Jun 16, 2016
Introducing the PwC Threat Intelligence Stream IntegrationBy Paul Bottomley & Matt MacKinnon
The new PwC Threat Intelligence stream integration
One of Tanium’s core missions is to transform cumbersome manual processes into automated tasks that empower IT Security teams with more time, better data and less waste. We’re fortunate to partner with organizations that share our values. Last July, PwC introduced “Tanium Accelerators” to its Cyber Security Practice, providing a suite of services to its customers – including a high fidelity set of PwC-created threat intelligence deployed in Tanium IOC Detect to hunt for threats within their customers’ environments. While this approach has delivered powerful results, it’s a manual process for the talented team of PwC analysts to manage. Until today.
Tanium IOC Detect 2.4
We’re thrilled to introduce a new PwC Threat Intelligence stream integration with the release of Tanium IOC Detect 2.4, the latest component of the Tanium Accelerators program at PwC, and part of an ongoing evolution of our next-gen partnership in threat detection and response. The stream provides integration between the Tanium platform and PwC’s Threat Intelligence Fusion Center (TIFC), creating a seamless and highly efficient process for importing PwC proprietary threat intelligence data into Tanium.
When subscribed to PwC’s Threat Intelligence accelerator, the stream allows the automatic import of PwC’s proprietary threat intelligence data, a comprehensive set of high confidence indicators of compromise (IOC). Coupled with Tanium’s technology, this allows security teams to detect signs of malicious activity in real time across every endpoint in the network within 15 seconds, in both data at rest and in-flight, and accelerate corrective action to reduce business risk. No matter how complex the IOC, which may contain dozens of attributes like filenames,
Registry settings, IP addresses, MD5 hashes or even observable suspicious behaviors, you can evaluate all endpoints within seconds. Security teams have the flexibility to automate IOC scans across the entire enterprise, as well as perform quick ad-hoc scans against just a select group of endpoints to ensure that there is never a lapse in threat detection.
The PwC Threat Intelligence stream covers a wide variety of threat groups, ranging from nation-state to organized crime, and also includes a comprehensive set of heuristic IOCs which search for generic actions taken by malware, not commonly observed on clean machines.
Up until now, the process of consuming PwC’s threat intelligence required downloading it from PwC’s intelligence platform to Tanium, importing it into IOC Detect, and then using IOC Detect to execute the scan. With this new functionality, there is no more manual export, download, import, scan process: it’s all streamlined. Automation means reducing time to find threats and compromises and lessening the skills required to execute this process. We’ve seen improvements in this process already at PwC, with reductions in the time taken to apply intelligence to an environment.
The quality of PwC’s threat intelligence coupled with the speed and scale of Tanium IOC Detect has already proven transformative for companies around the world – we’re thrilled to continue building on these capabilities together.
Paul Bottomley, Cyber Threat Detection & Response Manager at PwC
Matt MacKinnon, Senior Director, Product Management at Tanium