We had some issues with the solution's OS upgrade. We had just downloaded one HP driver through the HP site, and the pack used, like, for more than 1 GB. Now, when I was deploying this package or the machine, its sync was getting so delayed because when I was installing it, I was not able to see the complete status, whether it was installed or not. The aforementioned areas in the solution I faced, especially for the driver, have room for improvement in this section.
Tanium's limitations should be improved because although it is a great tool, it is limited to only a few classes during a session. That doesn't do me any good if I do more than 300 classes. Tanium’s user interface should be made better by making it a little bit more simplistic.
Founder at a construction company with 11-50 employees
Real User
2022-09-02T01:05:48Z
Sep 2, 2022
The problem or challenge is a pre-sales and go-to strategy for the SMB market delivered through a channel or model. It's very convoluted and vague, which leads to some confusion about the various types of modules, and the device-to-seat cost is extremely difficult to calculate. You could have six different modules with 15 to 20 different device counts, which raises some red flags regarding service support and operational operations availability. To be honest, I don't have enough time in the seat, or on the technology, to say whether or not there is a gap in terms of function or software. It is not really additional functions, or the features that are needed, rather the complexity would be reduced based on the number of modules required to put together a comprehensive operational security and risk compliance model.
The main issues are the network connection because different customers have issues with their networks. It's difficult implementing this type of solution because the network is the main feature in the architecture for these types of solutions. Tanium could improve by creating some network optimization.
Cybersecurity Business & Technology Consultant at Capgemini
Real User
2022-03-31T19:53:00Z
Mar 31, 2022
The most painful thing is the interface. It's a bit unclear sometimes. The user interface also has to be more secure. If the end users are trying to patch a whole set of machines, they should be warned that it's going to be a deployment on the huge environment.
Sr Manager - Information Security & Researcher at a tech services company with 1,001-5,000 employees
Real User
2021-09-29T07:41:36Z
Sep 29, 2021
The performance could improve in future releases. We have had performance issues in specialized web environments, but overall I think the problems are less than 2% of the computer systems being used.
IT Security Manager at a transportation company with 1,001-5,000 employees
Real User
2021-04-09T22:12:57Z
Apr 9, 2021
The solution can give a lot of false positives. It's an aspect of the solution that could be looked at and worked on. If you deploy all the threat intelligence rules that come with it, you may spend a lot of time suppressing some of the false positives as some of them are very vague. You'll have the indicators due to the fact that you can suppress by hash or by pass or by command and parents process. However, that information is often very limited. You may get an alert for common language image load which can be a hacker technique, however, it's also a normal process between valid Microsoft processes, between the Msiexec, or some sort of system process. It's frustrating that there's not enough data - at least that I've found - to be able to determine whether something is a false positive or true positive. Whether it should be suppressed or whether you should let it go, the number of false positives you may have to deal with, if you enable all of these sources, could be over a hundred thousand. The scalability can be challenging, depending on a company's setup. The ability to calculate risk with one query would be useful. In other words, to be able to combine known vulnerabilities on an asset with known threats that are targeting that vulnerability from Intel. Being able to determine some way or another, which processes you prefer would be ideal. There should be more access to automated processes. Somehow you should be able to determine the business value of that asset and be able to have a true risk meaning and a true way to bubble up these high-value, high-risk assets. They need to get more attention. The solution needs some sort of risk engine that takes into account threat vulnerability and business value.
Tanium comes with multiple models, so definitely the threat protection is the primary opportunity area my organization is looking for. It is going to be primarily used for event collection, which is being fed into our centralized tools for tracing any kind of vulnerability or any kind of uneven situation.
Threat Intelligence at a university with 10,001+ employees
Real User
2019-03-11T07:21:00Z
Mar 11, 2019
* I would like to have more integrations and custom plugins to input. Integration is always a big deal in a lot of different environments. * Custom modules would be nice. * Visualization of data could be added to it. * Making the initial process easier always helps.
The reporting could be improved.
Tanium's dashboard UI could be similar to CrowdStrike.
We had some issues with the solution's OS upgrade. We had just downloaded one HP driver through the HP site, and the pack used, like, for more than 1 GB. Now, when I was deploying this package or the machine, its sync was getting so delayed because when I was installing it, I was not able to see the complete status, whether it was installed or not. The aforementioned areas in the solution I faced, especially for the driver, have room for improvement in this section.
Tanium's limitations should be improved because although it is a great tool, it is limited to only a few classes during a session. That doesn't do me any good if I do more than 300 classes. Tanium’s user interface should be made better by making it a little bit more simplistic.
The problem or challenge is a pre-sales and go-to strategy for the SMB market delivered through a channel or model. It's very convoluted and vague, which leads to some confusion about the various types of modules, and the device-to-seat cost is extremely difficult to calculate. You could have six different modules with 15 to 20 different device counts, which raises some red flags regarding service support and operational operations availability. To be honest, I don't have enough time in the seat, or on the technology, to say whether or not there is a gap in terms of function or software. It is not really additional functions, or the features that are needed, rather the complexity would be reduced based on the number of modules required to put together a comprehensive operational security and risk compliance model.
The main issues are the network connection because different customers have issues with their networks. It's difficult implementing this type of solution because the network is the main feature in the architecture for these types of solutions. Tanium could improve by creating some network optimization.
The most painful thing is the interface. It's a bit unclear sometimes. The user interface also has to be more secure. If the end users are trying to patch a whole set of machines, they should be warned that it's going to be a deployment on the huge environment.
The performance could improve in future releases. We have had performance issues in specialized web environments, but overall I think the problems are less than 2% of the computer systems being used.
The solution can give a lot of false positives. It's an aspect of the solution that could be looked at and worked on. If you deploy all the threat intelligence rules that come with it, you may spend a lot of time suppressing some of the false positives as some of them are very vague. You'll have the indicators due to the fact that you can suppress by hash or by pass or by command and parents process. However, that information is often very limited. You may get an alert for common language image load which can be a hacker technique, however, it's also a normal process between valid Microsoft processes, between the Msiexec, or some sort of system process. It's frustrating that there's not enough data - at least that I've found - to be able to determine whether something is a false positive or true positive. Whether it should be suppressed or whether you should let it go, the number of false positives you may have to deal with, if you enable all of these sources, could be over a hundred thousand. The scalability can be challenging, depending on a company's setup. The ability to calculate risk with one query would be useful. In other words, to be able to combine known vulnerabilities on an asset with known threats that are targeting that vulnerability from Intel. Being able to determine some way or another, which processes you prefer would be ideal. There should be more access to automated processes. Somehow you should be able to determine the business value of that asset and be able to have a true risk meaning and a true way to bubble up these high-value, high-risk assets. They need to get more attention. The solution needs some sort of risk engine that takes into account threat vulnerability and business value.
Our biggest issue with the solution is its lack of mobility. Also, when it comes to deploying the SaaS, it's more difficult to deploy on-prem.
Tanium comes with multiple models, so definitely the threat protection is the primary opportunity area my organization is looking for. It is going to be primarily used for event collection, which is being fed into our centralized tools for tracing any kind of vulnerability or any kind of uneven situation.
* I would like to have more integrations and custom plugins to input. Integration is always a big deal in a lot of different environments. * Custom modules would be nice. * Visualization of data could be added to it. * Making the initial process easier always helps.