Remediate Security Incidents Faster With Live Endpoint Data
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Remediate Security Incidents Faster With Live Endpoint Data
How Tanium Works
what is happening on your endpoints at
all times
ASKa question in plain English
KNOW ACTtake action by identifying
the incident and then then remediate
Deploy a Patch
In 15 Seconds
What are the computer names and running processes with MD5 hashes from all machines ?
Kill a Process
Uninstall an ApplicationGoogle for IT Data
Quarantine Endpoint
TheTaniumArchitecture
• Patented communications architecture
• Single agent and infrastructure
• Response times measured in seconds
• Visibility and control on-premises and off
Tanium “Connect” Sources and Destinations
4
Connect Data Sources Tanium Connect Destinations• Action History• Audit Log• Event• Question Log
• Reputation Services• Email• SIEMs• Syslog• Databases• File (json, txt, csv)• HTTP for REST API• Reputation Service• Socket Receiver
• Reputation Service• Saved Question• Server Information• System Status
Three Example Use Cases…
• Monitor and alert on system status thresholds
• Monitor and alert on new account creation activity
• Monitor and alert on malicious processes
• There is a lot more use cases we can discuss after the presentation.
6
Automating Ticket creation – CPU Utilization?
xxxxx.service-now.com
Automating Ticket creation – local Admin account?
7
xxxxx.service-now.com
ServiceNow workflows can automatically call Tanium
8
9
10
Thank You!
For more information stop at booth #1108
Related Documents
