CrowdStrike vs Tanium

CrowdStrike and Tanium are two relatively new providers in the cybersecurity market but both are maturing quickly. The two companies have very similar delivery strategies, each offering a menu of modules that can be slotted together. Each protects endpoints through an agent and each agent will serve a range of security tools.

CrowdStrike’s star product is a next-generation anti-virus system, called Falcon Prevent that installs on endpoints and interacts with an updater in the cloud. These endpoint systems can be enhanced with extra services that are delivered from the cloud. These include an endpoint detection and response (EDR) system called Falcon Insight and an extended detection and response service, called Falcon XDR. The difference between these two tools is that the XDR adds on security orchestration, automation, and response (SOAR) to coordinate with third-party packages for data collection and response implementation.

Tanium was a groundbreaking startup that attracted investments from venture capitalists from the outset. Its feature product was discovered to have profound security flaws and, thankfully, has quietly been dropped. Tanium now offers a range of system management and monitoring products on a platform called Tanium XEM, which stands for “converged endpoint management”.

About Tanium

Tanium, Inc. has been operating for longer than CrowdStrike. The business started up in 2007 and is still the property of its highly respected founders. The business was created by serial startup success, David Hindawi and his innovator son, Orion.

David Hindawi started up a telecommunications software producer, which he sold off for a bundle 10 years later. Hindawi then started up BigFix, an endpoint management package provider that expanded into vulnerability management and security monitoring. Hindawi was one of two owners of that business and it was sold off in 2010 to IBM for $400 million.

Hindawi can practically guarantee a profit in the bank from day one. So, in 2007, when Hindawi announced he and his son were starting up a cybersecurity business, investors couldn’t get in the door fast enough. They bid up the value of that venture to $3.5 billion on the strength of a single presentation. The company didn’t complete its first marketable product until 2012. A further round of investment in 2015 valued the business at $10 billion.

The second founder of Tanium was Orion Hindawi and it was his idea for a new security architecture that formed the key product of the business. Orion was a star student at the University of California, Berkeley but he dropped out before graduating. He was just 27 years old when he started up Tanium. Orion Hindawi took over the position of CEO of Tanium from his father in 2016.

The big idea that Orion Hindawi brought to his father was threat detection pre-processing in a Peer-2-Peer architecture. Unfortunately, that innovation proved to have a serious security flaw, which you can read more about in my Tanium Protect Review. The company ditched Tanium Protect and reformed its strategy, becoming a provider of cloud-based endpoint management and security systems that is remarkably similar to BigFix. The company now has more than 2,000 employees. Tanium has an HQ in Kirkland, Washington, and an operations center in Emeryville, California. The revenue of Tanium, Inc. for the year 2021 was $440.2 million.

About CrowdStrike

CrowdStrike started up as a cybersecurity consultancy in 2011. The business created its security tools and launched Falcon Prevent in 2013. This is an on-device package for Windows, macOS, and Linux and it operates as a next-generation anti-virus, looking for anomalous behavior rather than matching a signature database.

Despite its “next-generation” innovations, it wasn’t Falcon Prevent that drove the growth of CrowdStrike. The business gained worldwide media attention through the work of its consultancy branch. The company was hired by Sony Pictures in 2015 to help it recover from a very large and widely reported data theft event.

The huge demand from news broadcasters for on-air comments from CrowdStrike consultants provided the company with very valuable brand recognition, catapulting the CrowdStrike name ahead of longer-established cybersecurity providers and giving Falcon products a great sales boost.

An ongoing support contract from the Democratic Party to sort out the problems the party faced from email hacks in 2015 and 2016 kept the publicity ball rolling for CrowdStrike. The company grew very quickly, adding more products to its Falcon platform and expanding into new markets, such as cloud workload protection, through acquisition. The company also moved into the managed services market by blending its tools and consultancy divisions.

CrowdStrike Holdings, Inc was listed on NASDAQ in 2019 and reported revenue of $1.45 billion for 2021. The business’s share price currently gives CrowdStrike a value of $45.86 billion. The company has 3,394 employees and in December 2021, it moved its headquarters from Sunnyvale, California to Austin, Texas.

CrowdStrike vs Tanium: Head-to-head

CrowdStrike has a large menu of services and it keeps growing. Examining all of the business’s products would create a very long review. So, in the interests of brevity, we are going to look at the modules offered on the Tanium XEM platform and the equivalent service offered by CrowdStrike.

First, a note about the endpoint-resident element of both systems. As CrowdStrike Falcon and Tanium XEM are cloud platforms, they need an agent on-site to collect data and implement responses. This is a typical strategy adopted by cloud-based site monitoring tools because it gets around the blocks on incoming connection requests enforced by firewalls. With the agent inside the network, it can create outgoing connections to upload data and check for instructions. This is a more secure way for external systems to get access within a network than disabling firewall controls.

Tanium installs one agent on the network for discovery but all other modules in the Tanium XEM platform need an agent installed on each endpoint. However, that program can work with all of the units on the cloud platform, so it is only necessary to install one agent once on each device, no matter how many XEM modules you use.

The CrowdStrike system also uses an endpoint agent but it is a much more comprehensive system than just a data collector. Falcon Prevent, which was CrowdStrike’s first product. Falcon Prevent is an anti-virus system that is also able to detect intrusion, account takeover, and insider threats. This is a full AV that can operate in isolation if the device becomes disconnected from the network. It is also available as a standalone product. All of the cloud-based services of CrowdStrike Falcon interact with Falcon Prevent for data collection and remediation implementation.

The Tanium system is much more lightweight than CrowdStrike’s solution. However, CrowdStrike Falcon Prevent has many more capabilities than the Tanium agent, which does not have its console and cannot perform any functions without an association with one of the cloud-based systems.

Tanium divides its platform into three sections:

  • Asset
  • Comply
  • Deploy

Below are the tools in each category.

Tanium Asset

The Asset category of the Tanium platform includes network, endpoint, and software management services and they don’t relate specifically to cybersecurity. As CrowdStrike only offers cybersecurity systems, it has few equivalent services.

  • Tanium Discover This service is a network scanner. The system requires an agent to be installed on one of the endpoints on the network. CrowdStrike Falcon Discover performs the same tasks as this tool and also provides user account tracking and auditing.
  • Tanium Map This is an application dependency mapper that focuses on the software installed on endpoints that are being protected. This service requires an agent to be installed on each endpoint. It creates a visual layout, showing the software packages installed on a device, the services that they rely on, and the host resources that support them. This is similar to the mapping system offered by ManageEngine Applications Manager and Datadog Infrastructure. CrowdStrike Falcon Discover includes applications monitoring but it doesn’t include application dependency mapping.
  • Tanium Risk This module is closely linked to the Comply units of the XEM platform. It gives a risk score to each endpoint and details the issues that need to be addressed to reduce the risk score. Essentially, this is a vulnerability scanner that looks at system settings and software versions. The closest parallel to this tool in the CrowdStrike stable is Falcon Spotlight, a vulnerability manager.

Tanium Comply

The Comply division of Tanium XEM focuses on standards compliance enforcement and reporting. This is not a strong area for CrowdStrike Falcon.

  • Tanium Enforce This is a compliance management tool. It links together with Tanium Risk and builds on it, applying requirements rules for PCI DSS, HIPAA, or SOX. The tool lets you specify a policy, which can be selected from a library of templates. This checks the settings of each device and its software. The closest match to this tool in the CrowdStrike menu is Falcon Discover. CrowdStrike Falcon doesn’t pivot the Discover system towards compliance with any specific standard.
  • Tanium Patch This is a patch manager and doesn’t have an equivalent in the CrowdStrike Falcon system. Alternatives to this tool can be found in our guide, 7 Best Application Patch Management Tools.
  • Tanium Reveal This is a sensitive data manager that locates, categorizes, and protects stores of data for data protection standards compliance. Although CrowdStrike has a file integrity monitor, it doesn’t offer sensitive data identification. For alternatives to Titanium Reveal, take a look at the 6 Best Sensitive Data Discovery Tools.

Tanium Deploy

  • Tanium Integrity Monitor This is a file integrity monitor that interacts with the record of sensitive data locations created by Tanium Reveal. The CrowdStrike equivalent to this system is Falcon FileVantage.
  • Tanium Performance This is a performance monitor for servers and applications. There is no equivalent to this tool in the CrowdStrike Falcon platform. The closest rival to Tanium Performance would be SolarWinds Server & Application Monitor.
  • Tanium Threat Response This is the main security monitoring system in the Tanium XEM platform. It monitors endpoints through on-device agents that upload activity data to the Tanium cloud servers for analysis. This is similar to the functions of CrowdStrike Falcon Insight.

CrowdStrike vs Tanium: Dashboards

There are a lot of similarities in the look and feel of the dashboards for CrowdStrike Falcon and Tanium XEM.

Here is a view of a dashboard layout for Falcon Discover:

View of a dashboard layout for Falcon Discover

As you can see, the screen is very easy to read, thanks to the use of color and pie charts.

Here is a screen from Tanium Discover:

A screen from Tanium Discover

This is a very similar layout to the CrowdStrike design with the use of color, graphics, and large headline numbers.

Both dashboards are hosted in the cloud and can be accessed from anywhere through any standard Web browser. The useability of both consoles is comparable and it would be difficult to choose between the Tanium system or CrowdStrike Falcon just on a preference for the dashboard design.

CrowdStrike and Tanium pricing

Neither CrowdStrike nor Tanium publishes prices. CrowdStrike offers a 15-day free trial of Falcon Prevent and you can get a two-week free trial of the entire Tanium XEM platform.

CrowdStrike vs Tanium: The verdict

CrowdStrike is a much larger company with a long list of services than those detailed here in this comparison guide. CrowdStrike offers cloud security tools as well as its site protection products – a service that Tanium does not provide.

The CrowdStrike Falcon and Tanium XEM platforms are very different systems to the extent that they are not really in direct competition. Tanium sees its biggest competitive advantage in its blend of system management and security products. CrowdStrike has almost no network or endpoint management packages on its platform, focusing solely on system security.

As Tanium aims to provide businesses with all of the system monitoring services that it could need, it has put a lot more effort into delivering data protection standards compliance systems than CrowdStrike.

Overall, a small or medium-sized business that is in the market for all IT management and protection systems would get all of its needs met with greater ease by going for the Tanium XEM system. The IT department of a large organization would probably be more interested in the depth of protection offered by all of the individual CrowdStrike Falcon services.