1HS-DS-TAN-ARCH-010416

© 2015 Tanium, Inc. All rights reserved. Tanium is a registered trademark of Tanium, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.

Why Speed In Seconds MatterBy decentralizing data collection, aggregation and distribution down to the endpoint, the Tanium Architecture harnesses the intrinsic speed of low-latency LAN tra�ic and dramatically reduces direct client-to-server communications, e�ectively eliminating the crippling ine�iciencies caused by bloated databases, overloaded connections and heavy tra�ic across WAN segments. With Tanium, security incident response teams can confidently hunt and remediate advanced threats across millions of endpoints, and IT operations teams can accurately manage and inventory every single global asset within seconds.

The Impact Of ScaleUnlike traditional tools that require dozens to hundreds of secondary servers to scale their infrastructure, the Tanium Architecture’s streamlined communications allows it to e�ortlessly support millions of endpoints and maintain optimal performance, without the need for ongoing investments in costly hardware even as the network grows over time. With this breakthrough architecture, secondary relay, database or distribution servers are no longer necessary at di�erent bank branches, retail locations or geographically dispersed corporate o�ices.

99+% Response Rates From Endpoints. Every Time.Aside from its superiority in speed and scale, the Tanium Architecture is also by design resilient to the e�ects of today’s dynamic environments, where machines constantly move between wireless access points and virtual machines come in and out of existence by the hundreds or thousands. Unlike hub-and-spoke architectures, where a failed or otherwise unavailable relay server can prevent timely access to thousands of machines, endpoints within the Tanium Architecture are capable of navigating around o�line clients or network blockages to preserve high availability throughout the system. This self-healing nature of the Tanium Architecture ensures security and IT operations teams will always have the most complete and accurate view of their entire environment.

Enterprise Ready● Zone Servers enable every roaming machine, as long as they are connected to the Internet, to stay in contact with the Tanium Endpoint Platform,

allowing them to answer any questions or perform targeted actions as if they were on the enterprise network.

● Kerberos-based authentication leverages existing Active Directory infrastructure, credentialing and security policies.

● Role-based access control (RBAC) regulates access available to di�erent users based on their job responsibility or authority. Users can be limited from asking questions, executing existing actions, authoring new actions, authoring sensors, creating users or assigning management rights. RBAC can even be flexibly set to apply for just a select group of machines.

● 512-bit Elliptic Curve Cryptography is used for queries and actions distributed across the network to prevent man-in-the-middle attacks or other malicious behavior initiated by compromised endpoints.

Tanium Architecture태니엄의 특허받은 엔드포인트 커뮤니케이션 아키텍처는 네트워크 상의 모든 엔드포인트에 대해 15초 이내에 가시성 및 컨트롤을 제공하며, 지속적인 인프라의 확충 없이도 손쉽게 수백만 대의 엔드포인트를 대상으로 확장 가능합니다.

IT 환경의 빠른 변화속도를 따라잡지 못하는 전통적 아키텍처클라우드 컴퓨팅, 가상화, 그리고 모빌리티의 급격한 확산은 “엔드포인트”의 정의를 바꿔놓았습니다. 이제 기업 내 IT 조직은 수십만 대의 엔드포인트에 대해 각종 소프트웨어 및 패치들을 정확하게 관리, 목록화 및 배포할 것을 기대받고 있습니다. 또한, 보안 팀 역시 이러한 방대하고 복잡한 환경 속에서 더욱 효율적이고, 불규칙하며, 찾아내기 어려운 사이버 공격들에 맞서 싸워야 하는 벅찬 과제를 마주하고 있습니다. 

오래된 개념 및 목적을 토대로 설계된 기존의 보안 및 시스템 관리용 레거시 툴들은 모두 치명적인 결함을 안고 있는데, 그것은 바로 이들의 아키텍처가 애초에 수만 대가 넘는 엔드포인트에서도 원활히 작동하도록 설계되지 않았다는 것입니다. 기존 툴들은 종래의 계층적 커뮤니케이션 토폴로지 (i.e. 허브-스포크 모델)를 사용하다 보니, 느린 WAN 트래픽에 과하게 의존하고, 데이터베이스의 병목현상에 시달리며, 확장을 위해서 수백 대의 릴레이 서버를 필요로 하는 상황이 종종 발생하곤 합니다. 기업 내 네트워크가 커지면 커질수록, 이러한 기존 툴들은 필연적으로 느려지고, 불안정해지며, 더 많은 유지비용이 발생하게 됩니다.

그 결과, IT 운영팀이 중요한 패치를 완벽히 배포하는데 수 일에서 수 주까지도 걸리게 되었습니다. 또한, 보안 팀 역시 대규모 환경에서는 고도화된 멀웨어에 속수무책으로 당할 수밖에 없는데, 이는 원시적인 시그너처 기반 예방 및 포렌직 접근법은 이미 진행 중인 공격을 막는데 필요한 속도와 정교함을 지니지 못했기 때문입니다. 이러한 구식 툴은 보안 및 운영 효율성 측면에서 오히려 골칫거리가 되어버렸으며, 더 나아가 오늘날 가장 만연하고 있는 문제를 해결하지 못합니다.

태니엄 아키텍처의 차별점태니엄 엔드포인트 플랫폼은 보안 및 IT 운영팀에게 15초 가시성 및 컨트롤 능력을 제공하여 글로벌 네트워크에서도 모든 엔드포인트들을 보호하고 관리할 수 있게 해주는 최초이자 유일무이한 기업용 플랫폼입니다. 본 플랫폼의 중심부에는 태니엄이 특허를 받은 리니어 체인 아키텍처가 자리 잡고 있습니다.

태니엄은 단일의, 매우 가벼운 에이전트 설치를 통해 관리 정보를 각 엔드포인트 수준으로 분산시킴으로써, 허브-스포크 아키텍처가 지닌 본질적인 한계를 초월합니다. 각각의 관리 대상 엔드포인트는 주기적으로 태니엄 서버에 접속하여 이웃한 기기들의 현재 상태에 대해 간략히 업데이트를 받음으로써 네트워크 상에 있는 주변 기기를 인식합니다. 이러한 간단한 상호작용을 통해 자동으로 각 엔드포인트와 정보를 받아올 최적의 클라이언트, 그리고 정보를 전달해 줄 최적의 클라이언트를 짝지어줌으로써, 다수의 효율적인 엔드포인트 체인을 구성합니다.

네트워크 전체의 모든 엔드포인트에 대해 쿼리 및 액션을 전파하기 위해, 서버는 여러 리니어 체인 상에 있는 소수의 엔드포인트들에게만 정보를 전송하고, 누적된 결과를 각각의 리니어체인 끝에 위치한 엔드포인트로부터 수집합니다. 이러한 혁신적인 접근법을 통해, 허브-스포크 아키텍처가 지닌 심각한 한계를 근본적으로 해결할 수 있으며, 이는 태니엄 엔드포인트 플랫폼이 지닌 비교 불가한 속도 및 확장성의 근간이 됩니다.

Complete WAN Traffic LAN Traffic Firewall

● 수 시간에서 몇 주 까지도 걸리는 느린 응답시간● 취약한 네트워크 구조 = 불완전한 결과 (검색 및 조치 )● 높은 유지비 및 확장 비용

● 수 이 응답시간● 인 인프라 구조 = 완벽한 검색 및 조치● 유지비 용이한 확장성

Data Sheet

Device Offline Data Unavailable

전통적인 허브-스포크 아키텍처 태니엄 아키텍처

2

ABOUT TANIUM태니엄은 전 세계의 가장 큰 기업 및 정부기관들에 수 초 이내에 수백만 대의 엔드포인트를 보호, 컨트롤 및 관리할 수 있는 독보적인 경쟁력을 제공합니다. 이제 보안 및 IT 운영팀은 태니엄이 제공하는 전례 없는 속도와 간편함, 그리고 확장성을 통해 항시 정확하고 총체적인 엔드포인트 상태 정보를 수집하여 현재의 보안위협에 대해 효과적으로 방어할 수 있게 되었을 뿐만 아니라, IT 운영에 있어서도 새로운 차원의 비용 효율을 달성할 수 있게 되었습니다. 더 많은 정보를 위해서는 www.tanium.com을 방문하시거나, 트위터에서 @Tanium을 팔로우하세요.

© 2015 Tanium, Inc. All rights reserved. Tanium is a registered trademark of Tanium, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.

Tanium's patented endpoint communications architecture provides 15-second visibility and control across every endpoint on the network, and can easily scale to millions of endpoints without requiring ongoing infrastructure additions.

You Can’t Solve Today’s Problems With Yesterday’s ToolsThe proliferation of cloud computing, virtualization and mobility has reshaped how the endpoint is defined. Enterprise IT organizations are now expected to precisely manage, inventory and distribute so ware and patches for hundreds of thousands of endpoints. Security teams are similarly tasked with the daunting challenge of combating increasingly elusive, e�icient and erratic cyber attacks across these expansive and complex environments.

Legacy security and systems management tools, designed with outdated notions and purposes, all share a common fatal flaw – they were simply not architected to perform well at scales beyond tens of thousands of endpoints. Using conventional hierarchical communications topologies (i.e. hub-and-spoke models), they are overly reliant on slow WAN tra�ic, su�er from bottlenecked databases and o en require hundreds of supporting servers to scale. These tools inevitably become sluggish, unreliable and costly to maintain as enterprise networks grow.

As a result, IT operations teams now need days or even weeks to fully deploy critical patches. Similarly, security teams are completely defenseless against advanced malware at scale, because primitive signature-based prevention or forensics approaches lack the sophistication and speed necessary to stop attacks already underway. These antiquated tools have become a liability to security and operational e�iciency, and are just incapable of solving today’s most pervasive problems.

The Tanium Architecture – Our Magic UnveiledThe Tanium Endpoint Platform is the first and only enterprise platform that empowers security and IT operations teams with 15-second visibility and control to secure and manage every endpoint, even across the largest global networks. At the heart of this platform is Tanium’s patented linear-chaining architecture.

Tanium transcends the inherent limitations of hub-and-spoke architectures by decentralizing management intelligence directly onto individual endpoints through a single, lightweight agent. Each managed endpoint maintains an awareness of nearby machines on the network by contacting the Tanium Server periodically to get a concise update on the current state of its neighbors. This simple interaction automatically pairs each endpoint with the optimal client to receive information from and a di�erent one to pass information to, thereby deliberately forming a series of e�iciently chained endpoints.

To propagate queries or actions to every endpoint throughout the entire network, the server simply sends information to a small set of endpoints along these linear chains, and collects aggregated results back from the endpoints at the end of these chains. This innovative approach fundamentally resolves the most egregious shortcomings of hub-and-spoke architectures, and is the foundation for the Tanium Endpoint Platform’s unparalleled speed and scalability.

관리 대상 엔드포인트 수 5,000대 이하 150,000대 이하 400,000대 이하

Hardware Requirements(Tanium Server / Database Server)

Processor Cores (Physical)

Memory

Disk Space2

So�ware Requirements

Operating System

Database Version

16 / 8

48 GB / 16 GB

400 GB / 1 TB

40 / 32

256 GB / 64 GB

1.5 TB / 4 TB

Microso� Windows Server 2008 R2, 2012 or 2012 R2

Microso� SQL Server 2008, 2012 or 2014

80 / 64

512 GB / 128 GB

3 TB / 10 TB

시스템 요구사항 Server Requirements1 Client Requirements1

● Microsoft Windows Vista, 7, 8 or Windows Server 2003, 2008, 2012

● Mac OS X 10.7+ (Intel-only)

● Linux (RHEL 5.x / 6.x, CentOS 5.x / 6.x, SLES 11, OpenSUSE 11.x / 12.x,Debian 6.x / 7.x, Ubuntu 10.04LTS, 12.04LTS, 14.04LTS)

● Oracle Solaris 10 SPARC / x86 “U8”+, 11 SPARC / x86

● IBM AIX 6.1 TL7SP10+, 7.1 TL1SP10+

엔드포인트 관리에 필수적인 초 단위 속도태니엄 아키텍처는 데이터의 수집, 통합 및 분배를 엔드포인트 수준에서 이루어지도록 분산시킴으로써, Low Latency, High Bandwidth를 활용하고, 클라이언트와 서버 간 직접적인 커뮤니케이션을 극적으로 줄일 수 있습니다. 또한, 이를 통해 비대한 데이터베이스, 과부하 된 접속, 그리고 WAN 세그먼트 간의 과도한 트래픽이 유발하는 비효율성을 효과적으로 제거할 수 있습니다. 보안 및 사고대응팀은 태니엄을 통해 자신 있게 수백만 대의 엔드포인트에 대해서 고도화된 위협을 추적하고, 또 조치할 수 있으며, IT 운영팀은 전 세계에 있는 모든 자산을 수 초 이내에 정확하게 관리하고, 목록화시킬 수 있습니다. 

전례 없는 확장성 및 인프라 감축인프라의 확장을 위해 수십 개에서 수백 개에 달하는 릴레이 서버를 필요로 하는 전통적인 툴들과는 달리, 태니엄 아키텍처가 제공하는 커뮤니케이션 방식은 아주 쉽게 수백만 대의 엔드포인트를 지원할 수 있으며, 시간이 흘러 기업 네트워크가 확장되는 경우에도, 값비싼 하드웨어에 대한 지속적인 투자 없이도 최적의 성능을 유지할 수 있습니다. 이러한 획기적인 아키텍처를 통해, 이제 은행이나 리테일러의 각 지점, 그리고 지리적으로 분산되어 있는 기업 지사들에서 필요로 하던 2차 릴레이, 데이터베이스 및 배포서버가 필요 없어집니다. 

유동적인 기업 IT 환경에 대한 가시성우월한 속도 및 확장성 이외에도, 태니엄 아키텍처는 기기들이 끊임없이 Wi-Fi AP 사이에서 이동하고, 또 수백 대에서 수천 대의 가상머신이 생기고 사라지는 등, 오늘날의 다이나믹한 환경에 대해서도 탄력성을 지니도록 설계되어 있습니다. 오류를 일으키거나, 접속이 불가한 릴레이 서버 때문에 수천 대의 기기에 대한 신속한 접근이 제한받을 수도 있는 허브-스포크 모델과는 달리, 태니엄 아키텍처 내에 있는 엔드포인트들은 오프라인 상태의 클라이언트나, 네트워크 상의 장애물을 우회함으로써, 시스템 전체에 대한 고가용성(HA)를 유지할 수 있습니다. 태니엄 아키텍처가 지닌 이러한 자가치유적 성향은 보안 및 IT 운영팀이 항상 전체 시스템 환경에 대해 가장 총체적이고 또 정확한 상태를 파악할 수 있게 해줍니다.

기업 환경에 최적화● Zone 서버를 통해, 외부에 있는 엔드포인트 기기도 인터넷 연결만 확보되면 태니엄으로 관리 및 컨트롤 가능하며, 마치 사내 망에 존재하는 것처럼 똑같

이 질의에 대해 응답 및 특정 액션 수행 가능

● 기존의 액티브 디렉토리 인프라와 Credentialing 및 보안 정책을 활용한 Kerberos 기반 인증

● 역할기반 접근통제(RBAC,Role Base Access Control)는 각 사용자의 직무 또는 권한에 따라 접근권한을 가변적으로 통제하며, 사용자는 이에 따라 질의, 기존 액션의 실행, 새로운 액션 저작, 센서 저작, 사용자 생성 및 관리권한 부여 등에 대해 제한을 받을 수 있음. 또한, 특정 기기 그룹에만 이러한 역할기반 접근통제를 적용하도록 유연한 설정도 가능

● 네트워크 상에 배포되는 쿼리 및 액션에 512비트 Elliptic Curve Cryptography 적용을 통해, 중간자(MITM, Man-in-the-Middle) 공격 및 감염된 엔드포인트에서 시작되는 악의적 행위 예방 

1 더 많은 정보는 https://kb.tanium.com/System_Requirements 참조2 제시된 디스크 용량 요구사항은 근사치이며, 사용사례 및 사용방법에 따라 달라질 수 있음