In this guest blog post, Nic Surpatanu, Chief Product Officer at Tanium, discusses taking control of and securing IT estates and how Tanium works with Microsoft solutions like Azure Active Directory, Defender for Endpoint, and Sentinel.
Can you imagine inheriting assets you couldn’t find, only to discover they were hidden behind drywall?
Not long ago, I spoke with the CISO of a Tanium customer that had integrated hundreds of thousands of endpoints from an acquired organization. With so many endpoints involved, he initially felt daunted by the task, and for good reason. Discovering assets, assessing device compliance and vulnerability state, fixing gaps, merging active directories, and otherwise bringing assets under management in the context of a corporate merger is a lot to ask, let alone optimizing IT operations and user experience.
The CISO said during the integration process he used Tanium to scan for unmanaged devices in the acquired organization’s domain. He was shocked to find more than 30 percent of the endpoints were previously unknown and unmanaged, having not been discovered by the acquired company. In a matter of hours, he used Tanium to map a sprawling shadow IT organization that had flown under the radar for years, but that was just the beginning of his story.
After building a complete, real-time asset inventory using Tanium’s unique linear chain architecture, he further assessed policy configuration, patch state, user permissions, and more. In a matter of days, he comprehensively deployed patches, configured policies, and managed host-based firewall rules at the scale of hundreds of thousands of endpoints, all while ensuring his Microsoft tools like Microsoft Defender for Endpoint were deployed and operational throughout his entire environment.
During the process, his team discovered a set of servers showing up on Tanium reports that initially couldn’t be physically found.
His team used the MAC address of one of these mystery servers, identified a connecting port, then followed a cable that led to a fully enclosed, separate physical space with no doors or windows containing the two lost servers that had been enclosed by drywall during remodeling.
While I don’t often hear stories of IT teams using sledgehammers, I frequently hear stories similar to this CISO’s of using security and operations tools from Tanium and Microsoft together to rapidly take control of and secure IT estates. The refrain I’ve often heard? Using them together allows customers to far exceed the capabilities offered by any other toolkit, so they can fully deprecate 30 or 40 other point solutions. And our tools are better together.
Our feedback from Fortune 100 CISOs and CIOs is clear: Using Tanium and Microsoft solutions in parallel transforms an IT leader’s ability to secure and manage their environment. Our customers wanted us to develop direct product integrations across a variety of use cases to enhance their experience and maximize investments they made in both platforms. Now a new, complementary paradigm for IT security, operations, and risk is available.
Before customers begin using Tanium and Microsoft solutions together, many struggle with similar challenges:
- A lack of comprehensive, real-time visibility creates blind spots with unknown and unmanaged vulnerabilities.
- Limited or stale data protracts investigations and complicates security and operations workflows.
- Sprawling security and management toolkits create inconsistency, inefficiency, and complexity.
We believe customers shouldn’t need to purchase an expansive toolkit consisting of myriad loosely integrated point solutions. By combining Tanium’s real-time, comprehensive visibility and control with Microsoft’s advanced threat intelligence, orchestration, and analytics capabilities on extensible, enterprise-scale platforms, we deliver transformative capabilities and enhanced security, performance, and automation together.
Allow me to outline a few use cases that Tanium and Microsoft customers have found particularly compelling:
Enhanced conditional access and zero trust at scale
To manage today's increasingly distributed environments, many IT leaders are evaluating zero trust strategies that conditionally grant access to applications or services based on an endpoint's user and device risk. But while denying access to a device with compliance gaps or vulnerabilities sounds good in theory, IT leaders struggle with two key challenges: limited or outdated data available to make conditional access decisions; and the potential productivity impacts associated with denied access for users across an organization.
Through Tanium's integration with Azure Active Directory, IT leaders can make enhanced conditional access decisions based on an extensive, highly flexible set of real-time device data from Tanium. By denying access to non-compliant or high-risk devices, Tanium and Microsoft deliver enhanced security across a minimized attack surface.
The integration also unlocks zero trust at scale for enterprises without significant productivity impacts. Customers can take advantage of Tanium's extensive remediation capabilities to quickly address a device's compliance or other security gaps and enable users to get back to work, proactively preventing these gaps in the first place.
Active threat hunting
Together, Tanium and Microsoft deliver the capabilities customers need to secure their IT estate from cloud to the edge. Tanium’s recently launched integration with Microsoft Sentinel is just one example of how customers can use Tanium’s extensive, real-time data to investigate and identify threats across their environment while remediating threats and vulnerabilities using Tanium at unparalleled speeds, all without leaving the Microsoft Sentinel console.
Recently, I sat down with the CISO of a global telecommunications company. He described how his environment had dramatically grown in complexity over the last year, and his team was being inundated with alerts and lacked the bandwidth to respond. I outlined a strategy to add Tanium’s real-time data to Microsoft Sentinel, giving his team the ability to remediate threats directly from the Sentinel portal in real time. “This is a game changer,” he said. “I see this as a complete win for my teams.”
Powerful threat detection, enhanced investigation, and integrated remediation
Customers tell me that, together, Tanium and Microsoft Defender for Endpoint offer powerful end-to-end protection, detection, investigation, and remediation. What drives this assertion is threefold:
- Threat detection: With world-class threat intelligence based on trillions of signals each day and machine learning across millions of devices, as well as highly customizable threat alerts from Tanium, we bring the best of threat detection in a way that enables the SOC to focus on what matters most.
- Threat investigation: Combining Microsoft Defender for Endpoint’s historical log analysis and correlation with Tanium’s real-time data and dynamic hunting, the SOC has the information they need to quickly triage and identify threats.
- Threat remediation: Using Tanium’s extensible, highly performant threat remediation capabilities (including killing processes, quarantining devices, deploying OS or third-party application patches, and enforcing policies) in real time and at the scale of millions of devices, the SOC can quickly address emerging threats before they have a chance to proliferate.
Comprehensive manageability in real time
Together, our capabilities span asset inventory and advanced device discovery, policy management and compliance enforcement, OS and third-party patching, performance optimization, vulnerability management, and more across major platforms including Windows, Linux, cloud, containers, mobile, and servers.
We’re not just building simple API connectors. Together, Tanium and Microsoft are delivering enhanced or entirely new capabilities across numerous use cases.
Visit Tanium.com/partners/Microsoft to schedule a demo and learn more.