Tanium Announces Threat Response: A New Way to Ease the Pain of EDR Investigations

Tanium Threat Response was developed to empower security teams to detect, investigate, and remediate incidents using a single platform. The Tanium platform eases the collaboration challenges faced by EDR and IT teams, providing an integrated view of the entire enterprise. Using the power of Tanium IOC Detect, Tanium Trace, and Tanium Incident Response, Tanium Threat Response offers enhanced features such as built-in threat intelligence and continuous monitoring for threats with real-time alerting.

EMERYVILLE, Calif.--()--Tanium, the company that redefined security and IT operations with the unparalleled speed and scale of its endpoint communications platform, announces Tanium Threat Response. Developed with input from our customers, Threat Response is designed to alleviate the pain of trying to perform successful incident response using disparate point tools.

Professionals working in the Security Operations Center (SOC), on the Incident Response (IR) team, and in IT Operations all want to be able to work together using integrated workflows. In today’s cybersecurity environment, it’s no longer feasible for each team to operate in a silo, using its own set of point tools without the ability to have an integrated view of the enterprise.

Tanium Threat Response is designed to allow security operations teams to easily detect a broad range of attacks with out-of-the-box intelligence and real-time alerting. Security Operations Analysts can easily triage alerts with an enriched investigation experience, and quickly orchestrate remediation actions using streamlined workflows. Incident Response teams can use the new functionality to scope and investigate threats thoroughly. And Operations teams will be able to remediate incidents on one or more endpoints across the enterprise in seconds.

All of these capabilities include granular Role-Based Access Control (RBAC), which enables administrators to define and delegate responsibilities.

Now, incident responders and investigators can access a simplified feed of real-time alerts, conduct deep-dive analyses on individual systems, and remediate—all in a seamless user experience with RBAC coordinating their scope of responsibilities.

Tanium Threat Response also includes important enhancements to Tanium's detection and alerting on the endpoint.

The new detection mechanisms that will be offered in the coming weeks include:

  • Indicator of Compromise (IOC) detection is now automated on the endpoint, and can be performed even if the system is offline.
  • Reputation information, like that provided by VirusTotal or Palo Alto Networks Wildfire, or internally developed blacklists and whitelists derived by Tanium, can be continuously matched against executed processes or at-rest files to identify previously undetected malware.
  • Tanium will provide an out-of-the-box intelligence feed of "Signals." Tanium Threat Response Signals monitor patterns of attack in real time and generate immediate alerts when malicious activity is detected.
  • Investigators will be able to apply common uses of Tanium sensors to detect suspicious endpoint activity, follow leads, and hunt for anomalies within current state, at rest, and historical evidence on the endpoint.

Each of these detection mechanisms generates alerts within seconds. Alerts are sent to a new, proactive alerting dashboard, providing a unified interface into threats across your environment. Users have the ability to triage, investigate, and remediate any alert all from a single pane of glass.

Tanium Threat Response offers integrated workflows so you can bring your critical cybersecurity teams together when it matters most. You’ll have continuous threat detection, real-time intelligent alerts, and new threat intelligence from Tanium's EDR team. With Tanium, you are not limited in your ability to detect, scope, or remediate attacks, as you would be with a database-driven solution where the data is only as good as the last snapshot.

The best part? Unlike point tool competitors, Threat Response runs on Tanium's Core Platform. Our single agent and back-end infrastructure can take you far beyond EDR, helping you accomplish a variety of critical IT and security functions, including IT asset visibility, compliance, unmanaged asset detection, file integrity monitoring, vulnerability management, and patching—all on a single platform.

About Tanium

Tanium gives the world’s largest enterprises and government organizations the unique power to secure, control, and manage millions of endpoints across the enterprise within seconds. Serving as the “central nervous system” for enterprises, Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, retrieve data on their current and historical state, and execute change as necessary, all within seconds. With the unprecedented speed, scale, and simplicity of Tanium, organizations now have complete and accurate information on the state of endpoints at all times to more effectively protect against modern day threats and realize new levels of efficiency in IT operations. Visit us at www.tanium.com or follow us on Twitter at @Tanium.

Contacts

Tanium
Rachel Delphin, 646-673-5342
rachel.delphin@tanium.com
or
The OutCast Agency
Alex Doniach, 415-806-8566
adoniach@theoutcastagency.com

Contacts

Tanium
Rachel Delphin, 646-673-5342
rachel.delphin@tanium.com
or
The OutCast Agency
Alex Doniach, 415-806-8566
adoniach@theoutcastagency.com