Innumerable cybersecurity companies promise to protect companies from all manner of attacks. Tanium Inc. Chief Executive Orion Hindawi doesn’t seem to be one of them.

In the 10-year-old company’s second annual Converge show for customers in San Francisco today, Hindawi was remarkably candid about the reality that none of them, including his, can ensure that attacks won’t happen. That’s despite the fact that Tanium’s technology is aimed at improving security by scanning and controlling up to thousands of computing devices in networks at organizations such as Visa, Amazon.com Inc. and the U.S. Defense Department.

“The idea that we’re going to give you a black box and it automagically fixes everything, that’s a lie,” he said in a “fireside chat” at the conference. “All I can tell you is we can give you better and better tooling every day. We can make it harder for the attackers to succeed. That’s the best I can offer.”

Even his own company isn’t immune to attacks, he admitted. “We have 700 people in the company and three-quarters are security experts, and I still worry about it,” he said. “We just can’t close every door and window.”

Hindawi said the cybersecurity industry itself is most at fault for peddling narrow products that only fix a small part of the problem, making for a confusing and complex security setup that inevitably results in openings for attackers. “I blame us, me, our industry for not giving you guys tools … so you can close every door,” he said.

In fact, he mentioned the own device management company, BigFix Inc., that he and his father David founded. It was sold to IBM Corp. in 2011, and Hindawi called the current BigFix product a “terrible Frankenstein product” at this point. “Being acquired is just about the worst thing that could happen to our customers,” he said, noting with a smile that some of Tanium’s customers have contracts with a “poison pill where if we get acquired, they get all their money back.”

Hindawi also took the opportunity to dump on nearly every other security company, with the exception of Palo Alto Networks Inc., that are “just rewarming the same food over and over again, and I don’t want to eat that.” Of course, he added, Tanium is working to fix that. “We owe our customers an opportunity to clean out all these point solutions,” he said.

Not surprisingly, Tanium announced plans to provide tools to do that. A new module that helps companies track devices, called Tanium Asset, that can integrate with information technology service management firm ServiceNow Inc.

But there’s plenty of other blame to go around too, Hindawi said, especially by the rapidly growing number of “internet of things” companies adding smarts to everyday devices. “We get called in to help companies vending these machines… right before they ship the product,” he said. “Sometimes they don’t think about it until after they ship the product.”

Although some companies such as Google LLC, Apple Inc. and Microsoft Corp. do think about security from the start, he said, “the vast majority of IoT is driven by companies that don’t think of this at all, so we see massive attacks harnessing all these devices.”

The solution needs to go beyond providing technology, he said, though he thinks government regulation might make things worse. The fact is, he said, that “there are some things that are not worth patching,” such as vulnerabilities in 20-year-old systems that simply can’t be fixed.

In that case, he said, it’s time to turn to an old-school solution: insurance. “Cyberinsurance can cover some of that risk,” he said. “Basically this is just another operational risk, like earthquakes.”

Although nations such as Russia and North Korea are in the news as state actors trying to break into systems, that’s rare, Hindawi said. The biggest threats, he said, are “commodity hackers using tools on known vulnerabilities that are three years old. It’s almost never the Russians. It’s usually much more prosaic. Sometimes it’s three scammers in Florida.”

Tanium, whose latest $100 million fundraising in May valued it at a breathtaking $3.75 billion, seemed to be poised for an initial public offering earlier this year. But in April, reports revealed that it had made demonstration presentations using private network data from El Camino Hospital without its permission. Also, the company lost nine managers from a year ago to April.

Not surprisingly, Hindawi was coy about the timing of an IPO. “We can serve customers just as well either way,” he said, though he acknowledged the likelihood of going public at some point. For now, he said, “I’d rather just buy a bell and ring it at home.”

Photo: Robert Hof