Tanium partners with Microsoft to provide comprehensive endpoint visibility and management in real time

When Chris Cruz was the State of California’s Deputy Chief Information Officer, it was critical that he was able to present security information in a clear manner. His IT team needed real-time and legible information derived from their suite of security tools that they could use to make decisions on the fly, Cruz shares with GovInsider.

Now the current Chief Information Officer Public Sector of Tanium, the only provider of convergent endpoint management, he shares that real-time visibility and management is key to managing today’s wide range of cyber attacks and breaches. Their new partnership with Microsoft promises to deliver just that to government IT teams everywhere.

In late 2022, Tanium announced the first of several integrations between Microsoft and the Tanium endpoint management and security platform. Tanium’s real-time endpoint data is now directly accessible from the Microsoft Azure Sentinel console, an AI-powered and cloud-native SIEM that provides intelligent security analytics. 

“Whether you’re a municipality, a county government, a state government or province or federal government, everyone is now being hit [by cyber attacks]. And so it’s important to have what I call a centralised security posture across your entire organisation,” says Cruz.

Proactive, predictive, and automated management

First, Tanium’s integration into Sentinel enables organisations to comprehensively detect, investigate, and remediate threats automatically by extending the console’s advanced security and analytics capabilities, according to a press release.

This automated response capability helps to “enable non-compliant devices and users that would be denied access ,” says Cruz. In turn, this allows organisations to actively secure their policies and platforms.

Tanium’s fully-integrated automation tools work together with Microsoft solutions to accelerate investigations and stop attacks before additional damage can be done.

Not only can these solutions detect threats and identify which device the action point originates from, they have the ability to “sniper patch” it and keep the attack from spreading to the rest of the network, Cruz adds.

Next, Tanium can take immediate action on these alerts by quarantining the device, deploying a patch or updating software — all from the Sentinel console.

Real-time data to enable immediate response

Tanium’s integration into Sentinel allows its rich, real-time endpoint data to be accessible directly from the Sentinel console, without any delay caused by switching consoles. This saves time and equips analysts with the necessary information they need when investigating a situation, reducing the time it takes to assess and mitigate an attack’s impact.

Consider a university shifting to remote learning. When the University of Salford in England had to shift to remote learning, students and educators began connecting to the university through their home wi-fi networks and personal computers.

“All it takes is one unmanaged endpoint in an environment for a hacker to come in through, and you’ve got an incident or breach regardless of whether you have an endpoint protection (EPP) or an endpoint detection and response (EDR) tool… that’s the power of Tanium’s real time visibility and detection platform,” says Cruz.

But switching to Tanium allowed them to establish real-time visibility into its 5,000 on-premises, remote, and cloud-based assets, address security patches, and fix thousands of vulnerabilities. When faced with cyber threats, the University was able to quickly identify weak spots, patch them, and report on the incident within minutes.

This also enables security analysts to investigate threats in real time by contextualising and correlating alerts sourced from both Microsoft and Tanium services. In turn, this allows them to make quick decisions, improving the efficacy of incident response management.

Finally, Tanium allows analysts to assess the organisation’s security posture in real time, rather than performing retrospective analysis.

Comprehensive visibility across devices

The Tanium platform enables analysts to have a comprehensive view of all devices connected to the network across an entire IT environment. This comprehensive visibility and management platform within the Sentinel dashboard allows analysts to make educated decisions.

Cruz highlights that in his previous roles, it was a big challenge to identify every asset linked to a network. Research from Tanium has found that in 94 per cent of enterprises, almost 20 per cent of endpoints are undiscovered and unprotected – each and every one of them a potential weak point for hackers.

Tanium allows organisations to identify these assets, address them, and manage them appropriately – including decommissioning those assets from the network if no longer needed.

For instance, Tanium can detect and identify new endpoints plugged into a network in real time. Then, analysts can deploy EPP or EDR tools to manage these new endpoints and provide the necessary threat detection response if necessary, says Cruz.

Its integration with Microsoft also enables the platform to independently verify that all its Microsoft services are deployed and up-to-date on every endpoint, he notes.

As cyber warfare becomes more pervasive, it is critical that organisations leverage their tech investments to maximise stability. Tanium’s platform works in conjunction with tools such as Microsoft to support security analysts, make network ecosystems more resilient to potential hackers, and remain cybersafe.

Read more: Privacy Enhancing Technologies pick up steam in public and health sectors