Tanium Comply improves security hygiene and regulatory compliance by transforming security configuration checks and vulnerability scanning from a labor-intensive, unreliable activity that takes weeks to get enterprise-wide results to one that can be performed on-demand.
Product modules provide purpose-built extensions geared for specific IT security and management problems with the speed, simplicity, and scalability that is uniquely Tanium.
- Checks systems against standards-based security benchmarks and vulnerability checks with complete results in minutes – even in very large endpoint networks
- Integrated as part of the Tanium platform for configuration management visibility, vulnerability assessment, remediation, system patching, and endpoint security
- Helps fulfill the system configuration hardening and vulnerability scanning portions of industry regulatory requirements
- Supports corporate mandates around proactive security across desktops, laptops, and servers
Tanium Discover quickly finds unmanaged assets within the enterprise environment, even across the largest global networks, and allows security and IT teams to directly take actions necessary to review, secure and gain control of these assets.
Efficiently scans for unmanaged assets at scale with almost no impact on the network.
Provides a rich set of information for the assets it locates, including the hostname, MAC and IP addresses, device manufacturer, operating systems, open ports / applications and even historical information like the first and last time the asset was seen on the network. Offers flexible scanning choices depending on type of environment or information required.
Take immediate action on discovered rogue corporate assets, such as send block requests to Palo Alto Networks next-generation firewalls, deploy the Tanium agent to quickly bring them under management, notify that an asset has been lost, or tag them to support advanced workflows and custom needs.
Tanium Incident Response delivers a broad set of capabilities to hunt, contain and remediate threats and vulnerabilities with unparalleled speed and scalability.
Remediates incidents on one or more endpoints across the enterprise in seconds: kill malicious processes, capture files, alert users, deploy patches, repair registry keys, apply configuration updates, uninstall applications, close unauthorized connections, reset user credentials, and more.
Includes capabilities to search for hash values of processes, mutexes, application logs, DLLs, open ports/connections, running services, registry values, and even files “at-rest” anywhere on disk by name, hash, path, or contents to help incident responders accurately triage and scope incidents.
Tanium Integrity Monitor simplifies regulatory compliance and makes file integrity monitoring more effective enterprise wide.
- Enables continuous monitoring of critical operating system, application, and log files at enterprise scale
- Integrated as part of the Tanium platform, it offers the ability to link file integrity monitoring with active alert investigation, configuration compliance, and vulnerability scanning, as well as many other aspects of endpoint management and security
- Supports automatic whitelisting for better alerting and integration with existing incident management workflows such as SIEM or change management
- Enables granular reporting to satisfy regulatory requirements such as PCI-DSS and CIS Critical Control #3
Tanium IOC Detect enables security professionals to consolidate threat intelligence data from multiple sources and detect complex indicators of compromise (IOC) across any network regardless of scale in seconds.
Evaluates IOCs within seconds – including complex indicators that implement Boolean logic, and against both current-state endpoint activity and historical data.
Supports all of the major indicator formats, such as OpenIOC, Yara, STIX, and also automatically ingests indicators from TAXII streams.
Performs on-demand IOC scans or schedule automated scans at customizable intervals.
Tanium Patch enables IT professionals to customize patch workflows with up-to-the-second endpoint visibility and control with just a single server regardless of network scale.
Delivers Windows OS patching capabilities with groundbreaking speed and reliability without requiring ongoing infrastructure additions, even as the network grows over time.
Provides patch administrators the flexibility to define custom workflows and schedule patches based on advanced rules or exceptions built around whitelists, blacklists, dynamic groups and patch lists.
Generates patch reports and returns current results from every endpoint of interest across the enterprise environment.
Tanium Protect delivers policies and actions to manage native operating-system protections at enterprise-scale – thus reducing the cost and complexity of endpoint security. Combined with Tanium IOC Detect, Protect empowers customers to seamlessly move from investigating their environment to taking proactive action to protect against threats.
Create policies to block malicious network connections or software: block network connections using Windows Firewall and known bad / malicious or prohibited software (i.e. blacklist) using Windows Software Restriction Policy (SRP).
Manage health for Microsoft Anti-malware products (Forefront, Defender, SCEP) and EMET: to detect and block exploitation techniques that are commonly used to attack memory corruption vulnerabilities.
Integrated workflow to be able to detect (IOC Detect) and then block an in-process attack on every endpoint in seconds.
Tanium Trace helps incident response teams take an initial lead, quickly search, filter and visualize forensic data, and piece together the story about what happened on an endpoint in a given point in time. By monitoring the Windows kernel for system activity and continuously recording forensic evidence, Tanium Trace not only expedites analysis of a single endpoint, but also leverages the same data to identify compromised systems enterprise-wide in seconds.
Continuously records endpoint activities such as file system, process, network connections, registry and security events through kernel-level monitoring.
Allows administrators to immediately pivot between single endpoint investigations to enterprise-wide searches, or vice versa, using context-sensitive links.
Provides search, filters and visualization tools to help investigators easily examine, navigate and drill-down on forensic data.