What’s Next in Compliance and Security: Introducing Tanium Integrity Monitor

Joseph Lea Posted on 02.02.17 — by Joseph Lea

Integrity Monitor Blog (1)

Regulatory compliance is an acute pain point our customers raise with us time and again. The pace and complexity of compliance standards are increasing, and compliance tools are not keeping up. While there is no silver bullet for compliance, we see tremendous opportunity to simplify and drive efficiencies.

Today, we are announcing Tanium Integrity Monitor to extend our capabilities in this area. Our new offering follows on the release last quarter of Tanium Comply, which is designed to help our customers streamline the process of meeting regulatory requirements for security configuration and vulnerability scanning.

Tanium Integrity Monitor is designed to help users further simplify regulatory compliance and make enterprise-wide file integrity monitoring more effective than existing point tools. It enables users to consolidate point solutions into a single integrated platform. This helps compliance and security teams become more efficient by tapping into the speed, scale, and completeness of the Tanium platform.

The concept of File Integrity Monitoring (FIM) itself is simple: continuously watch for changes to important files on your endpoints and alert security staff about unauthorized or malicious changes. The various compliance standards — such as PCI-DSS, HIPAA, SOX, NERC-CIP, CIS Critical Security Controls, etc. — require these tools to be deployed and functional.

The problems with file integrity monitoring tools are rooted in the size and complexity of today’s IT infrastructures. While it’s rational to expect vendors of FIM tools to have kept up, the reality is that they’ve been slow to innovate. Most tools are expensive and difficult to deploy. When deployed, they are hard to manage in distributed environments. Worse yet, they suffer from poor agent health.

To illustrate the complexity of today’s environments, consider the common practice of compliance scope reduction. To reduce compliance cost, organizations implement tight network segmentation and end up with pockets of regulated infrastructure. As a result, they either struggle to scale their FIM tools across distributed infrastructure or, more commonly, opt to deploy and manage multiple tools.

In addition, FIM tools are notoriously noisy. Given how frequently files change in today’s environments, customers dramatically tune these tools down, minimizing the value from the solutions. Yet, they must deploy and manage one more single-purpose agent and backend infrastructure for file integrity monitoring. The result? Customers are paying a lot for little value.

Tanium Integrity Monitor enables continuous monitoring of critical system, application, and log files by leveraging an existing Tanium agent and infrastructure. As you would expect, alerts are delivered faster and more reliably than ever using Tanium’s signature speed and scale. Furthermore, agent deployment, health, and management are solved by the unmatched performance, scalability, and resilience of the Tanium architecture. Satisfying compliance across distributed environments becomes simple once again by consolidating yet another point tool, changing FIM from a standalone solution to an integrated part of the Tanium platform.

Tanium Integrity Monitor also enables you to consider applying FIM to other use cases beyond compliance. The Tanium platform enables customers to deploy file integrity monitoring to literally every endpoint as a security hygiene best practice. Imagine being able to flexibly deploy continuous monitoring for common attack entry points (such as browser plug-in directories), or any emerging vectors as the threat landscape evolves.

IT infrastructure is dynamic and file integrity monitoring should be no different. With Tanium Integrity Monitor, dynamic groups of computers (such as Windows machines, Linux machines, or POS systems) can be automatically updated with the right monitoring so FIM can finally keep pace with the changing IT environment.

The power of Tanium Integrity Monitor becomes even more evident when used in concert with the Tanium Core Platform and other product modules. By using Tanium Comply for security configuration and vulnerability management, and using Tanium Protect to manage native operating system protections, you can further simplify the process of meeting your compliance requirements. Even active investigation of alerts using Tanium Trace is possible using the integrated Tanium platform. It should come as no surprise that each of these product modules, while improving efficiency, also eliminates agents and infrastructure associated with their comparable point tools.

The Tanium Integrity Monitor module will be available in March 2017. We are excited about the possibilities to dramatically simplify compliance and extend the value of file integrity monitoring to broader enterprise use cases.  
Want to see how Tanium can simplify your compliance? Download these compliance checklists: PCI, CIS Critical Security Controls and NIST Cybersecurity Framework to get started. Better yet, let us show you a demo.