Automate Threat Response Using Endpoint Reactions – Tanium Tech Talks #92

Imagine a world where your endpoints could automatically disrupt a threat as soon as it’s detected. No more waiting for alerts to be processed, forensics to be collected, and actions to be taken manually.

In this “Tanium Tech Talks,” Ashley McGlone and guest Thomas Akin, technical product manager for Tanium Threat Response, highlight the tool’s capabilities, including analyzing live and historical data, creating automated detections, and taking immediate actions on threats without needing centralized systems. The episode also features a demo of the tool’s new Endpoint Reactions and future enhancements.

Key takeaways

Tanium Threat Response overview: Learn how Threat Response leverages Tanium’s power and flexibility to gain visibility into endpoints, create automated detections, and take automated reactions and remediations by analyzing live data, historical data, and files at rest, and supports various detection formats like OpenIOC, STX, Tanium Signals, and YARA rules.

Introducing Endpoint Reactions: The new Endpoint Reactions in Threat Response allow immediate action on threats by tying reactions to intel documents on the endpoint itself, bypassing the need for communication with centralized systems.

Endpoint Reactions use cases: Customers have used the new Endpoint Reactions for both security and operational use cases, such as specific targeted attacks and cleaning up error files.

Endpoint Reactions demonstration: Thomas provides an in-depth demonstration to show how intel documents can be used to kill specific processes, illustrating the flexibility and power of Tanium’s Endpoint Reactions.

Future enhancements: But wait – there’s more! Learn about future product updates, including the Quarantine Workbench, registry remediation, and custom PowerShell/Bash remediations, which will enhance the flexibility and customization of Endpoint Reactions.

Additional resources

Endpoint Reactions blog post
Release announcement
Release notes