Amid all of the buzz about what AI will do for the tech industry, Tanium CEO Dan Streetman believes it will in fact help to deliver the Holy Grail for many IT and security teams: The end of “Patch Tuesdays” as we know it.
Microsoft’s monthly software update cycle is not going away anytime soon, of course. But what about removing much of the associated chaos and risk? That’s within reach, thanks in part to GenAI-powered capabilities, Streetman said in a recent interview with CRN.
With these new capabilities, “essentially you’re always staying ahead of your threats and your vulnerabilities,” he said.
CRN spoke with Streetman to discuss the launch of its new Autonomous Endpoint Management platform, which aims to use AI/ML technology advances including generative AI to automate more of the decision-making for overburdened IT and security teams.
According to Streetman, that includes much of the decision-making around Microsoft’s “Patch Tuesday” vulnerability fixes. The much-bemoaned monthly release often consists of patches for scores of Microsoft product vulnerabilities, while frequently disclosing zero-day bugs that’ve already seen exploitation by attackers, as well.
Ultimately, “our goal is to build our operators’ trust and our users’ trust in Tanium’s ability to deliver [autonomous security] over time — so that they can increasingly take more and more steps that are supported by Tanium AI,” he said.
Streetman, whose former roles included serving as CEO of Tibco Software from 2019 to 2022, joined Tanium as CEO in February. The Kirkland, Wash.-based company ranks at No. 2 on the list of highest-valued unicorns in the security industry, with a valuation of more than $9 billion from its last major funding round in late 2020.
The Tanium CEO also spoke about the biggest opportunities ahead for the company’s channel partners and its joint efforts with Microsoft and ServiceNow.
What follows is an edited and condensed portion of CRN’s interview with Streetman.
What’s different about this version of your product (Autonomous Endpoint Management) versus what Tanium has already offered?
All of this rests on Tanium’s fundamental differentiator, which is real-time data. And so we’ve always had real-time data insights. We’ve always been using, essentially, predecessors of AI like natural language processing for you to put in a real-time query and get real-time information back that is informed and processed by your natural language. To go to the next level now, because we are deploying across millions of endpoints, we can anonymize that data and understand what the impact of a change is, or understand what the impact of a vulnerability is, in a way you couldn’t do before. You simply just didn’t have enough hands on keyboard.
So by delivering Autonomous Endpoint Management powered by Tanium AI, you’re now going to have that real-time advantage along with context of what that change has done, or could do, or will do in your environment. So you can essentially have trust and confidence that it’s the right next step to take. Or you might say, “Hey, this is worth us having the typical meeting we would have had before to discuss it, before we drive into Patch Tuesday.” Our goal is to eliminate Patch Tuesdays. Essentially you’re always staying ahead of your threats and your vulnerabilities by leveraging Tanium’s Autonomous Endpoint Management to do that.
This is exciting for our partners — whether you’re an MSP or you’re a global consulting partner deploying Tanium. This ability to give them insights and scale is going to be really powerful. We have partners that as part of their service, Tanium on the endpoints that they support or manage, is table stakes. And now they can have the same exact ability as a partner, to essentially increase the value of the service they’re delivering to our customers, while clearly lowering their cost of delivery. So this is a game changer for partners as well.
Can you share a bit more on just how autonomously the platform is able to operate?
We’ve been using AI techniques like machine learning and natural language processing for a while. So by combining real-time endpoint data with AI models, this is now really a leapfrog in that aspect of it. Before, I needed to provide you with a query and make sure it was a good query. Now, with GenAI integration, we can essentially think about the power of the prompts being powered by Tanium real-time data. Because in the end, any type of AI you’re using is going to be fed by the data model that it’s trained on, of course — but just as importantly, by the prompts that are provided. Unfortunately, we know that most of the world that has not deployed Tanium, is working on prompts that are days and weeks old.
The ability to understand the risk of something I want to patch, as well as the operational impact, have a confidence score about that — and still allow a Tanium operator to make the decision — I think is powerful. Our goal is to provide increasing levels of automation over time. So as those operators develop trust [in the technology], they can turn on and off how quickly they want those updates to apply.
So the operator is still making the ultimate decision, but it sounds like you’re aiming to automate as much as possible up until that point, is that the idea?
Exactly. So for example, if I wanted to roll out a change, previously, and in any other system, first I’d have to go look up what the published impact of that change is and gather that. And that’s stale data already, because by the time it’s been compiled by somebody, it’s already old. Secondly, I’d need to understand the operational impact of the rollout — what’s going to happen. And then finally, what’s my vulnerability score that I’m addressing, and those aspects of it — we will compile all that into a confidence score. Then you can say, “Anything with a confidence score of X or above, go execute.” And so our goal is to build our operators’ trust and our users’ trust in Tanium’s ability to deliver [Autonomous Endpoint Management] over time — so that they can increasingly take more and more steps that are supported by Tanium AI.
We clearly want to make sure that it’s not a black box model. You can disaggregate it to the right level to gain competence. But we also want to keep it simple enough that there is one score, and not 17 scores that you want to track. Because some of these decisions are real-time as well — or near real-time, at least, as you’re making the call.
Are there other specific differentiators from your competitors at this point that you’d want to highlight?
I think we’ve clearly pointed out that our ability to see in near real-time, across a vast amount of scale — and to take actions at scale in-real time — is unmatched. I mean, it’s patented. And so that ability, through our linear-chain architecture, is something that obviously other organizations are going to try to emulate, but they’ll never be able to match. We’re very excited about leveraging that differentiation to deliver more and more capability. So yes, I hear other providers who are absolutely saying the same thing this year that we said two years ago. I would encourage and challenge them to skate to where the puck is going — because autonomous endpoint management, when you think about that from a converged endpoint management standpoint, is going to stand alone. And we’re also going to move faster than ever before at partnering.
How are you working with other technology vendors to enhance your offerings?
Our participation in Microsoft’s Security Copilot is an excellent example. [This collaboration offers] real-time visibility and control, across the entire IT estate, with AI at the heart of [it]. We demo’ed that on stage [at Converge 2023]. The “oohs” and the “ahhs” from the crowd were phenomenal. We had the Microsoft team here as well, calling it really a breakthrough. We had our customer JLL, their CISO Joe Silva, on stage talking about how Microsoft’s threat detection capabilities in Defender, with Tanium’s incident response, gives them real-time endpoint management at scale. I think that’s going to be very hard for anyone to replicate.
I’m glad the industry is following our path and moving forward. But I’m also really comfortable that Tanium is foundationally differentiated within the ecosystem.
Are you collaborating with Microsoft or other key vendors in any other ways that you’d want to call out?
[We have] joint solutions with Microsoft Sentinel, with Defender for Endpoint, with Azure Migrate, with Entra ID and Intune. It really is a great testament to their ecosystem and ours, and we’re excited about that.
On the other side, we had ServiceNow on stage. We partner with them to give them 100 percent asset visibility, so that their CMDB and their ITAM processes are seamless and clean. We’re taking our capability to give them real-time data. They have world-class service workflows, but now they can take action — with the total experience for ServiceNow delivered by Tanium — directly in their console.
So we’re going to continue to double down on that and make sure our partners are now engaged in that. If I think about our theme for next year, in particular, it’s the opportunity for MSPs and our consulting partners to share and engage in these joint solutions — that’s the real next breakthrough for us. We’ve been doing a lot of work directly with Microsoft, a lot of work directly with ServiceNow. We’re one of three [vendors] in the ServiceNow build partner program. It’s their incubation program, and there’s only three of us. And that’s going to be an opportunity, I think, for all of our other partners to get involved in that.
Are you aiming to have a lot more Microsoft partners become Tanium partners?
There’s lots of partners and MSPs that are getting the benefit already from what we have done from a joint solution perspective. The net of it is, we help them deliver more value — they don’t have to do the work ahead of time then we’re delivering now in these joint solutions. We’re getting great reception from the Microsoft partners, and some have joined our ecosystem as part of that — as well as our chance to share it with our partners who’ve also worked with Microsoft before.