UpGuard Tech Articles

Tanium vs SCCM

Written by UpGuard | Nov 29, 2016 8:23:08 PM

More often, catastrophic outages and security compromises can be traced back to simple misconfigurations and unpatched systems. This isn't to say that elements like pilot error and the workings of nefarious actors are not common—they certainly are—but IT asset misconfigurations tend to be the lowest common denominator in most of these scenarios. That being the case, a plethora of solutions focus on systems management for maintaining strong security and quality of service. Tanium and Microsoft System Center Configuration Manager (SCCM) are two such solutions competing in this space.

Unfortunately, misconfiguration-induced outages have become both increasingly commonplace and expensive. A recent report from IDC states that infrastructure downtime in large enterprises carries on average a $100,000 per hour price tag. Critical application failures are even more devastating to the bottom line, costing between $500,000 and $1 million per hour. 

Data breaches are also on the rise and can be equally costly and arguably more brand damaging, but all the same—the underlying cause is usually the rather unglamorous misconfiguration, as opposed to advanced methods of highly-sophisticated cyber attackers. According to Gartner, 99% of firewall breaches are caused by misconfigurations. And what of unpatched software? Regular, comprehensive patching routines are mandated by compliance measures like HIPAA and PCI DSS, for good reason: according to the SANS Institute, unpatched software is the most critical cyber security risk to businesses today. This is where Tanium and SCCM come in—by ensuring that system configurations are as expected and necessary patches are deployed en masse, they can prevent outages and data breaches from disrupting the business.


Previously known as Systems Management Server (SMS), SCCM is Microsoft's flagship product for systems management. The solution allows IT administrators to assess/update and deploy software on servers in physical and virtual environments, as well as desktops and mobile devices. Like most Microsoft products, all management is done visually through a single unified GUI console. Using SCCM's comprehensive set of administrative tools, users can create custom software/OS installations and configurations to be deployed across multiple machines or environments. 

The SCCM 2012 UI. Source: windowsitpro.com.

SCCM offers a wide range of administrative tools for managing both rudimentary and large, complex IT infrastructures. For example, administrators can use it to deploy operating systems and software to greenfield environments or push patches and configurations to any number of machines on a network. The solution also includes various security features for monitoring anti-malware services, reporting policy violations, preventing/responding to breaches, and more.


Founded by father and son duo Orion and David Hindawi in 2007, Tanium's endpoint security and systems management platform features 15-second visibility/control and natural language search capabilities for querying endpoint configurations. For example, to get all versions of the Tanium client running in your environment, you would type the following into the UI's prominently placed search box:

“Get Tanium Client Version from all machines” 

Additionally, the solution purportedly detects security flaws (e.g., misconfigurations, vulnerabilities) and pushes out critical patches and updates faster than traditional client management solutions due to its unique architecture.

Tanium IOC Detect interface. Source: tanium/vimeo.com.

Here's the gist: a typical client-server architecture consists of one-to-one connections between endpoint components and servers—a setup that quickly becomes slow and convoluted in complex, expansive infrastructures. In contrast, Tanium's proprietary architecture uses so-called "linear chains" that enable adjacent endpoint agents to communicate with each other in a dynamic peer-to-peer configuration. Servers only communicate with select agents at the ends of these chains, allowing for significant performance benefits for faster threat response and remediation.

Side-by-Side Scoring: SCCM vs. Tanium

1. Capability Set

SCCM and Tanium are comprehensive platforms for managing endpoints and other IT assets in an environment. Both solutions offer a myriad of features to facilitate threat detection, vulnerability assessment, patch management, asset inventory management, software distribution, and more.



2. Ease of Use

Deploying Tanium is trivial and its SaaS-based interface make it relatively easy to get up to speed with. That said, its multitude of dashboards can be a bit overwhelming for novice users. As a Microsoft solution, SCCM will feel immediately familiar to Windows administrators, but in general the product's interface is not immediately intuitive to the average IT operator. 


3. Community Support

As a widely used systems management solution for managing Windows environments, SCCM community support resources are plentiful—both from Microsoft's Technet forums and other third-party websites. Tanium provides a community website to customers that features an updated knowledgebase and repository of support resources, but its corpus of community support resources is limited when compared with SCCM's.


4. Release Rate

SCCM and Tanium have undergone numerous releases and updates over the years, with 2016 being an especially monumental year for both products. Tanium 7 was released in May and features a signifcant reworking of its administration console and workflows. SCCM's March 2016 release—dubbed SCCM 1602—offers a host of new features, including an integration with Microsoft Intune for mobile device management. Both Tanium and SCCM have made their release histories/notes publicly available on their websites.


5. Pricing and Support

Though pricing is not publicly available, Tanium is certainly an enterprise-grade platform with associated enterprise-level costs—well beyond the means of most SMEs. To determine specific pricing for your organization, be prepared to consult with Tanium sales and/or professional services. An assortment of online and paid-for (phone and email) support options are available to customers.

Pricing for SCCM is publicly available on the Microsoft website: $3,607 and $1,323 for the datacenter and standard editions, respectively. Licensing is determined by number of servers cores and valid for 2 years. In terms of support, Microsoft's standard professional support options are available per incident ($499) or in 5-packs ($1999). 


6. API and Extensibility

SCCM does not offer a RESTful API for building custom applications; that said, an SDK is available for building scripts to automate and add features/extensions to the product. Tanium provides a REST API for its IOC Detect service and a SOAP API for integrating the Server platform with a CMDB, SIEM, or in-house tool. 


7. 3rd Party Integrations

Tanium's Connect solution module enables integrations with third-party systems like SIEMs, ticketing systems, and automation tools—with out-of-the-box connector templates for ArcSight, LogRhythm, Splunk, and others. SCCM integrates well with other Microsoft products, with other integrations available through third-party vendors: Dell Update Tools, Secunia Vulnerability Scanning, and Coretek, to name a few.


8. Companies that Use It

Tanium's customer base includes many of the world's leading enterprises and organizations: Amazon, Nasdaq, JPMorgan Chase, Amazon, US Bank, MetLife, eBay, Verizon, and the US Department of Defense, to name a few. SCCM's dominance in this space is undisputed—Gartner recently named Microsoft as the market share leader in the client management tool market.


9. Learning Curve

Tanium has gone to great lengths to improve its ease-of-use; that said, the product may nonetheless feel complicated for novice and intermediate-level IT administrators. And despite positioning itself as the "Google of Enterprise IT," the solution has a moderate learning curve for gaining proficiency with its different queries and commands. However, this pales in comparison to SCCM's notoriously steep learning curve.



Tanium's CSTAR score of 836, while respectable, falls short due to various security flaws, namely the lack of HTTP strict transport security, secure cookies, and DNSSEC. Microsoft SCCM—with its 713 CSTAR score—also lacks secure cookies and DNSSEC, on top of other flaws like server information leakage and lack of HttpOnly cookies. 




Scoreboard and Summary

  SCCM Tanium
Capability Set
Ease of Use
Community Support
Release Rate
Pricing and Support
API and Extensibility
3rd Party Integrations
Companies that Use It
Learning Curve

Total  3.8 out of 5 4.1 out of 5

In short, both SCCM and Tanium are enterprise-level solutions that require significant time, expertise, and budgetary investment to properly deploy and manage. For Windows-based environments, SCCM is hard to beat, while organizations with heterogeneous infrastructures may benefit more from the Tanium offering. Many large enterprises have chosen to integrate the two platforms together for better coverage and resilience—this is certainly an ideal setup, albeit only feasable for the most deep-pocketed of organizations.


More Articles


Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.



Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

For their workstations, administrators can: