Tanium For Endpoint Security - Amazon S3€¦ · Naming, permissions and password policies for administrator-level accounts. Use Case: Up-to-Date Patching For Windows Operating Systems

© 2016 Tanium, Inc. All rights reserved. Tanium is a registered trademark of Tanium, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.

Many organizations now prepare with an understanding that cyber attacks will occur, and that relying on prevention strategies alone without considering the

means to combat successful intrusions will ultimately lead to breaches and the eventual loss of intellectual property or sensitive data.

Therefore, a popular metric to measure the e�ectiveness of a security program is how much time elapses between when an initial compromise occurs and when a successful remediation event takes place to expel attackers from the network – also known as an incident’s “dwell time”. We can all agree that minimizing this timeframe is critical to reducing the potential impact of attacks on business and infrastructure, yet research consistently shows compromises o�en remain unnoticed for months.

Unfortunately this status quo persists, because security teams are burdened by point solutions that are too slow, too limited in capabilities, and too di�icult to use. Not to mention, these solutions o�en rapidly degrade in reliability and accuracy when required to scale across large, distributed environments. As a result, already overextended security personnel spend even more time responding to alerts, forcing them to neglect threats and proper coordination across teams.

Tanium is the only platform that enables a closed-loop process for endpoint security – spanning threat detection, investigation, remediation and ongoing enforcement of IT security hygiene across the organization – with unprecedented speed and scale. This holistic approach to endpoint security is truly transformational, as it breaks down barriers across teams that can stall security and introduce business risk.

In the pages that follow, we present use cases that show how the Tanium Endpoint PlatformTM can help defend your enterprise from rapidly growing security threats. As you read, consider your organization’s current and planned IT security projects. Are the tools currently in place serving all of your needs and priorities? Can they scale along with the increase in endpoints in your environment and if so, what is the cost to do so? And can your team detect threats in seconds, then quickly remediate them?

Enforce: Maintain Security Hygiene To Minimize Attack Surface

The first step to e�ective threat and breach protection is to proactively reduce the attack vectors available to adversaries seeking to infiltrate the network. This begins with properly securing and hardening the endpoints, which fundamentally presents the widest attack surface area available for hackers to target. Enforcing good security hygiene enterprise-wide continues to elude virtually every IT security organization, because even though strict policies and security standards are o�en established, maintaining these over time across every endpoint on a global scale is simply impractical without complete endpoint visibility and control in seconds.

WITH TANIUM

1. Locate endpoints out of compliance and take the corrective actions necessary to restore them to the desired state and configuration in seconds.

2. Complete patch cycles reliably, from distribution to deployment, at speeds 10,000 times faster than legacy solutions, and create e�ective breach-prevention patch strategies.

3. Security administrators can proactively take action to secure endpoints against common malware and known threats using operating-system and common third-party controls at enterprise-scale.

Use Case: Continuous Endpoint Configuration Compliance

To truly enforce continuous adherence to security policies on the endpoint, IT security administrators must be able to query and take action across every endpoint enterprise-wide in seconds. Visibility and control at this level of speed at scale is essential, because it enables an organization to maintain a state of universal compliance for their endpoints by being able to automatically make corrective changes as violations occur.

Only with Tanium can you properly enforce good security hygiene throughout the environment, and ensure critical services are properly enabled and desired security controls remain in place at all times – even across di�erent operating systems and for endpoints both on and o� the enterprise network.

Consider these examples of endpoint configurations and security controls that are o�en di�icult to enforce adherence to a desired standard or policy over time across every endpoint:

● Patch requirements for so�ware such as Java, Adobe Flash and web browsers.

● AV agents are running and updated with the latest definitions.

● Policies for restricting open public network shares.

● Policies for establishing connections to external locations.

● Policies for applications that are not permissible on endpoints.

● Policies for connecting USB storage devices to machines containing sensitive data – either currently or at any point in the past.

● Naming, permissions and password policies for administrator-level accounts.

Use Case: Up-to-Date Patching For Windows Operating Systems

Proactive patching for operating system security updates is perhaps the single most valuable enforcement activity an organization can perform to prevent against future attacks. Unfortunately, the overwhelming majority of attacks o�en exploits a weakness in systems where a patch addressing the vulnerability is available, and had been for months. This strongly indicates that most organizations still do not have a consistent patch deployment strategy or process.

Unlike typical patch solutions, Tanium is capable of distributing and successfully completing patch cycles in minutes rather than hours or days, even across the largest global networks. In addition, Tanium provides the flexibility to customize alerting, scheduling, and rules to automatically include or exclude Windows patches based on their nature. Tanium’s hallmark speed, scalability and flexibility minimize disruptions to end users, and provide the means to implement an ongoing patch strategy that enforces good security hygiene enterprise-wide.

Use Case: Proactive Endpoint Protection

E�ective patching is a critical activity, but o�en specific endpoint protections are desired (or legislated via compliance regulations) to prevent commodity and other known threats from breaching the environment. With all endpoint technologies - and particularly endpoint protections (e.g. anti-virus, firewall, anti-exploit, etc) - deployment and management of agent health is a key concern. Virus definitions must be up to date, endpoint network and port firewall settings must be adjusted centrally, and so�ware policies adapted to block known-bad.

Tanium provides capability that can help to manage many third-party and operating system protection controls like anti-virus. Above and beyond managing deployment, Tanium can be used to specifically configure native-operating system controls such as Windows Firewall and So�ware Restriction Policy centrally through a policy-based workbench. Using this level of enterprise-wide control, coupled with the unique speed and scale of Tanium, organizations can ensure that they maximize coverage for endpoint protections and move quickly to block attacks when speed matters most.

Tanium For Endpoint Security

USE CASES

UC-TES-032016

2








CONTENTS

INTRODUCTION 3Enforce: Maintain Security Hygiene To Minimize Attack Surface 4

Use Case: Continuous Endpoint 4Configuration Compliance

Use Case: Up-to-Date Patching For 5Windows Operating Systems

Use Case: Proactive Endpoint Protection 5

Detect: Root Out Known and Unknown Threats 6

Use Case: Automated Indicators Of 6Compromise (IOCs) Scanning Use Case: Proactive Hunting For APTs, 7Data Leakage And Insider Threats

Investigate: Properly Scope Incidents Quickly And Completely 8

Use Case: Rapidly Triage And Investigate 9A Potentially Compromised System

Use Case: Use Newly-Discovered Leads 10To Scope A Compromise In Seconds

Remediate: Eliminate Attackers and Security 11Weaknesses With Precision And E�iciency

Use Case: Eliminate Malware And Restore 11Control Over Compromised Endpoints

Use Case: Deploy Emergency Security Updates 12For Critical Vulnerabilities

Use Case: Adjust Endpoint Protections to 12Block an In-Process Attacks

ABOUT TANIUMTanium Endpoint Platform 13Tanium Modules 13



WITH TANIUM






















USE CASES

3USE CASES










WITH TANIUM





















“Tanium has enhanced our approach to endpoint security, enabling our security team to execute actions and queries e�iciently over hundreds of thousands of endpoints firm-wide. Tanium’s unique architecture and platform approach provides us with the speed, scale and flexibility we require, with the opportunity to expand our use cases and further enhance its value to us over time.”

Rohan Amin, Global Chief Information Security O�icer of JPMorgan Chase.

PARTY

Build Security Hygiene Into Operations

Cost-E�ective, Reliable Security Across the Enterprise

Asset Management

Configuration Management

Patch Management

Risk and Compliance

15-Second Remediation At Scale

Fix Issues Quickly and Completely

15 Seconds

15-Second Visibility To Triage With Context

Focus on the Real Issues Quickly and E�iciently

Fast, Accurate, Complete Hunting At Scale

Quickly Answer: What, Where, How It Happened? and Is It Still Happening?

15 Seconds

SECURITY

IT OPERATIONS

3rd

HELP DESK SIEM IOCs


4USE CASES










WITH TANIUM






















5USE CASES










WITH TANIUM





















Customer SpotlightA public sector customer needed to audit over 150,000 endpoints spread across 26 remote sites over WAN links for compliance against a departmental security protocol. Using its existing tooling and processes, this task took 2-3 days per location, saturated their WAN and produced 26 separate, immediately out-of-date reports totaling roughly 700 pages in length detailing outstanding areas of non-compliance. Using Tanium, this customer conducted this same audit across all 150,000+ endpoints in minutes and has turned this task into a routine daily review rather than an annual scramble.

Customer SpotlightBy deploying Tanium enterprise-wide on over 200,000 endpoints, a leading U.S. healthcare provider quickly realized their environment was missing over 5 million aggregate Windows OS patches despite having a legacy patch management solution in place dedicated for this task. Using Tanium, this customer was able to distribute and deploy the necessary patches to close this significant gap, verify success, and confidently establish an e�ective patching strategy to meet the challenging requirements at their scale.


6USE CASES


Threat detection ultimately fails when there are too many siloed point solutions or threat intelligence feeds that are not actionable (due to speed and/or scale challenges) leading to serious issues being missed and teams deluged by so many alerts that they cannot respond to incidents in a timely fashion.

WITH TANIUM1. Automate IOC detection by scheduling regular scans at customizable intervals.

2. Accurately search for threats, vulnerabilities and anomalies in seconds across millions of endpoints via saved or ad-hoc queries.

Use Case: Automated Indicators Of Compromise (IOCs) Scanning

Organizations are increasingly spending more time and money gathering threat intelligence, expanding in-house threat analysis capabilities, and collaborating with industry peers through information-sharing exchanges. However, despite the wealth of information available to them, security teams still lack the means to leverage the intelligence and indicators of compromise (IOCs) obtained through these e�orts. In many cases, organizations are only able to consume network-based IOCs, while accurate endpoint indicators and intelligence o�en go unutilized, because their existing IOC scanning tools su�er from one or more of the following common shortcomings:

● Too Slow – take hours to search for IOCs on a single system, and days or weeks to search an entire environment.

● Too Inflexible – lack broad indicator support or rely on proprietary schemas, forcing users to translate or discard IOCs.

● Too Unreliable – can only search for a limited set of artifacts, reducing the likelihood of detecting compromises.

The Tanium platform provides the ability to automatically scan for IOCs – simple or complex – with the same speed and scale as any other Tanium searches. As a result, organizations can more e�ectively leverage their significant investments in threat intelligence, and dramatically reduce the time between compromise and detection.

Consider these di�erentiating factors that make Tanium an optimal platform for automated IOC scanning:

● Supports all of the major indicator formats, OpenIOC, Yara, and STIX.

● Automatically ingest indicators from TAXII streams, third-party providers, or internal repositories.

● Matches against dozens of artifact and attribute types, including file metadata, network activity, processes in memory, and the contents of the registry.

● Evaluate IOCs within seconds – including complex indicators that implement Boolean logic.

● Search for IOCs against both current-state endpoint activity and historical data, such as short-lived network connections that are no longer active.

● Apply simple hash whitelists and blacklists for additional flexibility when searching for or alerting on running processes across an environment.

● Perform on-demand IOC scans or schedule automated scans at customizable intervals.

● Constrain scans with dynamic groups to target specific segments of the environment for example, high-criticality servers (e.g. domain controllers or databases), end-user systems owned by privileged administrators, or virtual machines.

● Generate tickets whenever an IOC hit occurs.

Use Case: Proactive Hunting For APTs, Data Leakage And Insider Threats

While automated IOC scanning with speed at scale is a tremendous asset for security teams, organizations must also consider their ability to uncover the unknown threats that codified threat intelligence fails to detect, such as targeted attacks or insider threats and data leakage. The most challenging aspect of proactive threat detection across large, globally distributed networks is to know where to begin, what to look for, and how to e�iciently collect enough data – and the right data – to spot anomalies in seconds. Tanium allows users to conduct stacking and frequency analysis of search results in real-time to quickly identify outliers. Users can easily drill-down on systems of interest to gather more information and contextualize results.

In addition to ad-hoc searches, users can also construct dashboards that continuously and automatically collect filtered data for incident hunting and detection. This same data can likewise be sent to a SIEM for archiving or additional correlation and analytics.

The following examples illustrate just a few of the ways that Tanium can help proactively identify previously unknown threats and evidence of compromise across an environment:

● Identify the most and least common running processes, loaded libraries (DLLs), and drivers across the environment by stacking and comparing based on hash values, command lines, and file paths.

● Discover unknown, persistent malware via stack analysis of “autoruns” – applications that automatically start up at user logon or boot time – across all systems.

● Detect sequences of process execution and file creation consistent with common exploit techniques, such as those that target web browsers, plug-ins, and document files.

● Identify anomalous server services listening for inbound connections on systems exposed to the Internet.

● Detect atypical network tra�ic initiated by legitimate operating system processes that may be indicative of process injection or other forms of tampering.

● Track the usage of privileged accounts across workstations and servers, including local accounts that are o�en omitted from centralized monitoring and log aggregation.

● Identify malicious usage of Windows script interpreters, such as PowerShell, CScript, and WScript, which attackers o�en abuse to run malicious code and evade detection.

● Detect the use of scheduled tasks or Windows Management Instrumentation (WMI) to remotely execute commands or launch malware.

Use Case: Rapidly Triage And Investigate A Potentially Compromised System

Tanium provides direct access to both current and historical endpoint data suitable for incident response investigations. As a key part of these capabilities, Tanium records a variety of forensic artifacts that are not typically preserved by the operating system such as:

● Executed process paths, command lines, parent command lines, hashes, and user context.

● File creation, deletion, writes, and rename events – with user and process context.

● Registry key/value creation, writes, and deletion events – with user and process context.

● Network connections, including local and remote addresses and ports – with user and process context.

● Loaded driver paths, hashes, and digital signature information.

● Security events stored independently of the native event log including logons, logo�s, changes to credentials, group membership and policies.

Users can connect to a remote system and immediately search across this evidence, conduct timeline analysis, or take a snapshot of recent activity for o�line review. No time-consuming evidence collection or post-processing is required. In addition to traditional search and timeline analysis, Tanium also provides interactive visualizations to further enhance evidence analysis. These visualizations include a process tree for examining parent-child process relationships, and an interactive timeline that depicts clusters of file, registry, network, and process events.

If an analyst requires additional evidence, Tanium can connect to Windows, Mac, or Linux endpoints and acquire low-level forensic artifacts such as file system metadata, memory images, event logs, and auto-run mechanisms to name a few.

With Tanium, analysts can quickly take an existing lead – whether it is a timeframe of interest, a network address, file name, or hash – and easily conduct triage on a system. Tanium thereby simplifies the steps needed to solve common investigative scenarios, such as:

● Identify the root cause, such as an exploit or other form of illicit access, which led to the installation of malicious so�ware on a system.

● Determine why and what caused a system to communicate with a network address included in a security alert.

● Review the sequence of commands executed during attacker reconnaissance, lateral movement, or other command and control.

● Detect evidence of credential the� and misuse such as network or remote desktop logons initiated with stolen accounts.

● Identify the creation or transfer of temporary files such as stolen data that has been staged for exfiltration.

Use Case: Use Newly-Discovered Leads To Scope A Compromise In Seconds

Once incident investigators have successful unraveled the extent of compromise on an individual system, they must then leverage their findings to assess the impact across the entire enterprise. This is a common point of failure for many organizations, since most endpoint detection and response solutions lack the speed, scalability, or ease-of-use required to e�iciently scope an intrusion – or designed to only search a limited set of collected data.

Tanium is the only platform that provides the ability to search across historical, current-state, and latent data of all systems in an environment within seconds. In addition to ad-hoc and IOC hunting, Tanium can automatically link investigators to enterprise-wide searches generated based on forensic artifacts and findings. This can greatly accelerate the time required to triage complex incidents and ensure comprehensive remediation even across millions of endpoints.

The following are just a few examples of typical findings on compromised systems that Tanium can query for and answer in seconds:

● Which computers have run a known-malicious process with a specific file name, directory, command line arguments, or hash?

● Which computers contain registry keys and values configured to load a malicious executable or DLL?

● Which computers contain active, recently created, or recently deleted files matching an attacker’s preferred naming convention or path?

● What systems and processes have communicated with a known-malicious IP address?

● What process, registry, or file system activity has been performed on any system during a specific timeframe of interest by a known-compromised account?

● Where has a known-compromised local or domain account previously logged in? On what systems is the user currently active?

Investigate: Properly Scope Incidents Quickly And Completely

As soon as suspicious activities or threats are detected, security teams must be able to assess what is at risk, identify the root cause, and formulate a remediation strategy. Many organizations still rely on endpoint forensic analysis tools that are slow and cumbersome to use, require a high degree of skill, and do not e�ectively scale to handle large, distributed networks. As a result, many investigations fail to adequately scope the impact of an incident or consume weeks or months to do so, which reduces the likelihood of successful and timely remediation – prolonging the period of compromise and exposing the organization to continued risk.

Many organizations currently rely on one or more of the following technologies for endpoint investigations and analyses:

● Centralized analysis of anti-virus or HIPS event logs, which are limited to signature-based, malware-centric detection of known threats.

● Event monitoring and correlation in a SIEM, which o�en contains abundant data from network devices but minimal data from endpoints. For example, many organizations only ingest security event logs from a limited set of servers due to the di�iculty and overhead cost of event forwarding from all systems.

● Traditional remote forensic analysis tools that capture full disk and memory images may be suitable for single-host analysis but are time consuming, require a high degree of analysis skill, and not e�ective for rapid “hunting” and searches for evidence across all systems in an environment.

● Incident response tools that focus on centralizing a narrow window of historical forensic activity. While this capability is a useful addition to other investigative tools, it may not provide the ability to quickly search for “latent” artifacts (such as files at rest), or events that fall outside of the period of preserved history. Such solutions also o�en rely on significant hardware infrastructure and network resources required to transmit, store, and search this data.

WITH TANIUM

1. Instantly connect to and conduct live forensic investigations on any endpoint.

2. Use kernel-level monitoring to preserve evidence of process execution, file system and registry changes, network connections, driver loads, and security events – all including detailed metadata – for timeline analysis, search, and filtering.

3. Acquire additional evidence, such as memory images, event logs, contents of the registry, and file system metadata for additional deep-dive analysis of suspicious systems.

4. Pivot to 15-second enterprise-wide searches across historical, current-state, and latent evidence from all systems using the leads found during deep-dive analysis.

Remediate: Eliminate Attackers And Security Weaknesses With Precision And E�iciency

O�en when security teams have completed their incident investigations and are ready to remediate issues and compromises, they are forced to hando� responsibilities to di�erent administrators using a patchwork of tools to execute the task. This fragmentation in the remediation process results in overworked administrators creating bottlenecks, and fixes that o�en requires days to complete.

WITH TANIUM● A single user can immediately issue any corrective action as necessary across millions of endpoints.

● Teams have shared visibility ensuring every fix is properly executed and successful completion is verifiable in seconds ensuring endpoints are not recompromised over time.

● Incident responders can adjust endpoint protections to block known in-process attacks from spreading in seconds.

Use Case: Eliminate Malware And Restore Control Over Compromised Endpoints

Once an incident has been fully scoped, remediation must be executed swi�ly and precisely to limit the time adversaries have to counteract corrective measures. Existing tools are either too slow or do not provide the necessary range of controls necessary to adapt to the rapidly evolving threat landscape and sophisticated techniques at attackers’ disposal.

Using Tanium, incident responders can systematically quarantine every infected system to immediately restrict communication with only the Tanium server and prevent further attempts at lateral movement or data exfiltration. Unlike every other security solution, Tanium also allows administrators to further take direct corrective measures on the endpoint, either on-demand or on a routine basis, to kill viruses, worms, Trojans, bots, backdoors, and other such malware, and recover from incidents of any scale across distributed environments.

Consider these examples of malware remediation actions the Tanium platform can perform and complete in seconds on one or more endpoints on the network:

● Kill malicious running processes.

● Repair autorun registry keys.

● Demote or delete local accounts with elevated permissions.

● Reset compromised user credentials.

● Uninstall rogue applications.

● Close unauthorized connections or open ports.

Use Case: Deploy Emergency Security Updates For Critical Vulnerabilities

Accurately identifying machines that are susceptible to critical vulnerabilities or a�ected by faulty so�ware updates on a global scale, and then subsequently deploying the necessary emergency patches o�en requires days or even weeks to complete using conventional patch management solutions. Prolonged exposure to critical vulnerabilities such as Heartbleed and Shellshock, which were actively exploited just hours a�er their disclosure, greatly heightens the risk for devastating breaches.

Tanium empowers IT security teams to quickly assess the patch levels across operating systems and applications, including but not limited to Windows, Java and Adobe Flash, and fully deploy the necessary security updates enterprise-wide in minutes rather than weeks.

Use Case: Adjust Endpoint Protections to Block an In-Process Attack

E�ective remediation entails more than just playing whack-a-mole with malware. Incident responders must move quickly (within seconds) to update endpoint protections (anti-virus, application control, and firewall) to ensure that known attacks are blocked against further spread.

Tanium enables incident responders to move quickly from incident detection and investigation to taking action to proactively block an attack from spreading. Since with Cloud and the proliferation of mobile employees, the endpoint is the ultimate perimeter, network-based technologies have limited e�ectiveness. With Tanium, operating-system network controls like Windows Firewall can be updated to block a particular port or IP address such as a command and control site being used by an attacker. Tanium can also be used to update operating-system level application control like Windows So�ware Restriction Policy (SRP) to block malware or other prohibited so�ware that might be known to be used as part of the attack.









WITH TANIUM





















Detect: Root Out Known And Unknown Threats


7USE CASES















































WITH TANIUM


































WITH TANIUM





















Customer SpotlightA state justice department was able to search for and detect Indicators of Compromise (IOCs) in less than 15 seconds, a job that previously took the agency days and weeks.

Customer SpotlightDuring a 10,000 endpoint Tanium pilot, the security administrators for a major defense contractor discovered a number of unexpected outbound processes initiating encrypted HTTPS connections leaking protected data.


8USE CASES















































WITH TANIUM


































WITH TANIUM






















9USE CASES















































WITH TANIUM


































WITH TANIUM






















10USE CASES















































WITH TANIUM


























Customer StoryFollowing the news of a major breach, a public sector customer received a mandate to check every computer against a list of 120 MD5 hashes of malicious files within 30 days. This customer completed the entire process across over 100,000 endpoints and met the mandate in 4 hours.


11USE CASES















































WITH TANIUM



























12USE CASES















































WITH TANIUM


























Customer SpotlightIn a severely bandwidth constrained environment, a Tanium public sector customer was able to deploy 1.2 million aggregate security patches during a 4-hour patch window while capping aggregate bandwidth at the server (the highest congestion point) to 250Mbps.


13USE CASES










WITH TANIUM





















To learn more contact Tanium today: [email protected]

Serving as the “central nervous system” for enterprises and government organizations, the Tanium Endpoint Platform is the first and only platform that provides 15-second visibility and control to secure and manage every endpoint, even across the largest global networks. Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, retrieve current and historical endpoint data and execute change as necessary, all within seconds.

TANIUM ENDPOINT PLATFORM

About Tanium

In addition, purpose-built modules leverage the Tanium platform’s patented linear-chaining architecture to deliver advanced features, workflows and reporting capabilities unique to the Tanium Endpoint Platform.

TANIUM MODULES

Tanium Incident Response provides a broad set of capabilities to hunt, contain and remediate threats and vulnerabilities across every endpoint with unparalleled speed and scalability.

Tanium Incident ResponseTM

Tanium IOC Detect evaluates complex indicators of compromise (IOC), which may contain dozens of artifact and attribute types like file metadata, network activity, processes in memory and registry content, on endpoints across networks of any size in seconds. In addition, Tanium IOC Detect enables security teams to perform on-demand IOC scans or schedule automated scans at customizable intervals, and also easily consolidate threat intelligence data from multiple TAXII streams, third-party providers, or internal repositories.

Tanium IOC DetectTM

Tanium PatchTM

Tanium Patch automates patch management for Windows operating systems with speed, reliability, and ease of use without requiring an expensive and complex supporting infrastructure to scale. Tanium Patch gives administrators patch status visibility and reporting across every endpoint in their enterprise, and also facilitates automated workflows tailored to specific needs through customizable rules, views and dynamic groups.

Tanium ProtectTM

Tanium Protect enables organizations to more e�ectively leverage commonly deployed native operating system controls (e.g anti-virus, firewall, application control, etc.) by simplifying and improving the e�ectiveness of their management. Tanium Protect empowers customers to seamlessly move from investigating their environment to taking proactive action to protect against threats - instantly.

Tanium TraceTM

Tanium Trace helps incident response teams take an initial lead, quickly search, filter and visualize forensic data, and piece together the story about what happened on an endpoint in a given point in time. By monitoring the Windows kernel for system activity and continuously recording forensic evidence, Tanium Trace not only expedites analysis of a single endpoint, but also leverages the same data to identify compromised systems enterprise-wide in seconds.


Documents

Tanium For Endpoint Security - Amazon S3€¦ · Naming, permissions and password policies for administrator-level accounts. Use Case: Up-to-Date Patching For Windows Operating Systems