Visualizing IT assets by implementing Tanium to achieve zero trust security

Conventional information security measures have focused on "perimeter defense," which separates the inside and outside of a company and focuses on preventing intrusions from the outside. However, the recent evolution of cyber attacks has revealed its limitations. In this situation, "zero trust security" is attracting new attention. This is the idea of not trusting any terminals, users, traffic, etc. (= zero trust), and verifying all access, allowing only access that has been confirmed as safe, thereby realizing a robust security environment.

Zero trust security is essential to protect confidential information within a company in today's complex network environment, but there are various hurdles to overcome in order to achieve it. One of these is the management of IT assets and patches scattered throughout the company, which becomes more difficult the larger the company and the wider the scope of deployment. In this article, we will introduce a case study in which Macnica used the autonomous endpoint management platform "Tanium" to streamline IT asset management and patch management on a global scale as part of its efforts toward zero trust security.

Macnica
IT Headquarters, IT Division, Deputy General Manager
Norio Hikita

Macnica
IT Headquarters IT Management Department IT Infrastructure Management Department
System Infrastructure and Utilization Promotion Division
Yutaro Ishii

Macnica
General Manager, IT Infrastructure Management Department, IT Headquarters
Keigo Tamaki

What are the challenges of implementing Zero Trust on a global scale?

Macnica operates a variety of businesses in 92 locations in 26 countries and regions. Currently, Macnica is working on improving its infrastructure and strengthening information security measures with the aim of realizing "One Macnica," in which the entire company, including even overseas subsidiaries, work together. In particular, with regard to information security measures, we are working on a shift to zero-trust security, as we believe it is difficult to protect with conventional perimeter-type defenses, given that the threat of cyber attacks is increasing day by day.
At the Company, under the name of Project "Zeus," we are rebuilding our network based on the policy of zero-trust security, but there are not a few challenges. For example, until now, IT asset management has been ledger-based, making it difficult to keep information on PCs and servers up-to-date. Similarly, for patch management, it was difficult to grasp which terminals had been patched and to what extent," says Hikita.

These challenges are common to many companies, and are particularly common among enterprise companies with global operations. Because it is difficult to have headquarters staff stationed at overseas bases or to have them travel frequently, there are many cases where local staff are tasked with procuring and managing IT assets, which makes it difficult to keep track of them.

Furthermore, overseas staff often do not listen to what the head office says.
"We often hear of cases where headquarters tries to strengthen governance by grasping information about IT assets, but is met with resistance from the local area and fails to do so. This is due to cultural differences and other factors that make adjustments difficult, and it seems that even if an effective solution is available, it is not uncommon for the company to postpone its implementation," says Hikita.

Macnica is addressing these issues by carefully explaining the outline of "One Macnica" and "ZEUS," helping employees understand the importance of IT asset management and patch management.
"If we left the situation without effective governance, attackers would exploit vulnerabilities and cause serious incidents. We explained these risks and the significance of 'One Macnica' and 'Zeus.'" (Hikita)

Tanium was selected due to its extensive track record in Japan

Previously, Macnica sent questionnaires about IT assets to all companies, including overseas subsidiaries, twice a year and manually compiled the responses.
"However, this process was very time-consuming, and the number of terminals varied greatly from year to year, so we had to say it was unreliable," said Ishii.

Another problem was that it was not possible to grasp detailed OS versions, various software licenses, the number of users, etc. Even when threat reports came in from SOC or CSIRT, it was not possible to instantly judge how serious a threat it was to our company.

To solve these issues, Macnica began looking for a solution that could visualize and manage IT asset management and patch management in a healthy manner. In May 2023, the month after the Zeus project started, they narrowed down the candidates to "Tanium" and one other product.
"The functions and performance of both products were roughly equivalent, but we decided to adopt Tanium because it has a proven track record of adoption in over 100 companies in Japan, including major financial institutions, manufacturers, and media companies, and has approximately one million endpoints," said Hikita.

The contract was officially signed in December 2023. Full-scale implementation began in February 2024, with work completed in Japan in one month. Tanium is easy to implement, and the implementation went smoothly, but the design process took time, including determining what items needed to be visualized for management and what data needed to be extracted.
"However, Tanium provides templates of commonly required data and important vulnerabilities. We simply add the items that the Company requires based on these, so there is no need to start from scratch, which made things easier." (Ishii)

In Macnica 's case, since domestic operations are centrally managed, it was sufficient to distribute customized templates, but for overseas subsidiaries, the system was deployed individually based on a basic design.
"There was a risk of resistance if we suddenly asked them to implement it, so we explained what kind of data would be visible and how it was designed before rolling it out. I think it would be a good idea for companies that manage multiple domains to follow a similar procedure." (Ishii)

What challenges did you face when implementing Tanium?

There were three main challenges that Macnica faced when introducing Tanium.

• Unknown Device
  Tanium installs a client on the detected terminal and collects information, but sometimes it would show up as an "unknown device." This was because it was detecting peripheral devices such as printers and test VM terminals, but it was not possible to immediately distinguish them from so-called "stray terminals."
• Unmanaged accounts
  Some of our overseas subsidiaries did not have account management. These terminals were mainly used to individually optimize the work of each department, but in order to visualize the information, we needed to compare the device information held by the account management server with the Tanium dashboard and organize the information.
• Hiding user accounts
  There was an issue where the user account information in the dashboard report was displayed in the Japanese environment but not in the overseas environment, so the client information had to be manually customized.

These issues have been resolved, and we are now in the phase of considering how to create and automate the dashboard.
"We are currently in the process of expanding overseas, but if we can automate things and reduce the workload by using the services we've created domestically, I think it will be a great help to our staff overseas. Right now, we are also working on creating motivation for this."

Visibility into IT assets enhances security and governance

The first benefit of introducing Tanium is the visualization of IT assets. This revealed the existence of unmanaged devices (rogue devices) and also enabled the discovery of assets with vulnerabilities, strengthening both governance and security. Other major benefits include a significant reduction in the workload required for device inventory and patch management, and the ability to immediately check the situation on the dashboard when a major incident occurs.
"Tanium can automatically distribute patches that need to be applied, and we can see how much of the total has been applied over a fixed time span, such as 30 to 90 days. Also, previously we had a hard time adjusting the patch application schedule so as not to put a strain on internal traffic or conflict with work. However, by using the Tanium cloud, we no longer need to worry about the impact on internal traffic, and we no longer need to spend time on adjustments." (Ishii)

In addition, Tanium has also enabled rapid delivery of measures to improve the requirements for devices used in AI projects.
"Previously it took half a month to schedule and a month to distribute, but this has been significantly shortened," says Ishii.

Using Tanium to reduce the workload of staff and focus on "aggressive IT"

In the future, Macnica hopes to further expand the scope of Tanium visualization.
"For example, by linking Tanium reports with the SOC, we can use them as a reference point for alerts, and we can respond quickly when an incident occurs. We also believe that this will be effective in preventing risks before they occur." (Hikita)

Tanium can only detect devices when they are connected to the network, so it cannot detect dormant devices. Macnica is therefore considering a method to automate the process of checking the contents of dormant devices when they are connected to the network and carrying out any necessary updates.
"Like other companies, the Company IT headquarters is finding it difficult to devote man-hours to 'defensive IT' such as operations. That's why we are using Tanium to automate as much of the necessary but time-consuming work as possible, such as IT asset management, so that staff can focus on 'offensive IT', which is what they should be doing. We also want to simplify management of overseas IT, while also accurately understanding the information and taking the necessary measures." (Tamaki)

The company also decided to make Tanium available for wider use within the company.
"I think it's good to be able to refer to commodity information in any business, and if there is an effective tool, I think it's fine to turn it into a platform that you can distribute to the whole company. As part of that, I would like to steadily increase the number of local administrators." (Ishii)

Finally, as a Tanium user, I recommend other companies start small.
"Why not try it out as a PoC first? Tanium doesn't interfere with other applications, so I think it's easy to try out." (Ishii)
If you are interested, please feel free to contact Macnica.