Security teams are often aware of existing threats to the business, yet IT teams are typically not able to keep up with remediating these fast enough. Traditional tools rely on scripted solutions copied to every client, which then run as separate processes. This approach makes it extremely hard to scale any solution, while also placing a heavy burden on network bandwidth and client resources. Simply put, most existing remediation solutions are not capable of keeping up with the tremendous number of requests facing SecOps teams, resulting in a negative impact on the business.
Problems that are impossible to solve with traditional System Admin tools are easily addressed with Tachyon. This is made possible with Tachyon’s powerful ability to extend it’s capabilities through the Tachyon Software Development Kit (SDK). Unlike other tools in the remediation space, Tachyon was designed with scale, speed, and extendibility in mind, while keeping resource demands to the absolute minimum. These days, successful organizations are not just able to keep up with the pace of demand, they are also able to learn, automate and keep extending remediation solutions.
Whether contributing to the growing Tachyon Exchange community, or simply wishing to tap into the immense automation possibilities of Tachyon for your organization, the Tachyon SDK is the key to unlocking the ability to investigate and remediate threats at immense scale and speed. With this post, we’d like to introduce aspiring Tachyon community members to the toolkit that enables you to leverage the power of Tachyon to maximum effect. To help us understand some Tachyon SDK basics, we interviewed James Davies, head of our Tachyon development team:
Question: Tell us about the Tachyon SDK.
James: The Tachyon SDK is an online reference guide to help you create and enhance Tachyon instructions (questions and actions). It includes a guide on how to use TIMS (Tachyon Instruction Management Studio) – the tool that lets you create and test out instructions before using them from Tachyon Explorer. There's also documentation for SCALE – the cross-platform scripting language used by the Tachyon Agent, as well as a complete reference for all the different modules and methods that you can use to piece your instruction together. Because the true power of Tachyon is unleashed with the SDK, we have worked hard to make it both easy to use and to learn. Together, these resources are all you need to become a master at automating Tachyon for your own organization or to share solutions with the wider community.
Question: The SDK can seem a little intimidating if you're a newbie. What do you recommend users do first?
James: If you've got any type of scripting experience, you'll find writing your own instructions a breeze. If you're familiar with basic SQL, so much the better. Even if you're not, it's very easy to get started. The SDK documentation contains some simple examples for you to be able to take your first steps. But, in my opinion, the best way to get to grips with any kind of new programming language is to grab an example that does something interesting (which you'll be able to get from the Tachyon Exchange as a “Product Pack”), open it up in TIMS, and then play around with it! Product Packs are great turn-key solutions to commonly faced real-world problems, and therefore also a useful resource.
Question: Have any customers developed Tachyon solutions you can share?
James: Absolutely! SDI Media is just one example of a customer who used Tachyon to deal with the global WannaCry virus outbreak in 2017. Because of Tachyon’s extensible, SDI was able to come up with a highly successful response for their entire IT estate which spanned 40 countries. SDI Media was able to deploy their solution very quickly, but perhaps most importantly, they were able to evolve their solution easily as various spin-offs of the virus went around. This kind of visibility and flexibility to deal with threats is critical to staying ahead in the game. (You can read more about how Tachyon helped SDI Media react to WannaCry in minutes (rather than days) here.)
Question: What do you think is the most valuable aspect of the SDK?
James: If you're just starting out, then the "Getting Started" page has a great step-by-step guide that takes you through the whole process of creating your first instructions. Once you've got the hang of the basics, the next step is to get to the good stuff within the "Functions and Methods" reference – this contains all the building blocks you might need to leverage and extend the power of Tachyon.
Question: How do you use both the SDK and the Exchange?
James: The two really go hand-in-hand. If you've got a particular need, then the best thing to do is go to the Tachyon Exchange community first – chances are someone else has a similar need, and there may already be a Product Pack available which you can then download and start using for free straight away. If there isn't, then you can submit a request on the Tachyon Exchange and we'll do our best to put something together and share with the community. However, one of the best things about Tachyon is that you can create these instructions yourself, and get them to behave in exactly the way that best suits you. That's where the SDK comes in. Whether you're writing an instruction from scratch or modifying an existing instruction that you've downloaded from the Tachyon Exchange, the SDK gives you all the tools you need to be able to do this. And once you've got your instruction set doing exactly what you want, you can submit it back to the Tachyon Exchange so that everyone else can benefit!
If you are interested to get started with the Tachyon SDK, all you need is a 1E Customer account and then download the SDK reference material. Join the conversation and ask questions on the Tachyon Exchange community help forum.