Top 10 Takeaways from Tanium’s 2024 FedCyber Exchange

Tanium’s FedCyber Exchange, held on 4 月 18 日, brought together federal IT and cybersecurity leaders, experts, and partners to discuss key insights and best practices for optimizing cyber readiness and response outcomes that aim to strengthen the nation’s resiliency against threats.

Here are some of the key takeaways from the event:

Purpose Through Certainty for Federal IT and Security leaders

Tanium CEO Dan Streetman opened the day with a keynote on the importance of delivering certainty to every organization during uncertain times. He emphasized Tanium’s purpose in serving the world’s most innovative and security-conscious organizations – such as those in the federal government – to help them overcome the challenges of regulatory requirements, digital transformation, budget constraints, and cyber threats.

He also highlighted Tanium’s core values of integrity, tenacity, empathy, and excellence and how they guide the company’s actions and decisions to support the public sector.

Speed, Scale, and Imagination are Imperative to Meeting Today’s Challenges

Cory Simpson, CEO of the Institute for Critical Infrastructure Technology (ICIT), joined Streetman for a fireside chat that explored the evolving nature of cyber threats and how to counter them. Simpson emphasized how adversaries attack at scale, targeting both human and digital infrastructure, and that defenders need to leverage imagination, innovation, and strategic partnerships to create better systems and societies to meet those challenges at speed.

He also stressed the need for speed and agility in responding to incidents and the value of artificial intelligence in augmenting human intelligence for a tactical advantage.

From Standardization to Scalability, CIOs Share Strategies for Digital Transformation

In a thought-provoking fireside chat, federal CIOs shed light on the myriad of challenges keeping them up at night. From workforce development to cybersecurity concerns, the panel delved into the complexities of modernizing federal technology infrastructure. Moderated by Renata Spinks, a distinguished U.S. Army veteran and former SES -Deputy CIO IC4 USMC, the discussion offered valuable insights into the evolving landscape of government IT.

Kenneth McNeill, CIO for the National Guard Bureau, emphasized the importance of cybersecurity protocols and the adoption of proper tools to mitigate risks effectively. He underscored the need for continuous efforts in this critical area, especially when it comes to cross-collaboration and information sharing with other agencies. Given the highly distributed structure of the National Guard and their unique work, McNeill underscored the importance of being in lock-step with local and state authorities around event response and coordination of information sharing – which required a great deal of investment, modernization, and security protocols to expand upon.

Echoing McNeill’s sentiments, Winston Beauchamp, Deputy CIO of the U.S. Air Force, highlighted the significance of enterprise solutions in managing digital transformation. He stressed the importance of alignment with Department of Defense (DoD) standards and the value of standardization in fostering cohesion across diverse services.

Beauchamp further pointed out the department’s objective of achieving aligned command and control capabilities with allied forces, enabling rapid response and feedback mechanisms.

Discussing strategic initiatives, Beauchamp touched on the Air Force’s cloud migration program as a pivotal step towards enhancing scalability and cybersecurity. He emphasized the importance of environmental precautions and the selection of appropriate commercial devices to bolster resilience.

Confidence is the Path and Platform to What’s Possible

Steve Daheb, Tanium CMO, delivered a keynote showcasing how Tanium enables organizations to act confidently in the face of uncertainty. He cited some alarming statistics, such as a recent report that 70% of organizations are breached through unknown assets, such as computers, phones, servers, etc.

Daheb emphasized that incomplete data is dangerous data and that point solutions are increasing costs and complexity without making organizations safer. He explained how Tanium provides a unified platform that delivers complete, accurate visibility, actionable insights, and automated workflows across IT and security domains.

Navigating the Modern Threat Landscape Requires the Right Tools

In an insightful fireside chat with Col. Thomas J. Cleaver, Operations Officer at Marine Force Cyberspace Command, and Tanium Director for Technical Account Management Col. Edward Debish (Ret.), the two delved into the critical capabilities needed to confront the ever-evolving threat landscape facing federal agencies.

The discussion underscored the persistent targeting of federal entities by malicious actors and the diverse range of threats targeting both DoD and civilian networks. With the rapid advancement of technologies like generative AI, machine learning, and bots, the nature of cyber threats has become increasingly sophisticated and dynamic.

According to Col. Cleaver, “How we modernize and defend our networks (against the adversary) is imperative. Having a central hub to triage tools continues to create an impact.”

Col. Cleaver also highlighted Tanium as an indispensable component of their toolkit, enabling effective daily network defense operations and playing a crucial role in fulfilling their mission objectives.

Tanium and ServiceNow Redefine CMDB Accuracy and Completeness

FedCyber’s partner panel with Tanium VP of Strategic Partners Shawn Gallagher, ServiceNow Principal Executive Architect, Tanium Field CTO Arunkumar (Arun) Iyer, and Tanium Director of Technical Account Management Col. Sam Kinch (USAF, Ret.) examined how the companies’ joint solutions are working together to improve data, automation, and remediation for federal IT workflows.

The biggest takeaway was that a CMDB promises a single source of truth for all IT management data but needs to be updated with real-time and accurate data. Their panel tackled how Tanium and ServiceNow are strategically working together to enable organizations to move closer to a zero-trust framework by integrating real-time device data into the access-granting process. The alliance takes a more proactive, synergized approach around IT and security operations, turning static databases into dynamic and powerful solutions for agencies that can power many IT processes.

According to Iyer, “How quickly you can recover from a breach is critical. Governance and automation is what captures data, but you need solutions like Tanium paired with ServiceNow to measure and understand the data.”

Attendees also gained hands-on experience with Tanium Asset and Discover and practiced making the ServiceNow CMDB accurate and complete. During our Lab portion of the event, attendees learned how to use the ServiceNow Service Graph connector for Tanium and Tanium Connect as the standard integration methods for Tanium Asset and Discover data. They also learned how Tanium fully supports ServiceNow’s Common Services Data Model (CSDM), a standardized way of organizing and storing information about IT services and their components.

The Future of Visibility is Autonomous

Matt Quinn, Tanium CTO, Melissa Bischoping, Endpoint Security Research Director at Tanium, and Harman Kaur, VP of Artificial Intelligence at Tanium, shared how Tanium Automate delivers a simple no-code interface to create powerful playbooks for automating task sequences that integrate platform solutions and capabilities to achieve cross-functional use cases with consistency and accuracy. They said Tanium Automate scales IT operations and security execution to dramatically improve operational efficiency, continuously mitigate risks, and reduce costs.

They also shared how Tanium Automated Endpoint Management (coming soon) will leverage artificial intelligence to identify the highest-value cyber hygiene recommendations and insights and enable organizations to confidently take actions that will deliver the greatest impact.

Cyber Hygiene is Key to Warfighter Domain Dominance

During his breakout session, SMSgt Richard Noon, Team Chief, Cyber Security Branch for the Air National Guard Readiness Center, discussed the importance of real-time endpoint visibility for cyber warfighters.

SMSgt Noon demonstrated how the Cyber Awareness Dashboard (CAD) aggregates vulnerabilities into different logical and geographic views and how Automated Remediation and Asset Discovery (ARAD) helps the Air National Guard to understand and act on vulnerabilities highlighted by the CAD. He also showed how base-level operators can use ARAD to ask real-time questions and prioritize pre-approved actions against endpoints in their environment to maintain the best possible cyber hygiene while preparing for command inspections.

The Importance of SBOM in Unmasking Hidden Vulnerabilities

Attendees gained hands-on experience with Tanium Comply and learned how Software Bill of Materials (SBOM) helps identify libraries that exist on endpoints, likely shipped with other software. They learned how Tanium Comply scans for compliance and operating system vulnerabilities to make sense of the Bill of Materials and determine which libraries are vulnerable — both at run-time and build-time.

They also learned how to apply updates to the affected products to remediate vulnerabilities and how to use Tanium Asset and Reporting to showcase vulnerable versions and the remediation efforts they have completed.

The Time for Zero Trust is Now

Given the recent update on the DoD’s Zero-Trust framework progress, the need to meet Zero-Trust guidelines as the department moves into its implementation phase was clearly felt throughout the event.

Adopting a Zero-Trust architecture means practicing the principle of least privilege. But all too often, organizations don’t put enough weight on the endpoint requesting access and the state it’s in. With our modern workforce placing the endpoint as the new perimeter, it’s more important than ever to validate device posture and the user as part of your Zero-Trust approach.

With the Pentagon’s target 2027 goals to meet Zero Trust looming, our breakout session with my Tanium colleague Brian Siapno, RVP for Technical Account Management, and myself took a deeper look into how Tanium fits into this approach as a whole, exploring some of our popular integrations that enable federal agencies to infuse real-time device data into the access-granting process.

Ultimately, Zero Trust is not what people think. It’s not a point solution. It’s a strategy that we’re committed to helping all agencies deliver.

Overall, it was a fantastic event that brought so much value — not only in thought leadership content but also in the highly applicable Tanium product walk-throughs, previews, and more. If you didn’t get a chance to attend this year, we hope you’ll look out for next year’s FedCyber Exchange and register early to reserve your spot.