Reviewing benchmark data

View benchmarks that are grouped into the following categories: enterprise risk, security, and operations.

Benchmark values

To see metrics and benchmark values, you must have licenses for the associated modules. For example, to view the Mean Time to Patch benchmark, you must have a license for Tanium Patch.

Benchmark values are anonymously collected and aggregated from Tanium Cloud customers every 24 hours. The benchmark data that you see compares the performance of your Tanium metrics with aggregated data that is collected anonymously from other Tanium customers in the same industry.

Each metric is presented as both a percentile value and the results, or actual values.

View benchmarks

  • Scope your metrics. On the Benchmark Home page, you can choose a computer group, timeframe, peer performance comparison, and chart type.
  • Set your target percentile. The percentile indicates a percentage of other Tanium customers that meet or exceed the benchmark value for a metric. You can choose 50th or 75th percentile. From the Benchmark home page, go to the Summary section and select the Target Benchmark. The target benchmark is displayed on all of the charts on the Benchmark home page.
  • Choose the type of charts that you want to view on the home page. Choose either the Percentile Distribution or Percentile Over Time chart type.
  • View an overview of metrics by category. On the Benchmark home page, you can view an overview of all the metrics that are available compared to the target percentile value that you selected.
  • View benchmark details. On the Benchmark home page, click View Details next to one of the categories. The percentile and results charts for each metric are displayed. You can hover over parts of the charts for more details. In the Percentile charts, you might want to investigate metrics with a Below Benchmark indicator. If a goal is set for the metric, a line is available for the in the Results chart for the metric, along with an indicator of whether the goal has been met.

    To set goals, see Set benchmark target goals.
    See the following sections for more details about each metric.

  • View the data that contributed to your metrics. To view a report with data details for the benchmark, click the title of the chart.

Set benchmark target goals

You can add goal values in addition to the benchmark metric values. These goals are tracked on the detail page charts for each benchmark metric.

  1. On the Benchmark Overview page, click Settings , then Target Goals.
  2. For each metric you want to track, select a goal. The goal can be linked dynamically to the 50th or 75th percentile value, or a specific value. To set goals for all metrics, click Set Method for All.
  3. Save your changes. Goals can take up to 24 hours to collect data and display on the Results chart for the metric. To start data collection, click Collect Data.

About bell curve charts

If you select Percentile Distribution for the chart types on the Benchmark Home page, you see a bell curve chart for each metric.

  • If you select 50 for your percentile value, 50 is on the chart and represents the median for the dataset.

  • The mean value is at the center of the curve, regardless of where the curve sits on the X axis.
  • The percentile value for your environment is represented with a vertical line with the percentile value on the X axis.
  • The relative position of the median and mean values skews the position of the bell curve on the chart. If the median and mean do not align, the chart is skewed to the right or left.
  • The shape of the curve identifies the standard deviation for the dataset.
    • Normal distribution: Most individual values sit in the middle of the range.
    • Deviations: The deviation affects the width of the bell curve, with a thinner curve showing that the values span a smaller range of values.

Enterprise Risk metrics

Tanium Risk Score

The percentage of risk vector contributions that reflect risk in specific focus areas of endpoint security. A high risk score indicates increased enterprise risk. For more information about this metric, see Risk score.

From module: Benchmark

System Vulnerability

 A risk vector that evaluates which endpoints are not patched against Common Vulnerabilties and Exposures (CVEs) and the severity of vulnerabilities on an endpoint. These vulnerabilities make an endpoint more susceptible to attackers. For more information about this metric, see Review System Vulnerability.

From module: Comply

System Compliance

This risk vector evaluates the compliance state of endpoints to defined security requirements and policies. For more information about this metric, see Review System Compliance.

From module: Comply

Administrative Access

This risk vector evaluates the least-privilege model on endpoints, determining potential lateral movement if an endpoint is compromised. Limit administrative access to prevent attackers from gaining access to elevated privileges. For more information about this metric, see Review Administrative Access.

From module: Impact

Password Identification

This risk vector evaluates user access to sensitive data, such as authentication credentials. Ensure that passwords are not stored in plain-text to prevent attackers and insider threats from accessing those credentials and gaining unauthorized access to enterprise endpoints. A high vector score indicates increased enterprise risk. For more information about this metric, see Review Password Identification.

From module: Reveal

Expired Certificates

This risk vector evaluates expired Transport Layer Security (TLS) and Secure Socket Layer (SSL) certificates on endpoints. Expired certificates present security issues because organizations cannot validate certificate revocation status to confirm trust in those certificates. A high vector score indicates increased enterprise risk. For more information about this metric, see Review Expired Certificates.

From module: Core Content

Insecure TLS/SSL

This risk vector evaluates insecure and outdated transport layer security protocols (SSLv3, TLSv1). These protocols can expose enterprise endpoints to man-in-the-middle attacks and expose sensitive data to attackers through browser exploitation. A high vector score indicates increased enterprise risk. For more information about this metric, see Review Insecure SSL/TLS.

From module: Core Content

Security metrics

Security metrics can help you understand how susceptible your environment is to attacks and malware, compared to other Tanium customers.

Missing Antivirus

The percentage of endpoints in the environment that are missing an antivirus solution. For information about improving this metric, see Tanium Enforce User Guide: Monitor and troubleshoot antivirus status on endpoints.

From module: Enforce

Out of Date Antivirus

The percentage of endpoints in the environment that have out of date antivirus. For information about improving this metric, see Tanium Enforce User Guide: Monitor and troubleshoot antivirus status on endpoints.

From module: Enforce

Missing Disk Encryption

The percentage of endpoints in the environment that are missing disk encryption. For information about improving this metric, see Tanium Enforce User Guide: Monitor and troubleshoot disk encryption status on endpoints.

From module: Enforce

Firewall Disabled

The percentage of endpoints in the environment that have a disabled firewall. For information about improving this metric, see Tanium Enforce User Guide: Monitor and troubleshoot disk encryption status on endpoints.

From module: Enforce

High Severity Vulnerabilities

The percentage of endpoints in the environment with Common Vulnerability Scoring System (CVSS) v2 high and critical vulnerabilities over 7 days old. For information about improving this metric, see Tanium Comply User Guide: Monitor and troubleshoot endpoints with critical or high vulnerabilities.

From module: Comply

Average Alerts per Day

The average number of alerts per day provided by Threat Response intel documents. You might have varying numbers and types of intel documents that affect the number of alerts. For information about managing the number of alerts, see Tanium Threat Response User Guide: Managing alerts.

From module: Threat Response

Impact Rating of Machines with Alerts

The average impact rating for endpoints that currently have active Threat Response intelligence alerts.

From module: Threat Response, Impact

Operations metrics

Operations metrics contain controls that an organization can put in place to prevent attackers from accessing sensitive data or performing malware attacks.

Patch Compliance

The percentage of endpoints that have not been updated with available software patches after 30 days since the patch became available. For more information about improving patch compliance, see Tanium Patch User Guide: Monitor and troubleshoot endpoints missing critical or important patches.

From module: Patch

Mean Time to Patch

The average number of days to patch endpoints following the availability of a patch. For more information about improving time to patch, see Tanium Patch User Guide: Troubleshoot mean time to patch.

From module: Patch

Software Update Compliance

The percentage of endpoints that have available software updates that have not been deployed after 30 days since the update became available. To improve this metric, see Tanium Deploy User Guide: Monitor and troubleshoot endpoints missing software updates released over 30 days.

From module: Deploy

Mean Time to Update

The average number of days to deploy software updates to endpoints following the availability of an update. To decrease the number of days for deployments, see Tanium Deploy User Guide: Monitor and troubleshoot mean time to deploy software.

From module: Deploy

Endpoint Impact Score

The average impact score across endpoints in the environment. The impact score provides insight to an enterprise's administrative realm by assessing access rights to determine how to reduce the attack surface. For more information, see Tanium Impact User Guide: Impact rating.

From module: Impact