Data-driven Threat Hunting with Tanium + Google Chronicle
Proactively Hunt Threats on Live Endpoints and Across an Entire Year of Activity
Advanced persistent threats (APT) penetrate networks and stay hidden through any number of targeted and difficult to detect means including spear phishing, credential theft or web app vulnerabilities.
Once inside, they use native operating system functions, credential dumping and human error to opportunistically seek higher value targets and data. These types of attacks can be extremely damaging, difficult to remediate and much longer lived – often 200+ days of dwell time. EDR telemetry becomes too limited in scope and volume to help, usually maxing out at 30 days.
For the first time, organizations can cost-effectively store one year of rich endpoint telemetry with deep integration between Tanium and Chronicle. Incident response teams and analysts will have drastically improved ability to hunt, investigate and fully scope advanced threats with sub-second search latency across endpoint and other data sources such as DNS, proxy and firewall logs.
What you’ll learn:
- Current trends in advanced security threats and how evolving tactics are evading defenses
- How Tanium and Google Cloud have created a rich integration to accelerate and improve endpoint detection and response to address advanced threats
- How to use Chronicle in an investigation to fully scope a long-lived attack
Watch the On-Demand Webinar Now
Complete this form to receive the link to view the on-demand webinar.