Tanium Teams Up With IBM Cloud, Adds Risk Scoring

Endpoint security unicorn Tanium announced a hybrid cloud partnership with IBM and a new risk scoring product at its Converge conference this week. The news caps a busy year for the startup, which raised $167.2 million this year alone in two funding rounds that brought its total raised to $1 billion and sent its valuation soaring above $9 billion. Endpoint security unicorn Tanium announced a hybrid cloud partnership with IBM and a new risk scoring product at its Converge conference this week. The news caps a busy year for the startup, which raised $167.2 million this year alone in two funding rounds that brought its total raised to $1 billion and sent its valuation soaring above $9 billion. The IBM partnership will see the two vendors create a security and compliance monitoring service for hybrid cloud workloads. This targets highly regulated enterprises such as those in financial services and health care. And it will give IBM Cloud customers access to Tanium’s real-time visibility, compliance monitoring, policy enforcement, and threat remediation across distributed cloud environments and endpoints. “Moving to cloud doesn’t suddenly solve all of your problems by itself, you still need tools to enable the security and compliance on those endpoints on that workload in your cloud environment,” said Chris Hallenbeck, CISO of the Americas for Tanium. “So it’s a strong recognition that the some of the challenges will still remain, and you still need to address them. And it was a huge vote of confidence on IBM’s part to say that Tanium is the right fit to address some of those challenges.” The IBM partnership comes just a few months after Tanium expanded its partnership with Google Cloud. This new offering, sold by Tanium, aims to help enterprises detect, investigate, and scope advanced, persistent threats (APTs), and includes an integration between Tanium’s Threat Response and Chronicle, Google Cloud’s security analytics platform. Also at its Converge event this week, Tanium announced a new product called Risk that it plans to launch in early 2021. As the name implies, this will focus on risk management, and it will provide a risk-based view so enterprises can automate mitigation actions on endpoints and also prioritize their security investments and remediation based on risk. Tanium Risk calculates a risk score using key metrics across operational and security domains, and data privacy regulations such as GDPR and CCPA. It assesses endpoint configuration and health as it relates to these operational, security, and regulatory risk with the goal of helping organizations understand their risk posture over time. It can also drill down into security risk to provide a more detailed view into categories including sensitive data discovery, lateral movement potential, and vulnerabilities, and then provide actionable insights on how to fix the problems. While Tanium’s platform already provided endpoint management and security, the move into more wholistic risk management “is an area that we’ve been ripe to enter for a while,” Hallenbeck said. “At first, our focus was on the very tactical things that IT operations and security operations folks focus on. But there really wasn’t a way to give a complete picture to business leaders about what is the current state of things? Are we trending in the right direction over time? If we’ve been applying all these resources to fix things, are we making things better or not? That’s been a missing piece of the puzzle as well for a lot of organizations.” Companies can throw money at a security problem with a shiny new security tool, but they also need a way to measure if the investment is reducing their risk, he explained. “So having something like Risk that brings the security operations and the IT operations picture of their relative risk, and then that broader risk to the organization all in one view — that’s huge,” Hallenbeck added.