Tanium Adds Incident Response Expertise

A former FireEye staffer joins Tanium as chief security architect to help organizations do their own incident response.

incident response

Well-funded security vendor Tanium today is expanding its capabilities, but not by way of a specific new feature; rather, by way of a major new talent acquisition. Tanium announced that it has appointed Ryan Kazanciyan as chief security architect to help push the company's security research and capabilities forward.

Prior to joining Tanium, Kazanciyan spent nearly six years at FireEye's Mandiant as technical director and incident response functional lead. Mandiant has emerged over the last decade as one of the leading incident response vendors and has been involved in the investigation of many high-profile breaches in recent years. Tanium does not bill itself as an incident response vendor, but rather as an endpoint security platform. The company has raised $142 million in funding, with its most recent round being $52 million on March 31.

"I've spent the last six years investigating targeted attacks, and I've seen how a lot of companies struggle with intrusions," Kazanciyan told eWEEK. "I've seen the common denominators across cases and why the time between initial compromise and detection is so long."

Kazanciyan spoke with eWEEK in February about compromise detection time spans, when the FireEye M-Trends 2015 report was released. At the time, FireEye reported that the median number of days before a breach was discovered in 2014 was 205 days, down from 229 days in 2013.

"What drew me to Tanium is that the platform got me interested in how incident response could be drastically improved," he said.

The Tanium platform provides visibility into endpoints as well as control. With the recent Tanium 6.5 update, users can now also get control over patching levels on endpoints to help further reduce security risks. Hewlett-Packard's 2015 Cyber Risk report found that in 2014, 44 percent of breaches could be attributed to patched vulnerabilities that were between 2 and 4 years old.

While Tanium's platform provides visibility and control for endpoints, Kazanciyan emphasized that there is a lot that enterprises can do with existing operating system features to lock down security. It's possible for enterprises to instrument their existing operating system deployments to improve security, he said.

"One of the things that I'm really passionate about is taking the capabilities that operating systems already provide that are underutilized and making it easier for companies to take advantage of those things to better secure their environment," Kazanciyan said.

Every operating system has security features, but they are not always able to be controlled from a centralized point, he said. Plus, getting data back from endpoint systems isn't always an easy thing to do.

"For example, you can do an enormous amount of security monitoring on individual Windows systems, and Microsoft Active Directory provides a degree of enterprise control," Kazanciyan said. "But if you want real-time visibility into all of your endpoints, regardless of whether they are Windows, Linux or OS X, I think that's the challenge companies are coping with now."

Tanium helps provide visibility and control across all of an enterprise's endpoint platforms, he added.

Kazanciyan isn't the only FireEye employee to leave the company for another security vendor. In March, security vendor Rapid7 announced that former FireEye employee Wade Woolwine would be leading a new incident response group. At Tanium, Kazanciyan's goal, however, is not initially to start up incident response as a professional services offering, but rather to integrate it as part of the Tanium platform.

Kazanciyan said he can't speculate on future professional services offerings from Tanium. That said, he noted that his primary goal is to use Tanium's existing capabilities to help improve the incident response process. He added that with the right tools, an organization doesn't necessarily need a large staff or external consultants to find and respond to potential security incidents.

"The real time visibility that Tanium provides can drastically change the way that a lot of companies monitor their own environments," Kazanciyan said. "I'd really love to be able to empower more companies to be able to secure and investigate their own environments themselves."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.