Although the conversation was arranged as an extension of the Tanium conference, that was not our only focus although we did talk about how Tanium has helped JLL in combining the efforts and functions of IT and Cybersecurity Operations utilizing a co-owned toolset. According to Dane, Tanium enables additional efficiencies between IT Ops and Cybersecurity Ops via a consolidation of information between the two teams. The toolset creates a bridge allowing for simpler communication and better visibility on the state of an organization. If this sounds like something any tool provider would say, well you are right there. The difference here is in execution and how an organization chooses to align the teams in the context of their own environment.
Every single organization is going to be different. There is no way to get around this and the idea of cookie cutter “standards” is, to me, fighting the Last War. Toolsets that seek to templatize your environment are often going to leave gaps in not only your IT operations capabilities, but also in your general security posture. Tanium, as Dane put it, “provides standardization, in a non-standard environment” In other words you can create the standard for your organization based on your own context and not what other organizations are doing. This type of flexibility makes you more agile and better able to respond to impacts. These impacts do not just have to be security incidents either.
Just as real-time satellite and drone observation on the battlefield was a game changer in warfare so is having a tool that can give you near real-time visibility into the state of your endpoints and infrastructure (including the cloud). It is a tactician’s dream to be honest with you, but it also allows the strategists and logisticians to do their magic as well. Sounds too good to be true? Well, Dane was quick to mention that there is no Silver Bullet to any issue and there can be misalignments between the different teams where each one sees the landscape differently (and how to solve a problem). Creating a balance between the security of the organization and proper functionality is vital.
After the general conversation on the convergence of the operations of two very different teams, Dane and I had the chance to dive into a few more details on toolsets in general and how just having the tool does not really mean that it is working. Dane was clear that ensuring health, proper configuration, and utilization of a toolset is important to both IT operations and cybersecurity. An example of this is patching. Simply having a patching tool does not (and never has) mean you are good-to-go. Many tools only cover a small range of products, or a particular operation system and application. This either leaves gaps in proper patching or means you must go to great lengths to ensure all applications are covered and monitored by your teams. Dane also indicated that many legacy patching applications were lacking when it comes to testing to ensure patches will not result in an organization wide failure creating an impact instead of removing an issue. He indicated that Tanium’s logic for this has allowed their mean time to remediation and mean time to patch saturation to improve significantly by having this testing logic available. When you combine logic like this with improved asset management and visibility, it can be a game changer in your overall posture (including BC/DR and cybersecurity).
One of the last things I talked with Dane about was AI. In 2022, GenAI in the form of LLMs were cool, cutting edge and already being seen as tool to be leveraged in technology operations. In 2023, the terrible marketing which seemed to espouse replacing staff with AI (and GenAI in particular) was in full swing. This trend pulled back in 2024 with the new shift being that GenAI and AI in general was more like the Intern and should not be trusted with everything. As Dane put it, AI is not yet a transformative technology. Currently it can be a force multiplier if you understand what it does and where it fits in your organization, and you have the proper guardrails in place. One great area is the contextualization of information and the reduction of noise when it comes to data at scale. Leveraging AI (GenAI, or other) to quickly build a contextual view on that data while still allowing an objective review of the raw data allows teams to respond faster, while giving them an opportunity to reflect and review the accuracy of the data as presented.
In speaking with Tanium at Blackhat. This is how they say they are using their form of AI. Just as you might have an intern or junior analyst sort through alerts and data, AI is being allowed to automate this task which it then reviewed by human staff to ensure its accuracy. It is not, and should not be, allowed to review data, make a conclusion, and perform an action without that review. Although allowing it to make suggestions on remediation/response options is part of many current usages of AI in modern tooling. This move to contextualization of data/alerts at scale combined with options for remediation are part of a growing attempt and creating a link between AI and Automation. Dane mentioned that this symbiotic relation is still not quite there yet, and that it still needs to be properly built. Organizations considering AI should be objective in reviewing what it can and cannot do along with what it should and should not be allowed to do.
The conversation with Dane was an interesting one and covered more than a few topics and technologies while still maintaining a core message to me. IT and Cybersecurity Operations do not need to be diametrically opposed and fighting each other for visibility and control. They can remain separate and distinct in their goals and functions but also build a bridge between the two allowing for trust and understanding. This bridge is something I have and still fight for in different organizations as it builds efficiencies in response and general functioning of an organization. Having a tool which can assist in this semi-combined arms management, like Tanium, further builds this trust between the often-warring factions. This truce then has an interesting effect on the whole organization as trust in the two teams grows from the top down. It can help the executive team invest in future IT and cybersecurity efforts, while helping end users understand and trust decisions made about why a particular change to how they work is made. Everybody wins and to think it can all start with shared ownership of the right toolset.
