Tanium vs SCCM

Posted by UpGuard

Tanium vs SCCM

More often, catastrophic outages and security compromises can be traced back to simple misconfigurations and unpatched systems. This isn't to say that elements like pilot error and the workings of nefarious actors are not common—they certainly are—but IT asset misconfigurations tend to be the lowest common denominator in most of these scenarios. That being the case, a plethora of solutions focus on systems management for maintaining strong security and quality of service. Tanium and Microsoft System Center Configuration Manager (SCCM) are two such solutions competing in this space.

Unfortunately, misconfiguration-induced outages have become both increasingly commonplace and expensive. A recent report from IDC states that infrastructure downtime in large enterprises carries on average a $100,000 per hour price tag. Critical application failures are even more devastating to the bottom line, costing between $500,000 and $1 million per hour. 

Free DevOps and Security eBooks

Data breaches are also on the rise and can be equally costly and arguably more brand damaging, but all the same—the underlying cause is usually the rather unglamorous misconfiguration, as opposed to advanced methods of highly-sophisticated cyber attackers. According to Gartner, 99% of firewall breaches are caused by misconfigurations. And what of unpatched software? Regular, comprehensive patching routines are mandated by compliance measures like HIPAA and PCI DSS, for good reason: according to the SANS Institute, unpatched software is the most critical cyber security risk to businesses today. This is where Tanium and SCCM come in—by ensuring that system configurations are as expected and necessary patches are deployed en masse, they can prevent outages and data breaches from disrupting the business.

SCCM

Previously known as Systems Management Server (SMS), SCCM is Microsoft's flagship product for systems management. The solution allows IT administrators to assess/update and deploy software on servers in physical and virtual environments, as well as desktops and mobile devices. Like most Microsoft products, all management is done visually through a single unified GUI console. Using SCCM's comprehensive set of administrative tools, users can create custom software/OS installations and configurations to be deployed across multiple machines or environments. 

SCCM UIThe SCCM 2012 UI. Source: windowsitpro.com.

SCCM offers a wide range of administrative tools for managing both rudimentary and large, complex IT infrastructures. For example, administrators can use it to deploy operating systems and software to greenfield environments or push patches and configurations to any number of machines on a network. The solution also includes various security features for monitoring anti-malware services, reporting policy violations, preventing/responding to breaches, and more.

Tanium

Founded by father and son duo Orion and David Hindawi in 2007, Tanium's endpoint security and systems management platform features 15-second visibility/control and natural language search capabilities for querying endpoint configurations. For example, to get all versions of the Tanium client running in your environment, you would type the following into the UI's prominently placed search box:

“Get Tanium Client Version from all machines” 

Additionally, the solution purportedly detects security flaws (e.g., misconfigurations, vulnerabilities) and pushes out critical patches and updates faster than traditional client management solutions due to its unique architecture.

Screenshot 2016-11-28 at 9.25.22 PM.pngTanium IOC Detect interface. Source: tanium/vimeo.com.

Here's the gist: a typical client-server architecture consists of one-to-one connections between endpoint components and servers—a setup that quickly becomes slow and convoluted in complex, expansive infrastructures. In contrast, Tanium's proprietary architecture uses so-called "linear chains" that enable adjacent endpoint agents to communicate with each other in a dynamic peer-to-peer configuration. Servers only communicate with select agents at the ends of these chains, allowing for significant performance benefits for faster threat response and remediation.

Side-by-Side Scoring: SCCM vs. Tanium

1. Capability Set

SCCM and Tanium are comprehensive platforms for managing endpoints and other IT assets in an environment. Both solutions offer a myriad of features to facilitate threat detection, vulnerability assessment, patch management, asset inventory management, software distribution, and more.

 

SCCM score_570.png
Tanium score_570.png

2. Ease of Use

Deploying Tanium is trivial and its SaaS-based interface make it relatively easy to get up to speed with. That said, its multitude of dashboards can be a bit overwhelming for novice users. As a Microsoft solution, SCCM will feel immediately familiar to Windows administrators, but in general the product's interface is not immediately intuitive to the average IT operator. 

SCCM score_3.png
Tanium score_4.png

3. Community Support

As a widely used systems management solution for managing Windows environments, SCCM community support resources are plentiful—both from Microsoft's Technet forums and other third-party websites. Tanium provides a community website to customers that features an updated knowledgebase and repository of support resources, but its corpus of community support resources is limited when compared with SCCM's.

SCCM score_5.png
Tanium score_4.png

4. Release Rate

SCCM and Tanium have undergone numerous releases and updates over the years, with 2016 being an especially monumental year for both products. Tanium 7 was released in May and features a signifcant reworking of its administration console and workflows. SCCM's March 2016 release—dubbed SCCM 1602—offers a host of new features, including an integration with Microsoft Intune for mobile device management. Both Tanium and SCCM have made their release histories/notes publicly available on their websites.

SCCM score_570.png
Tanium score_5.png

5. Pricing and Support

Though pricing is not publicly available, Tanium is certainly an enterprise-grade platform with associated enterprise-level costs—well beyond the means of most SMEs. To determine specific pricing for your organization, be prepared to consult with Tanium sales and/or professional services. An assortment of online and paid-for (phone and email) support options are available to customers.

Pricing for SCCM is publicly available on the Microsoft website: $3,607 and $1,323 for the datacenter and standard editions, respectively. Licensing is determined by number of servers cores and valid for 2 years. In terms of support, Microsoft's standard professional support options are available per incident ($499) or in 5-packs ($1999). 

SCCM score_4.png
Tanium

score_3.png

6. API and Extensibility

SCCM does not offer a RESTful API for building custom applications; that said, an SDK is available for building scripts to automate and add features/extensions to the product. Tanium provides a REST API for its IOC Detect service and a SOAP API for integrating the Server platform with a CMDB, SIEM, or in-house tool. 

SCCM score_3.png
Tanium score_4.png

7. 3rd Party Integrations

Tanium's Connect solution module enables integrations with third-party systems like SIEMs, ticketing systems, and automation tools—with out-of-the-box connector templates for ArcSight, LogRhythm, Splunk, and others. SCCM integrates well with other Microsoft products, with other integrations available through third-party vendors: Dell Update Tools, Secunia Vulnerability Scanning, and Coretek, to name a few.

SCCM score_3.png
Tanium score_4.png

8. Companies that Use It

Tanium's customer base includes many of the world's leading enterprises and organizations: Amazon, Nasdaq, JPMorgan Chase, Amazon, US Bank, MetLife, eBay, Verizon, and the US Department of Defense, to name a few. SCCM's dominance in this space is undisputed—Gartner recently named Microsoft as the market share leader in the client management tool market.

SCCM score_570.png
Tanium score_570.png

9. Learning Curve

Tanium has gone to great lengths to improve its ease-of-use; that said, the product may nonetheless feel complicated for novice and intermediate-level IT administrators. And despite positioning itself as the "Google of Enterprise IT," the solution has a moderate learning curve for gaining proficiency with its different queries and commands. However, this pales in comparison to SCCM's notoriously steep learning curve.

SCCM score_2.png
Tanium score_4.png

10. CSTAR

Tanium's CSTAR score of 836, while respectable, falls short due to various security flaws, namely the lack of HTTP strict transport security, secure cookies, and DNSSEC. Microsoft SCCM—with its 713 CSTAR score—also lacks secure cookies and DNSSEC, on top of other flaws like server information leakage and lack of HttpOnly cookies. 

SCCM

Screenshot 2016-11-28 at 9.28.55 PM.png

Tanium

Screenshot 2016-11-28 at 9.30.00 PM-1.png

 

Scoreboard and Summary

  SCCM Tanium
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png
CSTAR

Screenshot 2016-11-28 at 9.28.55 PM.png

Screenshot 2016-11-28 at 9.30.00 PM-1.png

Total  3.8 out of 5 4.1 out of 5

In short, both SCCM and Tanium are enterprise-level solutions that require significant time, expertise, and budgetary investment to properly deploy and manage. For Windows-based environments, SCCM is hard to beat, while organizations with heterogeneous infrastructures may benefit more from the Tanium offering. Many large enterprises have chosen to integrate the two platforms together for better coverage and resilience—this is certainly an ideal setup, albeit only feasable for the most deep-pocketed of organizations.

Get a Guided UpGuard Demo

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

 

 

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

 
For their workstations, administrators can:

Topics: data breaches, vulnerabilities, continuous security

UpGuard customers