Gaining organizational effectiveness

The three key organizational governance steps to maximizing the value that is delivered by Connect are as follows:

Change management

Develop a tailored, dedicated change management process for patch management, taking into account the new capabilities provided by Tanium.

  • Update SLAs with elevated expectations, including connection configuration and maintenance.
  • Identify key resources in the organization to review and approve changes to connection requirements to ensure minimal unexpected or unapproved changes.
  • Identify internal and external dependencies for connections from Tanium sources to destinations (example: creating or updating database tables before sending data to a database).
  • Identify maintenance windows for various connection management scenarios to maximize connection uptime.
  • Create a Tanium steering group (TSG) for connection activities, to expedite reviews and approvals of processes that align with SLAs.

Organizational alignment

Successful organizations use Tanium across functional silos as a common platform for high-fidelity endpoint data and unified endpoint management. Tanium provides a common data schema that enables security, operations, and risk/compliance teams to assure that they are acting on a common set of facts that are delivered by a unified platform.

In the absence of cross-functional alignment, functional silos often spend time and effort in litigating data quality instead of making decisions to improve patch management.

Operational metrics

Connect maturity

Managing a program to export data from Tanium sources to destinations successfully includes operationalization of the technology and measuring success through key benchmarking metrics. The four key processes to measure and guide operational maturity of your Tanium Connect program are as follows:

Process Description
Usage how and when Tanium Connect is used in your organization
Automation how automated Tanium Connect is
Functional Integration how integrated Tanium Connect is, across IT security, IT operations, and IT risk/compliance teams
Reporting how automated Tanium Connect is and who the audience of connection reporting is

Use the following table to determine the maturity level for Tanium Connect in your organization.

    Level 1
(Needs improvement)
Level 2
(Below average)
Level 3
(Average)
Level 4
(Above average)
Level 5
(Optimized)
Process Usage Tanium Core Platform and Connect installed Basic connections configured and running, such as sending data to a File or Email destination Configuration fine-tuned, such as memory consumption or memory usage
  • Events forwarded from Tanium modules

  • Data filters configured to send new items, or data matching numeric values or regular expressions, to destination

Advanced connections configured and running, such as integrations with third-party applications (Splunk, ITSM solution, SQL Server)
Automation Manual Manual Scheduled connections Scheduled connections listening to event-based sources End-to-end workflow established to take action, such as alerting or remediation to a third-party application
Functional integration Unused AWS S3 or File destination configured, for example
  • Scheduled exports to third-party IT systems, such as data lakes and SIEMs

  • Email destination configured

  • Tanium Threat Response or Tanium Reputation sources configured, for example

Using export files, or integrated event forwarding and emails Connect integrated with a third-party application (Splunk, ITSM solution, SQL Server)
Reporting Unused Ad hoc; Reporting tailored to stakeholders at request Consistent; Reporting tailored to stakeholders on cadence Automated; Reporting tailored to stakeholders ranging from Operator to Executive Automated; Reporting tailored to stakeholders ranging from Operator to Executive