SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Tanium and Google Cloud bring greater security to distributed IT
Thu, 6th Aug 2020
FYI, this story is more than a year old

Tanium and Google Cloud have extended their partnership with the view to help organisations with their security transformation within the distributed IT era.

The partnership brings together the Tanium Unified E 3ndpoint Management and Security Platform with Google Cloud Security Analytics and Zero Trust Initiatives.

This new offering, sold by Tanium, is designed to help enterprises detect, investigate, and scope advanced, long-lived attacks (APTs), the companies state.

Through the integration between Chronicle security analytics and Tanium's unified endpoint security, joint customers have greater capabilities around hunting for threats, accelerating incident response, and reducing costs.

For the first time, security teams can rapidly and proactively hunt threats both live and across an entire year of endpoint activity, Tanium states.

High-fidelity, real-time security telemetry from Tanium combines with analytics and cloud-scale data capacity from Chronicle to deliver search and cyber forensics capability.

For incident response and remediation, Tanium and Chronicle provide the historical data required to investigate, scope and further remediate advanced, persistent threats.

With Chronicle, customers can correlate up to one year of data gathered from the Tanium platform's sophisticated endpoint telemetry and network activity.

This dataset enables incident response teams to thoroughly investigate sustained, long-term attacks and take comprehensive remediative action.

On the costs front, toogether, Google Cloud and Tanium help increase security analyst efficiency and reduce costs associated with storage and point tool sprawl, the companies state.

With Tanium, organisations reduce or eliminate the need for endpoint security and management point solutions with a single agent architecture that provides detailed telemetry across endpoints everywhere.

Chronicle provides storage for that endpoint telemetry with zero data volume charges, as well as a user interface that allows security analysts the ability to instantly search that data, enabling faster threat hunting and response.

Tanium and Google Cloud are also partnering to extend zero trust to the device edge through an integration between Tanium and Google's BeyondCorp.

Through the integration, Tanium will support the ability for customers to use endpoint identity, state, and compliance data with BeyondCorp Remote Access.

According to research from Booz Allen Hamilton, the average dwell time for APTs in the enterprise hovers between 200 and 250 days.

The longer these threats go undetected, the farther they are able to spread, requiring additional investigation in order to successfully remediate, Tanium states.

Even as the average dwell time drops across attack vectors, APTs continue to evade traditional defenses, compromising systems and data across an enterprise.

Overall acceleration towards more distributed workforces and cloud computing increases the threat vector as more endpoints run outside of traditional network perimeters and defenses, the company states.

Google Cloud general manager and vice president of Cloud Security Sunil Potti says, “With Tanium and Google Cloud, customers don't have to make difficult tradeoffs between the quality, breadth, timeliness or storage cost of their security telemetry.

“Advanced persistent threats require a sophisticated approach to detection and response. That starts at the endpoint, where most compromise activities begin.

“With telemetry sourced from Tanium's comprehensive endpoint security approach, customers have the data they need to detect and investigate post-compromise activity to accelerate remediation and prevent future intrusion.

Tanium co-founder and co-CEO Orion Hindawi says, “This joint solution with Chronicle gives Tanium customers access to massively scalable analytics and investigation capabilities far beyond that of other endpoint detection and response point tools.

“This integration enables our customers to investigate APTs and other threats from the moment of detection back to the moment of compromise for comprehensive response and remediation.

The two companies also plan to collaborate on improving ways organisations can manage and secure client endpoints like thin-client devices, cloud endpoints, or mobile operating systems. More details on this work will be available later this year.