edition to the $100 enterprise product.

Both vendors offer ample online and paid-for (phone and email) support, though Intel/McAfee include more out-of-the-box—for example, both McAfee Endpoint Protection for business and enterprise come with 1 year of Gold business support.

Pricing and Support

Tanium score_570-2-1.png
Intel Security

score_570-2-1.png

6. API and Extensibility

Users wishing to integrate Tanium Server with a CMDB, SIEM, or in-house tool can use the SOAP API for custom interactions—not RESTful, but better than nothing. In contrast, McAfee limits its API access to select technology and OEM partners and requires approval by a committee to allow a partner to deploy the web service.

API and Extensibility

Tanium score_570-2-1.png
Intel Security score_570-2-1.png

7. 3rd Party Integrations

Tanium Connect is an integration layer for providing/connecting endpoint data to any number of external or third-party systems: SIEMs, log analytics tools, ticketing systems, CMDBs, automation tools, and more, with a variety of ready-to-use connectors to boot. These so-called "connector templates" are available for solutions like ArcSight, LogRhythm, Splunk, and yes—even McAfee. Intel/McAfee offer no such capabilities, albeit a select group of vendor solutions have been integrated into McAfee's product line.

3rd Party Integrations

Tanium score_570.png
Intel Security score_570.png

8. Companies that Use It

Both vendors' solutions are being used by some of the most well-known global brands and enterprise. Tanium boasts more than one million users and over 20,000 enterprise customers worldwide: Verizon, eBay, Amazon, Nasdaq, PWC, Target, and more. McAfee's customer list is equally impressive, with 90 of the fortune 100 and 82% of the world's largest banks using its solutions. Some notable McAfee customers include Vidant Health, Xcel Energy, Berkshire Health Systems, and Boston Medical Center, among others.

Companies that Use It

Tanium score_570.png
Intel Security score_570.png

9. Learning Curve

Tanium's solution is more in line with the expectations of contemporary users; that said, the complexity of the solution can be a challenge for those less technically-inclined. McAfee/Intel Endpoint Protection is simply an easier tool to use, out-of-the-box.

Learning Curve

Tanium score_570.png
Intel Security score_570.png

10. CSTAR

Tanium scores well when it comes to website perimeter security and secure email communications. On the other hand, Intel Security has numerous security flaws and resilience issues, namely—lack of sitewide SSL, data leakage of privileged server information, lack of DMARC and DNSSEC, and more.

Learning Curve

Tanium

Screenshot_2016-07-25_at_10.16.03_AM.png

Intel Security

Screenshot_2016-07-25_at_10.14.38_AM.png

 

Scoreboard and Summary

  Tanium Intel Security
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png
CSTAR

Screenshot_2016-07-25_at_10.16.03_AM.png

Screenshot_2016-07-25_at_10.14.38_AM.png

Total  4.1 out of 5  3.4 out of 5

In short, endpoint detection and response is nothing new; that said, today's threats and malware types make traditional signature-based detection ineffective. Newer EDS solutions like Tanium and Intel/McAfee Endpoint Security combine new takes on enterprise protection with traditional security essentials like vulnerability and patch management for comprehensive security. Organizations with the need and budget for Tanium's capabilities will no doubt find a bleeding edge, albeit expensive solution for continuous security. Businesses in the market for a more affordable option—in this case, orders of magnitude more affordable—may want to take a look at Intel Security/McAfee Endpoint Protection instead.

Get the Digital Resilience eBook

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

 

 

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

 

Topics: vulnerabilities, continuous security

UpGuard customers