You may have heard that perimeter security is dead, but rest assured, IT folks aren't about to do way with their corporate firewalls just yet. The perimeter is just one—albeit critical—dimension of your organization's digital attack surface, and endpoint security is no less important, especially with the continued enterprise adoption of cloud and mobile technologies. Tanium and IBM BigFix are competing solutions in this space that were, interestingly, born from the same progeny.
According to Research and Markets, the global consumer endpoint security market is expected to grow 11.81% between 2016-2020. Both fledgling and veteran cybersecurity vendors recognize the enterprise's dire needs in the endpoint security and management space—increasingly, catastrophic outages and security compromises are due to simple misconfigurations and unpatched systems.
In fact, the SANS Institute cites unpatched software as being the most critical cyber security risk to businesses today. And in this age of business digitization, such disruptions carry a definitive price tag—whether it be a data breach or service interruption, IDC estimates that infrastructure downtime for large enterprises costs on average $100,000/hour, with critical application failures between $500,000 and $1 million/hour. IBM BigFix and Tanium focus on remediating and preventing these costly incidents through effective endpoint security and management.
As mentioned previously, both BigFix and Tanium were created by father/son duo David and Orion Hindawi. A decade before founding Tanium in 2007, the team developed BigFix for enterprise endpoint management—the company was later sold to IBM in 2010. Post-acquisition, the product was merged with IBM's Tivoli line and branded as Tivoli Endpoint Manager (TEM). TEM was later renamed IBM Endpoint Manager and more recently, simply IBM BigFix.
The IBM BigFix UI. Source: ibm.com.
Today's IBM BigFix consists of a suite of complementary offerings for finding, fixing, and securing endpoints: IBM BigFix Compliance for continuous adherence with regulatory measures, IBM BigFix Patch for real-time patch management/enforcement, IBM BigFix Inventory for software audits and license management, and more.
Speed is critical to effective endpoint security and management, whether it be spotting vulnerabilities before cyber attackers do or applying crucial patches/fixes en masse. To this end, Tanium offers its 15-second visibility/control and natural language search capabilities for querying endpoint configurations. These capabilities enable enterprises to detect security flaws and disseminate critical patches and updates faster than with traditional client management solutions.
Tanium IOC Detect interface. Source: tanium/vimeo.com.
Tanium's performance benefits are due to the platform's unique architecture: by using a peer-to-peer "linear chain" configuration, endpoint agents can communicate adjacently in dynamic configurations, with only select agents at the chain's endpoints communicating with the server directly. This allows for significant performance benefits for faster threat response and remediation.
Side-by-Side Scoring: IBM BigFix vs. Tanium
1. Capability Set
Both platforms offer threat detection, vulnerability assessment, patch management, asset inventory management, and software distribution capabilities, among others; that said, BigFix is more on the IT operations management (ITOM) side of affairs. The platform's single-agent management console houses 18 applications for managing endpoints and infrastructure IT assets in one streamlined interface. Tanium is arguably more cybersecurity-focused, with various modules such as Compy, Discover, Incident Response, and more rounding out the platform's capabilities.
2. Ease of Use
BigFix can be complicated and difficult-to-use, with an abundance of submenus and confusing interface elements. In contrast, Tanium—with its familiar SaaS interface—is relatively trivial to get up to speed with; that said, an overload of dashboards make it somewhat unwieldy for novices.
3. Community Support
A myriad of community support resources exist for IBM BigFix, including the official BigFix forum and the community-driven BigFix.me community portal, to name a few. For an exhaustive list of BigFix community support resources, check out the product's developerWorks wikion the IBM website. Tanium also maintains a community website with an updated knowledgebase and repository of support resources.
4. Release Rate
BigFix has evolved significantly over the years, from its early incarnation as part of the Tivoli systems management platform to the latest IBM BigFix endpoint security and management suite, currently on version 9.5 at the time of this writing. Tanium 7 was released in May and includes a revamp of its administration console and workflows. Release histories for both Tanium and BigFix are available from the vendors' websites.
5. Pricing and Support
Both Tanium and IBM BigFix platform are decidely enterprise-level products and beyond the means of most SMEs. Specific pricing for Tanium is not publicly available, so be prepared to consult with Tanium sales and/or professional services.
However, various IBM BigFix components can be had quite affordably via the IBM Marketplace for certain use cases and applications—for example, its IBM BigFix Patch Management solution is available from $5.46 USD per user/year. Both vendors offer a myriad of online and paid-for (phone and email) support options to customers.
6. API and Extensibility
IBM BigFix can be readily extended using its well-documented APIs for customizing various platform components. For example, the Endpoint Manager Server can be accessed using the BigFix REST API; previous platform versions (e.g, TEM) can be extended with a SOAP API. Similarly, Tanium ships with a REST API for its IOC Detect service and SOAP API for integrating the Server platform with third-party or in-house developed solutions.
7. 3rd Party Integrations
Though BigFix integrations with Carbon Black, ServiceNow, and IBM's own QRadar SIEM are available, they pale in comparison to Tanium's ecosystem. The latter's Connect solution module allows for integrations with third-party systems, from SIEMs and ticketing systems to automation tools, with out-of-the-box connector templates for ArcSight, LogRhythm, Splunk, and others readily available.
8. Companies that Use It
BigFix's customer list includes some of the world’s largest and most prestigious organizations: HP, Northwestern University, CBS, UCSF, and Stanford University, to name a few. Not to be outdone, Tanium is used by leading global enterprises such as Amazon, Nasdaq, JPMorgan Chase, Amazon, US Bank, MetLife, eBay, Verizon, to name a few.
9. Learning Curve
Unfortunately, a steep learning curve in store for new IBM BigFix users—the complex offering is certainly not for the technically faint-of-heart. Fixlet authoring in particular can be challenging for novice/intermediate IT administrators. Tanium is better in this regard, but the platform may still feel complicated for novice/intermediate level IT folk, especially when learning its different queries and commands.
BigFix scores an average CSTAR score of 825, with security flaws like an outdated SSL/TLS version, missing HTTP strict transport security, and disabled DNSSEC impacting its website perimeter security posture. Tanium scores worse with a CSTAR score of 789 and suffers from various security flaws such as a lack of HTTP strict transport security and DNSSEC.
Scoreboard and Summary
|Ease of Use|
|Pricing and Support|
|API and Extensibility|
|3rd Party Integrations|
|Companies that Use It|
|Total||3.8 out of 5||4.1 out of 5|
Firms in the market for an ITOM-oriented endpoint solution will feel more at home with IBM BigFix, especially if other IBM solutions are in use (e.g., QRadar, IBM Security Access Manager). On the other hand, organizations looking to integrate endpoint management and cybersecurity into an existing, disparate toolset will likely get more value out of Tanium. In either case, UpGuard's resilience platform validates that your security efforts are working as expected by taking into account both internal and external measures of cybersecurity fitness.