You may have heard that perimeter security is dead, but rest assured, IT folks aren't about to do way with their corporate firewalls just yet. The perimeter is just one—albeit critical—dimension of your organization's digital attack surface, and endpoint security is no less important, especially with the continued enterprise adoption of cloud and mobile technologies. Tanium and IBM BigFix are competing solutions in this space that were, interestingly, born from the same progeny.
According to Research and Markets, the global consumer endpoint security market is expected to grow 11.81% between 2016-2020. Both fledgling and veteran cybersecurity vendors recognize the enterprise's dire needs in the endpoint security and management space—increasingly, catastrophic outages and security compromises are due to simple misconfigurations and unpatched systems.
In fact, the SANS Institute cites unpatched software as being the most critical cyber security risk to businesses today. And in this age of business digitization, such disruptions carry a definitive price tag—whether it be a data breach or service interruption, IDC estimates that infrastructure downtime for large enterprises costs on average $100,000/hour, with critical application failures between $500,000 and $1 million/hour. IBM BigFix and Tanium focus on remediating and preventing these costly incidents through effective endpoint security and management.
IBM BigFix
As mentioned previously, both BigFix and Tanium were created by father/son duo David and Orion Hindawi. A decade before founding Tanium in 2007, the team developed BigFix for enterprise endpoint management—the company was later sold to IBM in 2010. Post-acquisition, the product was merged with IBM's Tivoli line and branded as Tivoli Endpoint Manager (TEM). TEM was later renamed IBM Endpoint Manager and more recently, simply IBM BigFix.
Today's IBM BigFix consists of a suite of complementary offerings for finding, fixing, and securing endpoints: IBM BigFix Compliance for continuous adherence with regulatory measures, IBM BigFix Patch for real-time patch management/enforcement, IBM BigFix Inventory for software audits and license management, and more.
Tanium
Speed is critical to effective endpoint security and management, whether it be spotting vulnerabilities before cyber attackers do or applying crucial patches/fixes en masse. To this end, Tanium offers its 15-second visibility/control and natural language search capabilities for querying endpoint configurations. These capabilities enable enterprises to detect security flaws and disseminate critical patches and updates faster than with traditional client management solutions.
Tanium's performance benefits are due to the platform's unique architecture: by using a peer-to-peer "linear chain" configuration, endpoint agents can communicate adjacently in dynamic configurations, with only select agents at the chain's endpoints communicating with the server directly. This allows for significant performance benefits for faster cyber threat response and remediation.
Side-by-Side Scoring: IBM BigFix vs. Tanium
1. Capability Set
Both platforms offer threat detection, vulnerability assessment, patch management, asset inventory management, and software distribution capabilities, among others; that said, BigFix is more on the IT operations management (ITOM) side of affairs. The platform's single-agent management console houses 18 applications for managing endpoints and infrastructure IT assets in one streamlined interface. Tanium is arguably more cybersecurity-focused, with various modules such as Compy, Discover, Incident Response, and more rounding out the platform's capabilities.
2. Ease of Use
BigFix can be complicated and difficult-to-use, with an abundance of submenus and confusing interface elements. In contrast, Tanium—with its familiar SaaS interface—is relatively trivial to get up to speed with; that said, an overload of dashboards make it somewhat unwieldy for novices.
3. Community Support
A myriad of community support resources exist for IBM BigFix, including the official BigFix forum and the community-driven BigFix.me community portal, to name a few. For an exhaustive list of BigFix community support resources, check out the product's developerWorks wikion the IBM website. Tanium also maintains a community website with an updated knowledgebase and repository of support resources.
4. Release Rate
BigFix has evolved significantly over the years, from its early incarnation as part of the Tivoli systems management platform to the latest IBM BigFix endpoint security and management suite, currently on version 9.5 at the time of this writing. Tanium 7 was released in May and includes a revamp of its administration console and workflows. Release histories for both Tanium and BigFix are available from the vendors' websites.
5. Pricing and Support
A monitoring system won't troubleshoot a configuration error. A configuration test script will.
Both Tanium and IBM BigFix platform are decidedly enterprise-level products and beyond the means of most SMEs. Specific pricing for Tanium is not publicly available, so be prepared to consult with Tanium sales and/or professional services.
However, various IBM BigFix components can be had quite affordably via the IBM Marketplace for certain use cases and applications—for example, its IBM BigFix Patch Management solution is available from $5.46 USD per user/year. Both vendors offer a myriad of online and paid-for (phone and email) support options to customers.
6. API and Extensibility
IBM BigFix can be readily extended using its well-documented APIs for customizing various platform components. For example, the Endpoint Manager Server can be accessed using the BigFix REST API; previous platform versions (e.g, TEM) can be extended with a SOAP API. Similarly, Tanium ships with a REST API for its IOC Detect service and SOAP API for integrating the Server platform with third-party or in-house developed solutions.
7. 3rd Party Integrations
Though BigFix integrations with Carbon Black, ServiceNow, and IBM's own QRadar SIEM are available, they pale in comparison to Tanium's ecosystem. The latter's Connect solution module allows for integrations with third-party systems, from SIEMs and ticketing systems to automation tools, with out-of-the-box connector templates for ArcSight, LogRhythm, Splunk, and others readily available.
8. Companies that Use It
BigFix's customer list includes some of the world’s largest and most prestigious organizations: HP, Northwestern University, CBS, UCSF, and Stanford University, to name a few. Not to be outdone, Tanium is used by leading global enterprises such as Amazon, Nasdaq, JPMorgan Chase, Amazon, US Bank, MetLife, eBay, Verizon, to name a few.
9. Learning Curve
Unfortunately, a steep learning curve in store for new IBM BigFix users—the complex offering is certainly not for the technically faint-of-heart. Fixlet authoring in particular can be challenging for novice/intermediate IT administrators. Tanium is better in this regard, but the platform may still feel complicated for novice/intermediate level IT folk, especially when learning its different queries and commands.
10. Security Rating
IBM BigFix scores a security rating of 779/950 and Tanium scores a similiar 741/950.
Scoreboard and Summary
Firms in the market for an ITOM-oriented endpoint solution will feel more at home with IBM BigFix, especially if other IBM solutions are in use (e.g., QRadar, IBM Security Access Manager). On the other hand, organizations looking to integrate endpoint management and cybersecurity into an existing, disparate toolset will likely get more value out of Tanium.
