Skip to content

Automate Threat Response Using Endpoint Reactions – Tanium Tech Talks #92

In this Tanium Tech Talks episode, host Ashley McGlone discusses automating threat disruption on endpoints using new Endpoint Reactions capabilities with Tanium Technical Product Manager for Threat Response Thomas Akin.

How-to

Imagine a world where your endpoints could automatically disrupt a threat as soon as it’s detected. No more waiting for alerts to be processed, forensics to be collected, and actions to be taken manually.

In this “Tanium Tech Talks,” Ashley McGlone and guest Thomas Akin, technical product manager for Tanium Threat Response, highlight the tool’s capabilities, including analyzing live and historical data, creating automated detections, and taking immediate actions on threats without needing centralized systems. The episode also features a demo of the tool’s new Endpoint Reactions and future enhancements.

Key takeaways

Tanium Threat Response overview: Learn how Threat Response leverages Tanium’s power and flexibility to gain visibility into endpoints, create automated detections, and take automated reactions and remediations by analyzing live data, historical data, and files at rest, and supports various detection formats like OpenIOC, STX, Tanium Signals, and YARA rules.

Introducing Endpoint Reactions: The new Endpoint Reactions in Threat Response allow immediate action on threats by tying reactions to intel documents on the endpoint itself, bypassing the need for communication with centralized systems.

Endpoint Reactions use cases: Customers have used the new Endpoint Reactions for both security and operational use cases, such as specific targeted attacks and cleaning up error files.

Endpoint Reactions demonstration: Thomas provides an in-depth demonstration to show how intel documents can be used to kill specific processes, illustrating the flexibility and power of Tanium’s Endpoint Reactions.

Future enhancements: But wait – there’s more! Learn about future product updates, including the Quarantine Workbench, registry remediation, and custom PowerShell/Bash remediations, which will enhance the flexibility and customization of Endpoint Reactions.

Additional resources

Endpoint Reactions blog post
Release announcement
Release notes

Ashley McGlone

Technology strategist, joined Tanium in 2017, host of Tanium Tech Talks, enjoys advocating for customers, getting in the weeds of tech, and retro licorice.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.

SUBSCRIBE NOW