Introducing Tanium Threat Response: A New Way To Ease The Pain Of EDR Investigations

Tanium Threat Response was developed to empower security teams to detect, investigate, and remediate incidents using a single platform. The Tanium platform eases the collaboration challenges faced by EDR and IT teams, providing an integrated view of the entire enterprise. Using the power of Tanium IOC Detect, Tanium Trace, and Tanium Incident Response, Tanium Threat...

An Integrated Workflow: Investigating and Remediating a Mass-Malware Infection

I recently had the opportunity to help a customer use Tanium to investigate and respond to an outbreak of the “Ponik” malware. Ponik is a downloader that can retrieve and install additional malware, as well as steal credentials, from an infected system. Though Ponik is an example of commodity mass-malware, it presented a good opportunity...

Rethinking the Investigation Phase of the Endpoint Security Lifecycle: A Closer Look at Tanium Trace

A frequently-cited metric when examining the current state of incident detection and response is “dwell time.” Research consistently highlights a significant gap — often measured in months — between the time at which a compromise occurs and when the victim ultimately detects the intrusion. We can all agree this gap serves as a useful barometer for measuring the success...