A Better Approach to Stopping Threats: Prevent, Respond, and Remediate Faster with Microsoft and Tanium

Security is getting harder.

Attacks are increasing in volume and sophistication at a faster and faster rate. At the same time, the attack surface continues to expand with new and vulnerable IT assets.

Suffering an incident is now inevitable, and when you’re hit, every second counts. It becomes a race against the clock to investigate the threat, stop it and remediate it.

Thankfully, there’s a new — faster — way to prevent, respond to, and remediate incidents.

In this blog, we explore:

• Why the standard approach of deploying a wide array of point solutions alongside Microsoft’s core services is not sufficient to stop incidents before they cause significant harm.
• How Tanium’s new integration with Microsoft Sentinel accelerates incident prevention, response, and remediation and offers an integrated end-to-end solution for IT security and operations capabilities.

Why the common approach to stopping threats is not working

Many organizations take a similar approach to building their security capabilities. They begin by using Microsoft’s core services as the base for their IT security capabilities. Then, they add more and more third-party point tools when they feel they need to further extend and enhance Microsoft’s security capabilities. In some organizations you may find many dozens of additional security solutions getting deployed.

On the surface, this approach makes sense. Microsoft offers a broad range of advanced security services and software that provides a solid base of security capabilities. However, additional third-party point tools rarely work as advertised to extend and enhance these capabilities.

Most third-party security point tools are:

• Slow. They use a traditional hub-and-spoke architecture that consumes a lot of bandwidth and limits how quickly they can see and control endpoints.
• Blind. They struggle to identify unmanaged endpoints and often even miss devices connected to an organization’s network.
• Manual. They lack the accurate, comprehensive, real-time data needed to reliably automate capabilities, and security practitioners must execute steps and verify results by hand.

その結果、次のような問題が発生しています。Despite investing heavily in this approach, organizations still:

• Lack the visibility they need to secure all their endpoints, leaving gaps in their attack surface that attackers can exploit.
• Take too long to investigate potential incidents, respond to in-progress attacks, and fully recover by returning their endpoints to a solid, secure state.
• Add significant complexity to their security tool stack while creating inconsistent views of their environment.

In sum: Following this approach, IT security and operations teams struggle to keep their environment as secure as they need, at the performance levels they require.

Organizations follow this approach because — historically — it was the only way to extend and enhance Microsoft’s core security services. But now, organizations have a new approach they can follow to create faster and more effective security.

The solution: Stopping threats with Microsoft and Tanium

Tanium is the leading Converged Endpoint Management (XEM) platform. It is a modern, unified solution that replaces countless third-party point tools and provides a comprehensive range of endpoint security and management capabilities within one platform. And now, Tanium is being integrated tightly with Microsoft Security and in our first phase of the work Microsoft Sentinel.

Microsoft and Tanium work better together and enhance and extend each other’s capabilities. Microsoft gives Tanium advanced analytics, machine learning, and a broader suite of complementary security tools. Tanium gives Microsoft high-fidelity, real-time data and a full suite of scalable, near-instant endpoint controls.

Working together, Microsoft and Tanium create a wide range of new benefits and capabilities for securing the IT environment. Together, they can give you:

• セキュリティの強化. Gain a risk-based approach to proactively identify and improve the compliance and security of all your endpoints, while making sure all management and security technologies are healthy and performing.
• すばやく調査. Rapidly complete investigations and threat hunts using real-time data and experiences, and accurately define the full breadth, depth, and impact of any attack you experience.
• 修復の自動化. Use Tanium’s real-time data and control pane to prevent configuration drift, and to enforce your most compliant and secure state. After an investigation, remediate issues and return your organization back to a compliant and healthy state — confidently and efficiently, at any scale.
• Converged Solutions. Streamline your IT security and operations tool stack by eliminating disparate 3rd-party point solutions and while gaining an accurate, real-time, single-source of truth about your entire digital estate.

By integrating Microsoft and Tanium, organizations can replace countless third-party point tools, streamline their security functionality, and enhance and extend Microsoft’s base services to respond faster and more effectively — and to resolve many security and operational challenges. Here’s how they work together.

A true integration for end-to-end security and IT workflows

Tanium is not a separate “bolt-on” tool that works in parallel with Microsoft. Instead, Tanium is a deeply integrated solution that can offer its functionality within Microsoft experiences. Tanium now integrates with Microsoft Sentinel, and IT security and operations teams can now see Tanium’s real-time data — and perform certain Tanium actions — from within the Sentinel console. This of course is just the beginning of the integration.

By extending and enhancing Microsoft’s native tools — and by combining them with Tanium’s real-time data and endpoint controls — this integration provides a comprehensive approach to improving a range of security capabilities, including:

1. Incident Prevention. Take a risk-based approach to proactively identify and improve the security of every endpoint. Keep them compliant with industry standards and internal policy, patch devices in real-time, and learn about severe zero-day threats as they appear and instantly harden against them.
2. Incident Investigation. Rapidly detect incidents and understand the full scope of their attack chain. See when attackers are tampering with Microsoft services, use Tanium’s endpoint and forensic data to enhance investigations using Microsoft Sentinel, and perform real-time hunts to identify compromised devices that haven’t raised an alert.
3. Incident Remediation. Rapidly switch from investigating an incident in Microsoft Sentinel to remediating it with Tanium’s Threat Response. Execute a broad range of remediation actions to stop attacks, evict attackers, and return endpoints to their secure, high-performance, pre-breach state.

However, these are only one set of outcomes that Microsoft and Tanium can deliver. Together, they create an end-to-end solution that unites every endpoint, every IT security and operations workflow, and every team within an experience that in time will increasingly feel like a single platform.

By combining Microsoft’s advanced services and software with Tanium’s real-time data and distributed architecture, this integration can transform how IT security and operations teams protect and manage their environment.

Better together: Bring Tanium to your Microsoft core services

Using Microsoft and Tanium’s security tools together, you will gain a seamless solution that brings increased visibility, performance and automation to IT security and operations capabilities.

Take the next step to bring Tanium to your Microsoft deployment, starting today.

Demo: Schedule a demo to see Microsoft and Tanium in action together.

学習: Visit our website to learn more about the Tanium and Microsoft partnership.

News: Read our latest press release.