Tanium

Interact

Use Tanium Interact to issue questions to managed endpoints, analyze their answers, and deploy actions to the endpoints based on the answers. For example, you can ask a question that determines if any endpoints are missing critical security patches. Based on the question results that the endpoints return, you can then deploy actions, such as installing security patches. You can also use the Interact Search Endpoints feature to quickly retrieve a lot of information about a single endpoint.

What is a Question

The Ask a Question feature is built on a natural language parser that enables you to get started with natural questions rather than a specialized query language. You do not need to enter questions as complete sentences or particularly well-formed inquiries. Word forms are not case sensitive and can even include misspellings. The parser interprets your input and suggests a number of valid queries that you can use to formalize the question that is sent to Tanium Clients.

What is a sensor?

A sensor is a script that runs on an endpoint to compute a response to a Tanium question. The Tanium Server distributes sensors to endpoints during Tanium Client registration. Sensors enable you to ask questions that collect information such as the following:

• Hardware and software inventory and configuration

• Running applications and processes

• Files and directories

• Network connections

The Tanium Server automatically imports initial content that includes sensors for a wide range of common questions. Other Tanium solutions that you import might provide more sensors. If you cannot find a sensor that you need within Tanium-provided content, you can create custom sensors.

Connect

With Connect, you can integrate Tanium™ with a SIEM, log analytics tools, threat feeds, or send email notifications. The connection source might be data that Tanium is creating, like an answer or a log message. The connection destination is something outside of Tanium that you are integrating with, like a security information and event management (SIEM) tool.

• AWS S3 

• Elasticsearch 

• email přes  Microsoft 365

• SMTP email 

• Soubor

• HTTP API volání

• Microsoft Log Analytics

• Socket (SIEM) 

• SMB file share 

• SQL Server 

Tanium Trends

Use Trends to gain insight into key security metrics and operational health by creating visualizations that show current and historical data from endpoints.

• Record metrics from saved questions and installed Tanium solutions over time.

• Visualize trends and states in the environment, split by computer groups.

• Display alerts when thresholds are breached.

• Create a schedule to automatically deliver reports to stakeholders.

Unmanaged asset identification

Unlike approaches that depend on wide-area network (WAN) links, which take hours or weeks to complete, the Tanium platform actively monitors and scans local subnets for unmanaged assets. It reports on newly discovered and lost assets that were previously managed.

Detailed endpoint data

For every device it finds, Tanium Discover shows the hostname, MAC and IP addresses, device manufacturer, OS, open ports/applications and historical information such as the first and last time the unmanaged asset was seen on the network.

Unmanaged asset security

Once unmanaged devices are found, administrators can deploy the Tanium agent on rogue endpoints to bring them under management or block them from the network. These events can be exported to a SIEM or incident management system for further analysis.

Get a comprehensive inventory of hardware and software assets across your environment.

With Tanium Asset, IT operations and asset management teams get real-time data about their IT assets, regardless of location. These rich insights help organizations make the right decisions about managing their devices and systems efficiently.

"Software Bill of Material" reporting at runtime

When the next software supply chain vulnerability is reported, you're ready and equipped with the data to provide an answer to your leadership and mitigate the risk.

Configurable reporting for inventory and audit preparation

Understand the status of your devices within seconds and run configurable reports. Make the right changes for your software licensing and hardware decommissioning based on asset location – remote, on-premises or in the cloud.

Third-party data enrichment

Organizations depend on the accuracy of Configuration Management Database (CMDB) information. Tanium Asset feeds real-time data into common CMDBs, such as ServiceNow, so you have the freshest and most accurate information.

Real-time patch visibility and control

Tanium designed our platform architecture to maintain performance across hundreds of thousands of endpoints. The Tanium platform provides speed and scale to help ensure endpoint patches happen quickly without fail.

One client, no extra agents or infrastructure

Patch hundreds of thousands of systems on a single Tanium instance, without the need for secondary relay, database or distribution servers at different bank branches, retail locations, or geographically dispersed offices.

Customized patch scheduling and workflows

Deploy a single patch to a computer group immediately or perform more complex tasks. For example, use advanced rule sets and maintenance windows to deliver groups of patches across your environment at specified times.

Patching effectiveness tracking

Tanium Patch summarizes the deployment status for any patch, providing immediate feedback on successes as well as failures requiring remediation. It also gives patch histories for individual machines, endpoint reboot status and links to relevant vendor knowledge base articles.

Unmanaged asset security

Once unmanaged devices are found, administrators can deploy the Tanium agent on rogue endpoints to bring them under management or block them from the network. These events can be exported to a SIEM or incident management system for further analysis.

Third-party software updates

Tanium Deploy includes templates for importing and deploying third-party software. Operations teams no longer need to browse websites for the latest updates or create deployment packages. Instead, they can identify and resolve new vulnerabilities.

One client, no extra agents or infrastructure

The Tanium platform offers speed and scale to help ensure software changes happen quickly on endpoints without fail. The Tanium architecture maintains performance across hundreds of thousands of endpoints on a single Tanium server.

End-user self-service portal

Tanium Deploy allows IT Administrators to let users install, update and remove approved and assigned software through easy-to-setup Self-Service Profiles and Self-Service Client Applications.

Bare Metal Provisioning

With Tanium Provision, customers can easily set up and manage their bare metal provisioning without the need of dedicated hardware or complex setup for remote devices anywhere.

Support for industry-specific, security best practices or custom checks

Tanium Comply supports the Security Content Automation Protocol (SCAP) and can employ any Open Vulnerability and Assessment Language (OVAL)-based content, including custom checks. The Tanium content library updates daily with the most current vulnerability and compliance data.

Exposure drill-down and fix

Seamlessly transition from identifying a vulnerability within Tanium Comply to launching remediation activities such as patching, software updates or policy and configuration changes from the Tanium platform.

Alignment with regulatory and corporate requirements

Organizations can use Tanium Comply to help fulfill configuration hardening and vulnerability scanning portions of industry regulatory requirements, including PCI, HIPAA and SOX. The freedom to conduct ad hoc scans also improves adherence to corporate mandates for proactive security assessments.

Enhanced policy management for Windows

Tanium Enforce can manage policies for Windows on and off domain, on premises or in remote locations all from a single console. Centrally manage Windows policies for client and server operating systems throughout your organization, at scale.

Modern Device Management for macOS

Modern Device Management for macOS (MDM) provides policy configuration and patch management, Mac endpoint provisioning and remote wipe all from the Tanium console for macOS 11.x or higher.

USB removable storage management

Tanium Enforce with USB removable storage management can protect your endpoints from unauthorized USB devices, malware introduction and data exfiltration.

Firewall management

Effective endpoint firewall management requires dynamic, micro-segmentation of an organization’s endpoints. Help ensure only approved processes and applications communicate on trusted ports.

Antivirus management

With Tanium Enforce, leverage native AV capabilities by completely managing and configuring Defender across the organization.

Endpoint encryption

Encrypting data at rest is essential if endpoints were lost, stolen or inappropriately decommissioned. Tanium Enforce can manage native OS drive encryption offered by Apple FileVault and Microsoft BitLocker.

Find and fix issues impacting availability and health

Analyze and evaluate customer and employee digital experiences for their endpoints and apps using performance and event data to spot systemic and one-off issues. Noninvasively remediate issues at scale.

Identify causality and make decisions faster

Identify patterns and insights using real-time and historical data to spot changes that may be adversely impacting your customer and employee digital experiences.

Reduce costs with improved IT efficiencies

Use customizable thresholds to identify issues before wide-scale impact occurs and investigate them using real-time and historical data to more quickly identify root causes.

Boost your performance health scores

Use performance health scores to baseline your digital experiences — then define plans to improve their reliability, availability, and ultimately customer and employee satisfaction.

Real-time endpoint monitoring

Tanium Threat Response continuously monitors endpoints for suspicious activity whether they’re online or offline. Real-time alerting with Tanium Signals gives security teams immediate notice when anomalies occur so they can investigate. Users can also create custom signals for tailored detection.

Forensic investigations

Remotely conduct forensic investigations on suspicious machines. Employ enterprise-wide searches of each endpoint. Quarantine compromised machines or take targeted actions, such as halting malicious processes, capturing files, alerting users and closing unauthorized connections and much more.

Incident response and remediation

Tanium Threat Response adapts to incidents, so organizations can fully understand them by using remote forensic investigation on suspicious machines. Take a wide variety of remedial actions, such as imposing network quarantines, deploying patches or running custom scripts.