Introducing Tanium Threat Response: A New Way To Ease The Pain Of EDR Investigations

Tanium Threat Response was developed to empower security teams to detect, investigate, and remediate incidents using a single platform. The Tanium platform eases the collaboration challenges faced by EDR and IT teams, providing an integrated view of the entire enterprise. Using the power of Tanium IOC Detect, Tanium Trace, and Tanium Incident Response, Tanium Threat...

Behind the Hack: Mr. Robot Season 2 Finale

Check out more on the tech advisors to the Mr. Robot show. {Warning to readers: Contains major spoilers for the final episode of Mr. Robot season 2.} Show writer and technical producer Kor Adana came to me with a challenging request: to help craft the “Stage 2” hack that finally comes to light in the...

An Integrated Workflow: Investigating and Remediating a Mass-Malware Infection

I recently had the opportunity to help a customer use Tanium to investigate and respond to an outbreak of the “Ponik” malware. Ponik is a downloader that can retrieve and install additional malware, as well as steal credentials, from an infected system. Though Ponik is an example of commodity mass-malware, it presented a good opportunity...

Mr. Robot: The Importance of Getting it Right

Q&A with Andre McGregor & Ryan Kazanciyan, the Tanium Duo Working Behind-the-Scenes on USA Network’s Hit Show Mr. Robot, USA Network’s critically-acclaimed cyberthriller, offers viewers a peek into the dark fictional world of a vigilante hacker tasked with saving the world. Though the premise sounds like fantasy, the technology and hacking techniques featured in the...

Hunting for Rogue PowerShell Profiles

During the earliest phases of an intrusion, attackers typically move to establish persistence on at least a subset of compromised systems. This might be to ensure that they can easily regain access to the victim environment, such as via a backdoor, or to keep other forms of malicious code running, such as a keystroke logger....

Back to the Basics: Detecting Malicious Windows Services with Tanium

“The theme I really want you to take away [from this presentation] is: if you really want to protect your network, you really have to know your network.” TAO Chief, NSA, USENIX Enigma 2016 An essential part of “knowing your network” is tracking endpoint persistence mechanisms – the myriad of ways in which an operating...

Avoiding Incident Response Groundhog Day

Ever since I began my information security career, February 2nd has held a special place in my heart.  When that date arrives I can’t help but think of the movie “Groundhog Day” with Bill Murray, and if you’ve spent any reasonable stretch of time doing incident response, then that reference has caused a grim smile to...

Assessing What Matters in an EDR Solution

Looking back at 2015, it’s hard to dispute that the security industry has been flooded with Endpoint Detection and Response (EDR) products. Walk the sponsor floor at any conference or sample the white papers and marketing pitches from any vendor web site, and you’ll see the same claims repeated ad nauseam: “Prevent, Detect, and Respond”...

Helping Communities Stay Protected While Connected

Smart government is truly the name of the game when it comes to cybersecurity. Though most media coverage focuses on Federal government issues, state and local governments have also been struggling with how to protect their citizens’ data while dealing with their own cyber attacks — sometimes in the face of severe budget constraints. The latest challenge...