Tanium Unveils New Forensics Capability For Incident Response

New innovation within industry-leading platform dramatically accelerates investigations across millions of endpoints in seconds; only platform to bridge Security and IT Operations for closed-loop endpoint security

June 26, 2015

3 Min Read


EMERYVILLE, Calif. – June 25, 2015 - Tanium, the company that has redefined security and systems management, today announced the availability of Tanium Trace, a new module of the Tanium Endpoint Platform that takes the speed and scale of the platform even further by helping organizations quickly and completely understand the origin, scope and cause of a cyber attack across millions of endpoints in seconds.

Investigating the mountain of alerts generated by security tools is a taxing process that can easily take already overburdened incident response teams days, weeks or even months. This lack of insight often leaves teams with no other option than to rebuild all potentially compromised systems before the investigation is completed. This is not only costly and time consuming, but also leaves organizations at risk of having a larger breach go undetected. Tanium Trace dramatically accelerates the identification of malicious activity and arms incident response teams to more accurately, quickly and completely scope incidents before a brand-damaging and costly security breach occurs.

Tanium Trace fixes this previously broken model by arming incident response teams with visibility to take an initial lead, quickly search, filter and visualize forensic data, and quickly piece together the puzzle about what happened on an endpoint within a given timeframe. By continuously recording system activity at a level of detail not captured by other tools, Tanium Trace not only accelerates in-depth historical analysis on a single endpoint but also leverages the same data to instantly identify compromised systems enterprise-wide in seconds. In addition, after an incident is properly scoped, the Tanium platform can execute remediation actions, such as quarantining a machine or deploying a patch, at scale within seconds.

With the addition of Tanium Trace, Tanium is the only platform that enables a closed-loop process for endpoint security – spanning detection, investigation, remediation and ongoing enforcement of IT security across the organization – with unprecedented speed and scale. This is truly transformational, as it breaks down the silos between Security and IT Operations that can stall security and introduce business risk. With Tanium, for the first time, Security and IT Operations teams have shared visibility into security issues and can more effectively collaborate to detect, investigate, remediate and build good security hygiene into ongoing IT operations processes.

“There are four key questions that incident response teams need to answer quickly and confidently during an investigation: What happened? Where did it happen? How did it happen? Is it still happening? Before Tanium, it was not possible to get all of this information in the timeframe required to stay ahead of attacks,” said Ryan Kazanciyan, Chief Security Architect at Tanium. “Tanium completely changes the game. Through my own experience working on countless investigations, Tanium Trace will not only save incident response teams thousands of investigative hours, but will also make the entire security process more effective and reliable.”

“Tanium Trace enables us to automate the application of new threat intelligence to historical activity in our clients' environments, delivers a rich set of data for statistical anomaly detection, and provides our incident response teams with a high fidelity view of a threat actor's digital footprints in order to dramatically reduce containment times,” said Kris McConkey, Cyber Security Partner at PwC.


Tanium gives the world’s largest enterprises and government organizations the unique power to secure, control and manage millions of endpoints across the enterprise within seconds. Serving as the “central nervous system” for enterprises, Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, retrieve data on their current and historical state and execute change as necessary, all within seconds. With the unprecedented speed, scale and simplicity of Tanium, organizations now have complete and accurate information on the state of endpoints at all times to more effectively protect against modern day threats and realize new levels of cost efficiency in IT operations. Visit us at www.tanium.com or follow us on Twitter at @Tanium.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights