Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Risk Management

3/9/2017
05:45 PM
Curtis Franklin
Curtis Franklin
Curt Franklin
50%
50%

New Tachyon Promotes Ad Hoc Security Queries

1E's new Tachyon EDR system is designed without a database for faster random queries.

One of the major security issues of 2017 is visibility. Both network and security operations professionals want to know what's happening on the network and what it means for the network and its users.

1E, a publisher of software lifecycle automation tools, has released Tachyon as a tool for providing visibility and automating the response to a variety of events and conditions.

Tachyon is described as an endpoint detection and response (EDR) system intended to scale up to millions of endpoints across a network. According to 1E CEO Sumir Karayi, one of the key technology steps required for this level of scaling is to reduce both the amount of data involved in monitor and response transactions, and the amount of data stored in a database for analysis.

In a telephone interview with Light Reading, Karayi said that the central database has become a weak link in two critical areas of endpoint monitoring: scaling and ad hoc queries. When it comes to scaling, he pointed out that many systems requires tens to hundreds of megabytes of data to be stored for each endpoint. It doesn't sound like a great deal of data, but when scaled to hundreds of thousands or even millions of endpoints, it represents a huge volume.

More important, said Karayi, "It's data that's out of date from the moment it's stored."

In a dynamic commercial environment, endpoints may change on a minute-to-minute basis, and Karayi said that it's more effective to simply query the endpoints at the time a report is generated. That live query means that it's also no more difficult to ask an ad hoc question than one that was planned six months in advance, and in his recent conversations with system administrators it's those "on the fly" questions that are the most important.

Security is, according to Karayi, now inextricably linked to IT operations. IT operations, for its part, "...is serving the needs of every part of the organization," he said.

In an ideal system, operations staff will be able to understand the needs of a business unit, find out whether endpoints are supporting those needs and make adjustments to bring the endpoints into compliance within minutes rather than days.

1E Tachyon is in general availability now, and is compatible with every major endpoint operating system and a wide variety of servers and enterprise configuration management systems.

— Curtis Franklin, Security Editor, Light Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20001
PUBLISHED: 2020-08-04
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.
CVE-2020-15467
PUBLISHED: 2020-08-04
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.
CVE-2020-5615
PUBLISHED: 2020-08-04
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-5616
PUBLISHED: 2020-08-04
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] fre...
CVE-2020-5617
PUBLISHED: 2020-08-04
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.