Tanium vs. Microsoft SCCM: The Ferrari or the Sedan? Or Both?
In this article
One question many people struggle with today concerns what tools they should use to secure and manage their endpoints. While there are many options to choose from to protect global infrastructures, two that should be top of mind are Tanium and Microsoft System Center Configuration Manager (SCCM).
While it would be easy to say Tanium is just another security tool and Microsoft SCCM is just software everyone uses for Windows, each solution was built differently and has developed distinctive capabilities.
Microsoft has been managing Windows with SCCM since 1994 and has slowly expanded its capabilities. On the other hand, Tanium's innovative platform — with a focus on global speed, scalability and security — was built from the ground up in 2007 after founder Orion Hindawi sold BigFix to IBM.
Many things have changed since the '90s, but one thing that hasn't is the fact that customers continue to face exploding security threats:
- Infrastructure is more complex than ever and changing rapidly, whether in on-premise data centers or the cloud.
- Technical resources are scarce in the face of security challenges that seem to increase exponentially each day.
- Companies are still struggling with enterprise visibility and patching endpoints is a never-ending race.
Everyone seems to have too many tools, not enough resources and limited integration and automation. Companies are spending a great deal of money, yet breaches occur at a daunting rate.
Selecting the best tools for your business is about mapping the capabilities you need to the right tools based on your use cases. It's also essential to analyze current tools to understand how to simplify your ecosystem.
As we dive deeper into Tanium and Microsoft SCCM, we'll look at each solution's strengths and challenges, and how WWT has helped customers solve business problems with each solution — and sometimes with both tools together.
At first glance, these two solutions appear to have many overlapping functions. Each has its own pros and cons, with Tanium having wider capabilities across an ecosystem.
Microsoft SCCM is like the sedan of tools in that it's been around a while and is consistent, but you don't want your friends to see you in it. It's not eye-opening in terms of what it can do.
Tanium, on the other hand, is a Ferrari and Transformer robot all in one. It's fast and flashy and can do lots of different things, always expanding its capabilities and enhancing your ability to get you what you need as an enterprise.
Despite Tanium and SCCM being able to do similar things, Tanium has been shown to solve multiple customer problems tied to increasing visibility and security, reducing costs and improving integrations within a security tools ecosystem.
WWT can help customers test, validate, operationalize and manage both solutions.
The first step in selecting a solution is understanding and mapping your challenges to each tool's capabilities. That way you can identify the proper fit.
Is patching your largest problem? Do you know how many assets exist on your network? How would you identify and remediate a malware outbreak across your entire enterprise? Do your current tools work efficiently? Do you have the right set of tools with the right number of people to run them?
Both Tanium and Microsoft SCCM were created to do specific things within the enterprise. Because there's some overlap between these solutions, let's explore the pros and cons of each through the lens of what customer challenges they best solve.
Tanium is an enterprise platform that's primarily used as an endpoint management tool. It empowers security and IT operations teams with quick visibility and control to secure and manage every endpoint on the network, scaling to millions of endpoints with limited infrastructure.
Used by many Fortune 500 and federal organizations, Tanium started out as a security solution focused on Endpoint Detection and Response (EDR) and has expanded to many more use cases. Its various capabilities include security, visibility, compliance, patching, discovery and software deployment.
Tanium's unique linear chain architecture allows it to gather information about endpoints faster in order to secure and manage endpoints across the largest networks in the world.
Plus, Tanium continually expands its capabilities to let you displace other tools through a single platform that's wicked fast and easier to operate.
Tanium strengths include:
- Visibility and discovery are key strengths for Tanium. It has the ability to gather hardware, software and other information from endpoints across large enterprises in real time.
- Security: It has great threat hunting and EDR capabilities, including Incident Response and tracking.
- Compliance: Tanium is able to run compliance scans against all endpoints faster than other solutions enabling continuous compliance.
- Architecture: Its super-fast linear chain architecture decreases the time to get data. Tanium's architecture was built for scale and speed from the ground up after its founder experienced challenges managing the largest global environments with BigFix.
- Platform: Tanium is a platform that can achieve multiple things with one agent and minimal infrastructure. It also covers multiple operating systems including Windows, Linux, AIX and Solaris.
- Agents: Tanium has a stable client that rarely breaks and optimizes itself.
- Patching: Due to its linear chain architecture, Tanium can patch faster across large global enterprises. It can also patch Red Hat Linux and CentOS endpoints. For example, a large federal agency patched WannaCry in less than an hour with Tanium.
- Tools Rationalization: Tanium's ability to displace other solutions with its broad capabilities can save you money. It can also collect software usage data to drive cost savings. For example, a large global financial saved $18 million in OPEX in 18 months with Tanium.
Tanium challenges include:
- Endpoint Protection: Tanium does not yet have a full Endpoint Protection Platform (EPP) capability, though Tanium Signals — which uses a specific language syntax to build search expressions for process-related events on the endpoint — is a start. Tanium also has a partnership with Deep Instinct to provide EPP with Tanium.
- Speed: Because Tanium operates so fast that it can break things in an environment if not properly operationalized. WWT has helped customers operationalize hundreds of thousands of Tanium seats in a single deployment to mitigate this risk.
- Reporting: Tanium has the functionality to collect and save the last response from endpoints for selected queries and also show aggregated time-series visualizations with Tanium Trends, but does not support SIEM-like functionality of data warehouse storage.
- Mobile: Tanium doesn't support mobile devices yet and can't serve as a Mobile Device Manager (MDM) with its current capabilities.
- Architecture: Tanium's linear chain architecture can appear chatty to your network team. Peer-to-peer communication is a challenge in certain environments. The client is always talking on the network to get real-time information.
- Culture: Some customers are simply NOT ready for the light Tanium's data can shed on what's truly happening in their environment across organizational silos. No more hiding behind old spreadsheets and old data.
- Offline Assets: Assets must be online to be managed in Tanium. While Tanium can manage devices not connected to the corporate network, the devices must be powered on — something Tanium cannot do remotely.
Microsoft SCCM is a systems management tool for managing large groups of computers running Windows. It's been around for a long time and most Windows customers have it in their shops by default.
Its capabilities include remote access and control, monitoring, patch management, software distribution, infrastructure provisioning, operating system deployment, network access protection, and hardware and software inventory.
For Windows-only systems, SCCM is a leader in provisioning and managing endpoints. It can manage non-Window systems, but not as robustly. It's an established tool that many people use to manage large enterprises successfully.
Microsoft SCCM strengths include:
- Cost: It comes with standard Microsoft licensing, which most customers already have.
- Provisioning: It does bare metal provisioning of devices and has been for a while.
- Remote access: It enables remote control features for endpoints.
- Support: SCCM has a very strong user community and documentation. It's a very mature and established product.
- Integrations: It has tons of third-party integrations, including Ivanti for third-party patching.
- Agents: Everything is a pull operation, so the client checks in when it wakes up and automatically runs whatever it missed since the last check in.
- Windows 10 Migrations: WWT has migrated hundreds of thousands of endpoints to Windows 10 with Microsoft SCCM and our proprietary CPMigrator tool.
Microsoft SCCM challenges include:
- Agent Stability: SCCM agents fail a lot — it's still an issue for many customers. Tanium can monitor SCCM agents and keep them healthy.
- Reporting: Reporting isn't a strong suite for SCCM. Data isn't produced in real time, making it challenging to report on.
- Infrastructure: SCCM requires a great deal of infrastructure to manage large environments, though this necessity has diminished with the introduction of BranchCache and Peer Cache.
- No Linux/UNIX Support: As of the March 2019 SCCM 1902 update, SCCM no longer has any kind of support for Linux/Unix.
- Support: There's a steep learning curve for technical resources to run SCCM.
- Device Support: Non-Windows client-related support is a challenge.
The second step in selecting a solution is to understand how the tool integrates into your current ecosystem of security tools. Both have pretty good integration capabilities.
Tanium started heavy on the security side, while Microsoft SCCM began on the IT Operations side. Both solutions integrate with ServiceNow. Tanium integrates with Splunk and other data sources for security capabilities and reporting. SCCM integrates with Ivanti and other solutions for third-party patching. Tanium can be integrated with Cisco and Palo Alto solutions to do network quarantine on endpoints.
What's your primary focus?
- If it's security, Tanium is the best solution.
- If it's provisioning, SCCM.
- If it's compliance, Tanium.
- If it's remote access, SCCM.
- If it's visibility, Tanium.
- If it's patching, either will work. But if you want fast patching to attack zero days, Tanium is the answer.
- If you only use Windows devices, it's SCCM.
- If you're managing more than Windows devices, like Linux, Macs, AIX and Solaris, then Tanium is your best bet.
- SCCM may be better for companies that don't want to rock the boat and aren't looking to expand current capabilities or "how we've always done things."
Below are examples of how WWT customers have found value from each solution, sometimes using both at the same time:
- Discovery: WWT used Tanium to discover and classify thousands of previously unknown endpoints on a customer's network, reducing risk and increasing their security posture.
- Microsoft SCCM: WWT has tuned SCCM installations globally to manage thousands of endpoints more efficiently.
- Patching: WWT helped a large healthcare company go from patching 80% to 96% efficiency in four months using Tanium.
- Provisioning: WWT has used SCCM to provision thousands of endpoints for customers globally.
- Security: WWT has operationalized Tanium at many large commercial and federal customers to strengthen security posture and reduce the time-to-ROI for their investments.
- Windows 10 migrations: WWT has migrated hundreds of thousands of endpoints to Windows 10 with SCCM, Tanium and CPMigrator.
- Agent Health: Microsoft SCCM and Tanium can actually work better together. WWT has used Tanium to monitor failing SCCM agents and fix them to keep them up and running.
- Patching: While Tanium identified WannaCry-exposed endpoints for a customer, SCCM was used to patch those endpoints globally to reduce the security exposure.
As you can see, there are situations where using both Tanium and Microsoft SCCM can be advantageous depending on your situation.
Now that you know the strengths and challenges of Tanium and Microsoft SCCM and you've seen some of the value our customers have realized, the choice of which tool to use depends on your unique technical use cases, vendor alignment and financials.
We encourage you to try out both solutions in our Advanced Technology Center (ATC), where you can get hands-on experience in a lab environment that's modeled on your own. The best place to start is with a Security Tools Rationalization Workshop, where we'll map out your use cases to see whether Microsoft SCCM, Tanium or a combination of the two are the best fit.
And remember, it's not just the tools that are important — the right people and processes are needed to mature security capabilities and effectively manage endpoints across your business. Even the best tool will fail when paired with bad processes or a lack of resources.
Let us help operationalize your strategy and investments in Microsoft SCCM and Tanium tools. We'll also get you up to speed on where we see the field of endpoint security and management changing in the coming years.
For help understanding which solution to pick or how WWT can test, validate, operationalize and optimize security solutions, reach out by completing our Contact Us form.