Gaining organizational effectiveness

There are four key organizational governance steps to maximizing the value delivered by Tanium Enforce to enable time to value:

Change management

Develop a tailored, dedicated change management process to create a streamlined process around configuration and compliance policy management across endpoints with one console.

  • Update SLAs and align activities to key resources for Tanium Enforce activities across configuration and compliance policy management processes. For example, see RACI chart.

  • Designate change or maintenance windows for various activities across configuration and compliance policy management scenarios. For example, implement a new firewall rule or endpoint hardening policy.

  • Identify internal and external dependencies to your configuration and compliance policy management process. For example, compliance with standards such as SLAs or with PCI or HIPAA.

  • Create a Tanium Steering Group (TSG) for discovery activities to expedite reviews and approvals of processes that align with SLAs.

RACI chart

A RACI chart identifies the team or resource who is Responsible, Accountable, Consulted, and Informed, and serves as a guideline to describe the key activities across the security, risk/compliance, and operations teams. Every organization has specific business processes and IT organization demands. The following table represents Tanium’s point of view for how organizations should align functional resources across configuration and compliance policy management. Use the following table as a baseline example.

Task Security Team Operations Team Risk/Compliance Team Rationale

Define Policies: Define Security Policies

 A/R I I Security team creates security policies. For example, firewall policies, anti-malware policies, and end-state computer security settings.

Define Policies: Define Configuration Policies

 I A/R I Operations team creates configuration policies. For example, application settings, browser settings, operating system look-and-feel/system settings.

Deploy Policies

 A/R A/R I The targets created in the security and configuration policies are then configured in Tanium Enforce and policies are deployed to defined targets.
Assess Results of Policies Using Reports A/R A/R A/R Using Tanium Enforce, review the workbench/Trends boards/Reporting dashboards of policy results for assessment and remediation of any findings or need for configuration changes.
Remediate Findings and Configuration Changes A/R A/R I Using the output of the results, action through remediation of findings and configuration changes. For example, change targets, revise policy configuration errors, and then the workflow proceeds in a continuous loop.
Standard Enforce workflow (click image to enlarge)

Organizational alignment

Successful organizations use Tanium across functional silos as a common platform for high-fidelity endpoint data and unified endpoint management. Tanium provides a common data schema that enables security, operations, and risk / compliance teams to assure that they are acting on a common set of facts that are delivered by a unified platform.

In the absence of cross-functional alignment, functional silos often spend time and effort in litigating data quality instead of making decisions on how to manage software and hardware assets.

Operational metrics

Enforce maturity

Managing a configuration and compliance policy management program successfully includes operationalization of the technology and measuring success through key benchmarking metrics. The four key processes to measure and guide operational maturity of your Tanium Enforce program are as follows:

Process Description
Usage how and when is Tanium Enforce used in your organization (example: Is Tanium the sole tool or is it being supplemented by a legacy tool, such as Active Directory Group Policy?)
Automation how automated is Tanium Enforce, and how well is it leveraged in automation of other systems
Functional Integration how integrated Tanium Enforce is, across IT security, operations, compliance/risk, and asset management teams
Reporting how is data from Tanium Enforce consumed by people and systems within the organization

Benchmark metrics

In addition to the key configuration and compliance policy management processes, the three key benchmark metrics that align to the operational maturity of the Tanium Enforce program to achieve maximum value and success are as follows:

Value Metric Value Metric #1 Value Metric #2 Value Metric #3 Value Metric #4 Value Metric #5
Metric Title Enforce Coverage (% of total) Policy Enforcements (% of total) Host firewall enabled Disk Encryption Enabled Antivirus Enabled
Why this metric matters Provides visibility into the number of systems managed by Enforce Provides visibility of policy health across enterprise. Enforcement errors or unenforced endpoints introduce risk to the environment. Provides visibility of host firewall status across enterprise. Endpoints that do not have a host firewall installed and enabled introduce risk to the environment. Provides visibility of hard drive encryption status across enterprise. Unencrypted endpoints introduce risk to the environment. Provides visibility of Antivirus status across enterprise. Endpoints that do not have an AV agent installed and enabled introduce risk to the environment.
Instrumentation Tools sensor Enforce policy status (per policy type) / managed endpoints. Enforce - Host firewall is enabled (Sensor and Board) Trends Enforce - Encryption Status (Board) Enforce - Antivirus Is Enabled (Sensor and Board)

Maturity workflow

Use the following table to determine the maturity level for Tanium Enforce in your organization.

    Level 1
(Initializing)		 Level 2
(Progressing)		 Level 3
(Intermediate)		 Level 4
(Mature)		 Level 5
(Optimized)
Process Usage Enforce imported/native OS, application, and security policies configured/policies are enforced through legacy means Policies are applied and verified Policies for control group of desktops/servers are implemented For end user/desktop endpoint, team is using Enforce to push policy configurations to endpoints and enforce them for all managed technologies Implementation across all capable operating systems
Automation Manual Policies are reapplied automatically Policies are reapplied automatically Policies are reapplied automatically Policies are reapplied automatically; enforcement of the policies across all capable operating systems
Functional integration Native controls are integrated as applicable (example: Defender, Firewall, AppLocker, BitLocker, FileVault and AD Group Policy) Native controls are integrated as applicable (example: Defender, Firewall, AppLocker, BitLocker, FileVault and AD Group Policy) Native controls are integrated as applicable (example: Defender, Firewall, Applocker, BitLocker, FileVault and AD Group Policy/Remediation policies for file and service operations integrated) Native controls are integrated as applicable (example: Defender, Firewall, AppLocker, BitLocker, FileVault and AD Group/Remediation policies for file and service operations integrated) Remediation policies for file and service operations integrated
Reporting Manual; via Enforce workbench / for operators only Manual; Enforce integration with native tools to export reports Automated; Trends boards or Tanium Reporting for operators / peer group only Automated; Trends boards or Tanium Reporting tailored to stakeholders ranging from Operator to Executive Automated; Trends boards or Tanium Reporting tailored to stakeholders ranging from Operator to Executive
Metrics Verified enforcement per policy (% of total enforcements vs. enforcement errors) 0-69% 70-79% 80-89% 90-98% 99-100%
% of hosts with firewall enabled 0-69% 70-79% 80-89% 90-98% 99-100%
% of hosts with disk encryption enabled 0-69% 70-79% 80-89% 90-98% 99-100%
% of hosts with antivirus enabled 0-69% 70-79% 80-89% 90-98% 99-100%