Introducing Tanium Threat Response: A New Way to Ease the Pain of EDR Investigations

7.10.2017 | Joe Lea

Tanium Threat Response

Tanium Threat Response was developed to empower security teams to detect, investigate and remediate incidents using a single platform. The Tanium platform eases the collaboration challenges faced by EDR and IT teams, providing an integrated view of the entire enterprise. Using the power of Tanium IOC Detect, Tanium Trace and Tanium Incident Response, Tanium Threat Response offers enhanced features such as built-in threat intelligence and continuous monitoring for threats with real-time alerting.

When we speak with our customers about Endpoint Detection and Response (EDR), we hear most often about how they want to enable teams to collaborate across critical enterprise functions. Professionals working in the Security Operations Center (SOC), on the Incident Response (IR) team and in IT Operations all want to be able to work together using integrated workflows. In today’s cybersecurity environment, it’s no longer feasible for each team to operate in a silo, using its own set of point tools without the ability to have an integrated view of the enterprise.

Why Tanium Threat Response was created

Our Product organization took these concerns to heart and answered the challenge by creating Tanium Threat Response. This new offering comprises functions previously offered by Tanium IOC Detect, Tanium Trace and Tanium Incident Response into a single offering which integrates workflows for detection, investigation and response.

Tanium Threat Response introduces real-time alerting, allowing security teams to detect a broad range of attacks using custom or built-in intelligence from Tanium’s EDR team. Analysts can access a simplified feed of real-time alerts to triage and orchestrate appropriate follow on actions. Incident responders can conduct deep-dive analyses on individual systems or hunt enterprise wide. And Operations teams will be able to remediate incidents on one or more endpoints across the enterprise in seconds.

All of these capabilities include granular Role-Based Access Control (RBAC), which enables administrators to define and delegate responsibilities.

Tanium Threat Response also includes important enhancements to Tanium’s detection and alerting capabilities.

New mechanisms of Tanium Threat Response

The new and enhanced detection mechanisms that will be offered in Tanium Threat Response in the coming weeks include:

  • Indicator of Compromise (IOC) detection will be automated on the endpoint, and can be performed continuously, even if the system is offline.
  • Reputation information from common third-party reputation sources, or internally developed blacklists and whitelists, can be continuously matched against executed processes or at-rest files to identify previously undetected malware.
  • Tanium will provide an out-of-the-box intelligence feed of “Signals.” Tanium Threat Response Signals monitor patterns of attack in real time and generate immediate alerts when malicious activity is detected.
  • Investigators will be able to apply common uses of Tanium sensors to detect suspicious endpoint activity, follow leads and hunt for anomalies within current state, at rest, and historical evidence on the endpoint.

Each of these detection mechanisms generates alerts within seconds. Alerts are sent to a new, proactive alerting dashboard, providing a unified interface into threats across your environment. Users have the ability to triage, investigate and remediate any alert all from a single pane of glass.

Tanium Threat Response offers integrated workflows so you can bring your critical cybersecurity teams together when it matters most. You’ll have continuous threat detection, real-time intelligent alert and new threat intelligence from Tanium’s EDR team. With Tanium, you are not limited in your ability to detect, scope, or remediate attacks, as you would be with a database-driven solution where the data is only as good as the last snapshot.

The best part? Unlike point tool competitors, Threat Response runs on Tanium’s Core Platform. Our single agent and back-end infrastructure can take you far beyond EDR, helping you accomplish a variety of critical IT and security functions, including IT asset visibility, compliance, unmanaged asset detection, file integrity monitoring, vulnerability management and patching—all on a single platform.

Read more:

Interested in seeing Tanium in action? Schedule a one-to-one demo or attend our weekly webinar. Talk to our Tanium experts at our upcoming events.

About the Author: Joseph Lea is head of product management at Tanium, where his focus and passion is shaping new product modules and bringing them to market. Joe has held numerous technical and product positions as well as executive management roles during his career. He holds a PhD in Cognitive Science which has informed his perspective on technology and led to 10 patents for user experience innovations. When he’s not busy at Tanium or spending time with family, he speaks about his experience competing in some of the world’s most grueling 100 mile mountain ultra-marathons, which, as it turns out, are not as different from his day job as you might expect.