Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Risk Management

End of Bibblio RCM includes -->

New Tachyon Promotes Ad Hoc Security Queries

1E's new Tachyon EDR system is designed without a database for faster random queries.

One of the major security issues of 2017 is visibility. Both network and security operations professionals want to know what's happening on the network and what it means for the network and its users.

1E, a publisher of software lifecycle automation tools, has released Tachyon as a tool for providing visibility and automating the response to a variety of events and conditions.

Tachyon is described as an endpoint detection and response (EDR) system intended to scale up to millions of endpoints across a network. According to 1E CEO Sumir Karayi, one of the key technology steps required for this level of scaling is to reduce both the amount of data involved in monitor and response transactions, and the amount of data stored in a database for analysis.

In a telephone interview with Light Reading, Karayi said that the central database has become a weak link in two critical areas of endpoint monitoring: scaling and ad hoc queries. When it comes to scaling, he pointed out that many systems requires tens to hundreds of megabytes of data to be stored for each endpoint. It doesn't sound like a great deal of data, but when scaled to hundreds of thousands or even millions of endpoints, it represents a huge volume.

More important, said Karayi, "It's data that's out of date from the moment it's stored."

In a dynamic commercial environment, endpoints may change on a minute-to-minute basis, and Karayi said that it's more effective to simply query the endpoints at the time a report is generated. That live query means that it's also no more difficult to ask an ad hoc question than one that was planned six months in advance, and in his recent conversations with system administrators it's those "on the fly" questions that are the most important.

Security is, according to Karayi, now inextricably linked to IT operations. IT operations, for its part, "...is serving the needs of every part of the organization," he said.

In an ideal system, operations staff will be able to understand the needs of a business unit, find out whether endpoints are supporting those needs and make adjustments to bring the endpoints into compliance within minutes rather than days.

1E Tachyon is in general availability now, and is compatible with every major endpoint operating system and a wide variety of servers and enterprise configuration management systems.

— Curtis Franklin, Security Editor, Light Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31017
PUBLISHED: 2022-06-25
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the serve...
CVE-2022-31016
PUBLISHED: 2022-06-25
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated A...
CVE-2022-24893
PUBLISHED: 2022-06-25
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can resul...
CVE-2022-29168
PUBLISHED: 2022-06-25
Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim allowi...
CVE-2019-25071
PUBLISHED: 2022-06-25
** DISPUTED ** A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have...