Introducing Tanium Threat Response: A New Way To Ease The Pain Of EDR Investigations

Tanium Threat Response was developed to empower security teams to detect, investigate, and remediate incidents using a single platform. The Tanium platform eases the collaboration challenges faced by EDR and IT teams, providing an integrated view of the entire enterprise. Using the power of Tanium IOC Detect, Tanium Trace, and Tanium Incident Response, Tanium Threat...

An Integrated Workflow: Investigating and Remediating a Mass-Malware Infection

I recently had the opportunity to help a customer use Tanium to investigate and respond to an outbreak of the “Ponik” malware. Ponik is a downloader that can retrieve and install additional malware, as well as steal credentials, from an infected system. Though Ponik is an example of commodity mass-malware, it presented a good opportunity...

Hunting for Rogue PowerShell Profiles

During the earliest phases of an intrusion, attackers typically move to establish persistence on at least a subset of compromised systems. This might be to ensure that they can easily regain access to the victim environment, such as via a backdoor, or to keep other forms of malicious code running, such as a keystroke logger....

Avoiding Incident Response Groundhog Day

Ever since I began my information security career, February 2nd has held a special place in my heart.  When that date arrives I can’t help but think of the movie “Groundhog Day” with Bill Murray, and if you’ve spent any reasonable stretch of time doing incident response, then that reference has caused a grim smile to...

Rethinking the Investigation Phase of the Endpoint Security Lifecycle: A Closer Look at Tanium Trace

A frequently-cited metric when examining the current state of incident detection and response is “dwell time.” Research consistently highlights a significant gap — often measured in months — between the time at which a compromise occurs and when the victim ultimately detects the intrusion. We can all agree this gap serves as a useful barometer for measuring the success...

Introducing Tanium Trace: Changing the Game for Incident Response

For more than a decade, I’ve focused on a combination of designing secure networks, testing security controls, and investigating complex breaches. In each of these roles, I struggled to find tools that provided the visibility and control of all endpoints required to better prevent, detect and resolve security incidents. That is why I was excited — and...