Introducing Tanium Threat Response: A New Way To Ease The Pain Of EDR Investigations

Joseph Lea Posted on 07.11.17 — by Joseph Lea

Tanium Threat Response was developed to empower security teams to detect, investigate, and remediate incidents using a single platform. The Tanium platform eases the collaboration challenges faced by EDR and IT teams, providing an integrated view of the entire enterprise. Using the power of Tanium IOC Detect, Tanium Trace, and Tanium Incident Response, Tanium Threat Response offers enhanced features such as built-in threat intelligence and continuous monitoring for threats with real-time alerting.

When we speak with our customers about Endpoint Detection and Response (EDR), we hear most often about how they want to enable teams to collaborate across critical enterprise functions. Professionals working in the Security Operations Center (SOC), on the Incident Response (IR) team, and in IT Operations all want to be able to work together using integrated workflows. In today’s cybersecurity environment, it’s no longer feasible for each team to operate in a silo, using its own set of point tools without the ability to have an integrated view of the enterprise.

Our Product organization took these concerns to heart and answered the challenge by creating Tanium Threat Response. This new offering comprises functions previously offered by Tanium IOC Detect, Tanium Trace, and Tanium Incident Response into a single offering which integrates workflows for detection, investigation, and response.

Tanium Threat Response introduces real-time alerting, allowing security teams to detect a broad range of attacks using custom or built-in intelligence from Tanium’s EDR team. Analysts can access a simplified feed of real-time alerts to triage and orchestrate appropriate follow on actions. Incident responders can conduct deep-dive analyses on individual systems or hunt enterprise wide. And Operations teams will be able to remediate incidents on one or more endpoints across the enterprise in seconds.

All of these capabilities include granular Role-Based Access Control (RBAC), which enables administrators to define and delegate responsibilities.

Tanium Threat Response also includes important enhancements to Tanium’s detection and alerting capabilities.

The new and enhanced detection mechanisms that will be offered in Tanium Threat Response in the coming weeks include:

  • Indicator of Compromise (IOC) detection will be automated on the endpoint, and can be performed continuously, even if the system is offline.
  • Reputation information from common third-party reputation sources, or internally developed blacklists and whitelists, can be continuously matched against executed processes or at-rest files to identify previously undetected malware.
  • Tanium will provide an out-of-the-box intelligence feed of “Signals.” Tanium Threat Response Signals monitor patterns of attack in real time and generate immediate alerts when malicious activity is detected.
  • Investigators will be able to apply common uses of Tanium sensors to detect suspicious endpoint activity, follow leads, and hunt for anomalies within current state, at rest, and historical evidence on the endpoint.

Each of these detection mechanisms generates alerts within seconds. Alerts are sent to a new, proactive alerting dashboard, providing a unified interface into threats across your environment. Users have the ability to triage, investigate, and remediate any alert all from a single pane of glass.

Tanium Threat Response offers integrated workflows so you can bring your critical cybersecurity teams together when it matters most. You’ll have continuous threat detection, real-time intelligent alerts, and new threat intelligence from Tanium’s EDR team. With Tanium, you are not limited in your ability to detect, scope, or remediate attacks, as you would be with a database-driven solution where the data is only as good as the last snapshot.

The best part? Unlike point tool competitors, Threat Response runs on Tanium’s Core Platform. Our single agent and back-end infrastructure can take you far beyond EDR, helping you accomplish a variety of critical IT and security functions, including IT asset visibility, compliance, unmanaged asset detection, file integrity monitoring, vulnerability management, and patching—all on a single platform.

To learn more about Threat Response, join us on this upcoming Investigating and Hunting webinar.

Read more:

Like what you see? Click here and sign up to receive the latest Tanium news and learn about our upcoming events.