Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Risk Management

3/9/2017
05:45 PM
Curtis Franklin
Curtis Franklin
Curt Franklin
50%
50%

New Tachyon Promotes Ad Hoc Security Queries

1E's new Tachyon EDR system is designed without a database for faster random queries.

One of the major security issues of 2017 is visibility. Both network and security operations professionals want to know what's happening on the network and what it means for the network and its users.

1E, a publisher of software lifecycle automation tools, has released Tachyon as a tool for providing visibility and automating the response to a variety of events and conditions.

Tachyon is described as an endpoint detection and response (EDR) system intended to scale up to millions of endpoints across a network. According to 1E CEO Sumir Karayi, one of the key technology steps required for this level of scaling is to reduce both the amount of data involved in monitor and response transactions, and the amount of data stored in a database for analysis.

In a telephone interview with Light Reading, Karayi said that the central database has become a weak link in two critical areas of endpoint monitoring: scaling and ad hoc queries. When it comes to scaling, he pointed out that many systems requires tens to hundreds of megabytes of data to be stored for each endpoint. It doesn't sound like a great deal of data, but when scaled to hundreds of thousands or even millions of endpoints, it represents a huge volume.

More important, said Karayi, "It's data that's out of date from the moment it's stored."

In a dynamic commercial environment, endpoints may change on a minute-to-minute basis, and Karayi said that it's more effective to simply query the endpoints at the time a report is generated. That live query means that it's also no more difficult to ask an ad hoc question than one that was planned six months in advance, and in his recent conversations with system administrators it's those "on the fly" questions that are the most important.

Security is, according to Karayi, now inextricably linked to IT operations. IT operations, for its part, "...is serving the needs of every part of the organization," he said.

In an ideal system, operations staff will be able to understand the needs of a business unit, find out whether endpoints are supporting those needs and make adjustments to bring the endpoints into compliance within minutes rather than days.

1E Tachyon is in general availability now, and is compatible with every major endpoint operating system and a wide variety of servers and enterprise configuration management systems.

— Curtis Franklin, Security Editor, Light Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.