Our Partnership with Google Cloud: Transforming Threat Hunting and Zero Trust for the Distributed IT Era

The year 2020 has seen global disruption on a massive scale across nearly every facet of life and business. For IT and Security teams, the challenge has been two-fold: transitioning employees to remote work without compromising availability or security, and also defending against the increase in cyberattacks as threat actors continue to exploit the chaos. According to the Google Transparency Report, the number of phishing sites increased by 20 percent between January 2020 and March 2020, with another spike occurring in May. That increase corresponds to the experiences of global IT leaders, 90 percent of whom reported seeing an increase in cyberattacks during the first two months of the pandemic. With Booz Allen Hamilton reporting an average dwell time for “advanced persistent threats” between 200 and 250 days, the ability to detect, as well as proactively hunt, investigate, and remediate these threats has never been more critical – or existential.

A little over a year ago, Tanium announced our initial integration with Chronicle, Google Cloud’s security analytics platform. At the time, it was clear that many of our customers were facing similar challenges around IT security. Five months into the pandemic, that has never been more true. The rapid transition to distributed workforces has compounded many of these challenges and exposed critical gaps: lack of visibility, incomplete or limited data, and a plethora of point tools that are either ill-suited to remote IT operations or further fragment visibility and control over technology.

From the beginning of the partnership between Google Cloud and Tanium, and in particular, over the last few months, Sunil Potti, GM and VP of Cloud Security at Google Cloud, and I have had many conversations about how to address these pressing challenges for our customers. Together, we saw a significant opportunity to transform security around a new reference architecture that brings together the best platform for endpoint with Google Cloud’s capabilities for security analytics and Zero Trust. Together we’re committed to providing better security outcomes, forging a new approach that meets the needs of distributed IT where more employees are remote and more infrastructure is hosted in the cloud. The results of the conversations Sunil and I started a number of months ago, and our initial vision for the partnership are in the press release we issued today and included in Sunil’s keynote at Google Cloud Next ‘20: OnAir’s Security week today.

Just as Tanium is a disruptor in the endpoint security and management markets, Chronicle turns the economics of security analytics storage on its head while greatly simplifying the task of correlating massive amounts of telemetry data to make meaningful decisions.

Available today, Tanium is able to directly sell Google Cloud’s Chronicle to Tanium Threat Response customers, representing a commitment to the relationship and integration from both sides. This go-to-market relationship extends the great things Tanium already does for endpoint security. With the addition of Chronicle to the portfolio, Tanium customers can inform threat hunting and investigations with one year of recorded endpoint activity.

Beyond the joint go-to-market aspects, we’ve also invested in making our integration with Chronicle second to none. With our Tanium Streams capability, customers can send rich telemetry directly from the endpoint to Chronicle for storage and analysis. This is highly configurable and enables organizations to customize what they really care about storing for one year versus the rigid approach of the EDR point tools which max out at 30 days – or charge high data retention fees. As a result, security leaders gain the assurance that they have comprehensive data – whether historical or live – to hunt, investigate and fully scope attacks that might have started hundreds of days ago.

Chronicle is just the beginning. Google is well known for its early thought leadership around Zero Trust. We are in the midst of integration discussions on how Tanium will layer into Google’s Beyond Corp model, its Zero Trust system used to protect Google itself. We expect to announce more about this aspect of the partnership later in the year. We’d also like to collaborate to provide a more unified management model for a variety of thin-client device types. I’m excited about the possibilities and look forward to continuing my discussions with Sunil.

To learn more about our partnership and joint capability with Chronicle, please join us for a webinar on August 20th.

---

Interested in seeing Tanium in action? Schedule a one-to-one demo or talk to our Tanium experts at our upcoming events.