AI has made cybersecurity exponentially more difficult, replete with worries spanning data leaks from models to the thorny issue of shadow AI and the arming of threat actors with a powerful tool in their arsenal.
It has also accelerated the overall threat scenario. Attackers can more quickly develop their malware and other weapons, infiltrate victims’ IT environments, and steal data, all of which is now done at machine speed and is forcing defenders to ramp up their own work.
It’s a challenge that
Aaron Smith sees every day as head of threat hunting for
Tanium.
“The gap between finding a problem and fixing it has become the most dangerous place in security,” Smith told MSSP Alert. “Operators have more visibility than ever, but visibility without speed is just a longer list of things that can go wrong. ... What changed is the pace.
AI is compressing the time between a vulnerability going public and a working exploit landing on an endpoint.”
Smith added that every week, Tanium’s HuntIQ threat hunting team, from the point of view of a security operations center (SOC), runs into the problem of “teams with more visibility than they’ve ever had, still losing the race between detection and remediation.”
Tanium and other security vendors are trying to close that gap by giving enterprise security teams and MSSPs AI-powered tools that help defenders move at machine speed, not human speed alone.
Delivering Speed and Scale
For Tanium, the foundation is the
Tanium Autonomous IT Platform, a single offering that provides organizations with a single place for their AI-based security solutions – avoiding the dreaded tool sprawl – and delivers the speed and scale for effectively defending against attackers.
Built into the platform is
Tanium Atlas, the vendor’s AI-driven and autonomous operating system that allows security operators and security services providers to use plain-language prompts to gather real-time endpoint data, detect vulnerabilities, and execute multi-step remediations from a single interface.
This month, Tanium added several new capabilities to the platform, though Smith said the goal wasn’t simply to build up its features.
“It’s giving a single operator the data, guidance, and reach to do what once required an entire team, and doing it before risks escalate, not after,” he said.
New Features
The features include
Tanium Threat Navigator, which gives users an automated threat hunting workflow that allows them to test and refine hypotheses while they collect insights across both historical and live data during threat hunting. Hunts turn into actionable intelligence that is converted into alerts, all of which reduces the dwell times of attackers and the time defenders have to respond.
In addition, “Tanium Anomaly Detection surfaces software behavior that falls outside normal before it becomes an incident,” Smith said. “Tanium Enforce turns configuration policy into something that actually holds – continuously – without someone re-fixing the same drift every week.”
There is also Tanium Connector for Microsoft Edge for Business, which closes a blind spot – browser activity that sits completely outside endpoint visibility. It’s a concern that Tanium hears a lot about from organizations, he said.
Chasing What No Longer Exists
A differentiator for Tanium from similar platforms offered by others is the real-time data that the platform collects and distributes, Smith said. Others may include AI capabilities, but the data underneath them is hours or days old.
“They are chasing a version of the environment that doesn’t exist anymore,” he said. “What sets Tanium apart is that the data is real-time: we ask a question and get an answer back from every endpoint in seconds.”
It’s a particularly important capability for MSSPs and MSPs, which manage dozens or hundreds of client environments at once.
“If your visibility is stale or fragmented, you’re not running a security practice, you’re running a cleanup operation,” he said. “One source of truth, in real time, across every endpoint is the line between proactive and reactive at that scale.”
The Shifting Role of MSSPs
That idea is central to what he said is the shifting role of MSSPs, from a reactive posture of detect, escalate, remediate, and then repeat. That time has passed, according to Smith.
“AI-powered threats are making that model stop working at AI speed,” he said. “The time between vulnerability discovery and active exploitation is collapsing. You can’t run a reactive operation at that pace and call it a security practice. Scale is where it gets interesting for MSSPs. Managing one customer environment is hard. Managing dozens or hundreds takes consistent visibility, governed actions, and reporting that customers can actually understand.”
With Tanium’s platform, they also get autonomy with governance. Without it, MSSPs can “lose trust across a book of business,” he said. Every action that changes the state of things is gated by approval policies around what runs autonomously, what needs confirmations, and what escalates, which lets service providers scale their businesses without scaling their risks.
“The opportunity in this AI era isn’t smaller for MSSPs, it’s higher-value,” Smith said. “The work shifts toward designing workflows, turning what your best people know into repeatable plays, and running governed services across more environments than any team could manage by hand before.”
