Threat Response overview

Tanium Threat Response is a combination of Tanium™ Trace, Tanium™ Detect, and Tanium™ Incident Response. Threat Response provides critical features that support the core incident response lifecycle:

  • Detection
  • Investigation
  • Containment
  • Eradication

Use Threat Response to expediate incident response actions from hours or days to minutes. With Threat Response, you can detect, react and recover quickly from attacks and the consequential business disruptions that they cause. Threat Response has built in integration with Tanium™ Connect, Tanium™ Protect, Tanium™ Integrity Monitor, and Tanium™ Trends for additional alerting, remediation, and trending of incident related data.

Tanium Detect

Detect provides real-time monitoring of activity as it is recorded by Trace and alerts you when it detects potential malicious behavior. Detect ingests threat intelligence from a variety of reputable source and uses this information to search endpoints for known indicators of compromise and provide reputation analysis. The reputation data that Detect uses constantly compares activity such as all processes run, autorun related files, and loaded modules against known malicious hashes defined by user black lists or other services such as Palo Alto’s Wildfire, VirusTotal, and ReversingLabs.

Tanium Trace

Trace continuously records key system activity for forensic and historical analysis. Use Trace to look for specific activity across every endpoint in an enterprise and drill down into process and user activity on individual systems.

Tanium Incident Response

Incident Response features sensors and packages that provide endpoint visibility and remediation. The questions featured in Incident Response provide a means to search endpoint data quickly, collect live data for offline analysis, and quarantine endpoints. Use Incident Response to contain incidents and prevent additional compromise, data leakage, and lateral movement.

Last updated: 11/5/2018 11:27 AM | Feedback