Tanium Autonomous Endpoint Management (AEM): The Experiences that Scale IT and Security Execution

Tanium Autonomous Endpoint Management (AEM) changes everything. By providing new AI-powered autonomous capabilities, Tanium AEM empowers organizations to optimize endpoint management and bolster security measures with unparalleled confidence, precision, and efficiency. With its revolutionary approach, Tanium AEM leverages advanced data-driven insights, automated processes, and robust oversight and governance to safely and reliably deliver change into the environment, ensuring operational health and security while reducing the business risk of negative IT outcomes.

Tanium’s autonomous capabilities are seamlessly integrated throughout the product. Below, we’ll highlight one of the many end-to-end experiences provided by Tanium AEM. It begins with Tanium Guide and then shows how Adaptive Actions and Action Oversight can be used to safely deliver changes into the IT environment.

Tanium Guide: Enhanced task prioritization

Designed to tackle the overwhelming number of tasks faced by IT operations and security teams, Tanium Guide ensures that both entry-level users and seasoned professionals alike can efficiently manage thousands of endpoints. By providing clear, environment-specific notifications, Tanium Guide addresses the essential question, “What should I do next?” This enables operators to seamlessly transition between reviewing notifications and taking action or further investigating issues.

With proactive insights, Tanium Guide offers detailed analysis and actionable notifications on how and where it may be possible to enhance operational health and security. Imagine having a system that not only identifies where improvements can be made in the environment and potential vulnerabilities but also suggests the exact steps needed to address them. Tanium’s insights do just that, providing a forward-looking perspective on maintaining a robust and secure IT environment.

Tanium Guide introduces two types of notifications: Guidance and Observation. Guidance notifications link directly to actionable remediations, while Observations highlight important environmental factors that need investigation.

Figure 1: Tanium Guide Administration screen

Both Guidance and Observation notifications provide a real-time view of affected endpoints or data, facilitating further investigation by operators. Whenever possible, an option to take automated actions to implement an improvement or remediate an issue that has been detected is made available.

Tanium Guide provides a summary of actionable notifications and insights in a lightweight, collapsible notification view that is available no matter where an operator is in the Tanium console.

Figure 2: Tanium Guide collapsible notification view

The Tanium Guide view is complemented with a comprehensive workspace that seamlessly integrates Tanium Guide and other activities all within a single integrated view. This view provides additional sorting and filtering options, empowering improved prioritization and investigation of what matters most across the entire environment.

Figure 3: The Tanium Guide comprehensive workspace

Introducing Confidence Scores

Throughout Tanium AEM, operators encounter various opportunities and tasks aimed at enhancing the digital experience of employees and improving the health and security of endpoint operations. One of the initial questions operators might ask themselves is, “How likely is it that this task will result in the desired outcome rather than causing unintended consequences such as disruptions or outages?”

Tanium AEM Confidence Scores directly address this uncertainty by providing real-time insights that assess the probability of successfully and safely implementing changes in the environment. For instance, imagine having immediate access to a real-time analysis of the success rates of patching and software deployments previously executed across millions of endpoints managed with Tanium. The patent-pending technology behind Confidence Scores removes the guesswork, empowering operators to make precise decisions and ensure minimal business disruptions. Today, Confidence Scores are generated for patch and software deployment actions based on key metrics such as installation success rates and post-deployment performance baseline changes (e.g., CPU usage, memory usage, and application crashes).

Figure 4: Tanium Confidence Score drill-down view

With Tanium Guide, organizations can prioritize and execute the tasks with the most beneficial impact on their operations and security, which saves time and reduces the likelihood of missing critical tasks.

Tanium Adaptive Actions: A tailored approach to endpoint management

Whenever possible, the insights from Tanium Guide are made actionable with intelligent automation designed to implement changes. Tanium Adaptive Actions ensure that those changes can be safely delivered into the environment in a carefully monitored and phased manner.

Introducing ring-based deployment

Ring deployment is a phased rollout strategy that minimizes disruptions by initially deploying changes to a small group of endpoints and then progressively targeting larger groups based on configurable progression criteria. This contains potentially harmful actions to only a few endpoints and minimizes disruptions to productivity and security.

In the image below, two of the four rings are expanded to display predefined wait times and execution success rates. Progression criteria metrics can include details like memory, CPU usage, and the minimum endpoints needed before advancing to the subsequent rings.

Figure 5: Tanium Standard Phased Deployment

Tanium provides Deployment Plan templates that can be used as-is or cloned and modified to change endpoint target groups and the progression criteria to meet an organization’s unique deployment needs.

Figure 6: A Tanium Deployment Plan template

Action Oversight

When automation is used in an environment, customers often feel like they’re losing visibility and control. With Tanium AEM, the exact opposite is true. Action Oversight users get a centralized view of all the Adaptive Actions that have run in the past, are currently running, and are scheduled to run in the future. For instance, in the Ring Deployment Status view shown below, operators can observe the real-time status of each action.

Figure 7: Tanium Ring Deployment Status view

In addition to visibility, operators have complete control of Adaptive Actions. Actions can be paused, resumed, stopped, or manually progressed to the next ring if need be. This level of control keeps humans in the loop at each step of the way and enables them to intervene if progression criteria are unmet and execution stops. From here, operators can further investigate impacted endpoints and resume the automation or even halt its progression to reduce the risk of widespread disruption.

Figure 8: Tanium Ring Deployment Status view showing a process that needs attention

Action Oversight centralizes Tanium’s automation governance, making it the single source of truth for Adaptive Actions. The information and capabilities it provides increase workflow efficiency and ensure operators can take advantage of autonomous capabilities with confidence and complete control.

In the past, our team has encountered issues where we couldn’t complete patching fast enough or the patching wouldn’t finish in time. This led to missed or incomplete patches and ongoing security risks. Now, we can tackle more machines with greater speed and precision.

Tanium AEM represents the pinnacle of modern IT management solutions, giving operators confidence as they deliver high-value changes safely and reliably into their environments. We invite you to join us as we lead the way in autonomous endpoint management innovation and look forward to helping you discover how Tanium AEM can take your organization’s IT operations and security to the next level.

• Learn more about Tanium AEM at Converge 2024 On Demand
• Register for this informative webinar: Scaling IT and Security Execution with Autonomous Endpoint Management (AEM)
• Read more about Tanium Guide, Adaptive Actions, and Deployment Automation at the Tanium Resource Center
• Current Tanium customers can check out these AEM training modules (Note: Tanium Learning Center account required)
• See a quick end-to-end demo of Tanium AEM
• Schedule a live demo