It supposedly has some kind of peer-to-peer topology for executing queries and aggregating the responses, so--I believe, I'm not certain--it avoids having a centralized data store that gets DDOS'd from the agents or a linear machine-by-machine connect-and-query model. That allows it to scale to large networks. The company _definitely_ benefited from the a16z lead-gen (and investment). Tanium was the big shiny endpoint tech of 2016, but I'm not convinced they have a good handle on the use cases/domain.

Yeah, pretty much. osquery plus some gossip-based node communication layered on top. Unless osquery has that or something like it these days. It's been a while since I kicked the tires on it.