Remediate Security Incidents Faster With Live Endpoint Data

How Tanium Works

what is happening on your endpoints at

all times

ASKa question in plain English

KNOW ACTtake action by identifying

the incident and then then remediate

Deploy a Patch

In 15 Seconds

What are the computer names and running processes with MD5 hashes from all machines ?

Kill a Process

Uninstall an ApplicationGoogle for IT Data

Quarantine Endpoint

TheTaniumArchitecture

• Patented communications architecture

• Single agent and infrastructure

• Response times measured in seconds

• Visibility and control on-premises and off

Tanium “Connect” Sources and Destinations

4

Connect Data Sources Tanium Connect Destinations• Action History• Audit Log• Event• Question Log

• Reputation Services• Email• SIEMs• Syslog• Databases• File (json, txt, csv)• HTTP for REST API• Reputation Service• Socket Receiver

• Reputation Service• Saved Question• Server Information• System Status

Three Example Use Cases…

• Monitor and alert on system status thresholds

• Monitor and alert on new account creation activity

• Monitor and alert on malicious processes

• There is a lot more use cases we can discuss after the presentation.

6

Automating Ticket creation – CPU Utilization?

xxxxx.service-now.com

Automating Ticket creation – local Admin account?

7

xxxxx.service-now.com

ServiceNow workflows can automatically call Tanium

8

9

10

Thank You!

For more information stop at booth #1108