PALO ALTO NETWORKS: Technology Partner Solution Brief

Tanium and Palo Alto Networks: Real-Time Cyberthreat Detection, Prevention and Remediation

REAL-TIME CYBERTHREAT DETECTION, PREVENTION AND REMEDIATIONToday our organizations remain highly vulnerable to modern cyberattacks, which have grown increasingly stealthy and persistent against traditional defenses. Serious incidents are not being detected in time, or at all, because security teams are either too dependent on narrow and outdated threat data, or they have no means to take action quickly, at scale, against all of the threat intelligence available to them. In addition, once endpoints become compromised, proper investigation and remediation across globally distributed environments typically take weeks or even months to complete, leaving skilled adversaries with ample time to steal intellectual property and sensitive customer data or cripple targeted assets. Recognizing that endpoints remain one of the largest attack surfaces for cyber adversaries, organizations are now turning toward new, more integrated approaches to advanced detection, prevention and remediation of cyberthreats.

Palo Alto Networks® and Tanium® have partnered to fundamentally change the game for cyber adversaries by bringing together the best of both network- and endpoint-level security into one integrated approach. This approach increases an organization’s overall security efficacy by applying a tightly integrated, closed-loop architecture that opens up critical threat intelligence exchanges in a highly automated manner. Through this strategic collaboration, organizations can now be confident that serious incidents will not only be detected, but the prevention and remediation of those incidents will be managed in real time at a scale never seen before.

Palo Alto Networks and Tanium form a strategic partnership that empowers large, distributed organizations to prevent, detect and respond to today’s cyberthreats with unmatched speed and scale. HIGHLIGHTS

■ Provides security teams with the best network threat prevention and endpoint visibility and control solutions in an integrated and highly automated approach, allowing them to more effectively protect the enterprise and respond to rapidly evolving attacks.

■ Leverages Palo Alto Networks next-generation firewall (NGFW) and WildFire threat intelligence, along with the Tanium Endpoint Platform’s 15-second visibility and control, to accurately discover compromised endpoints in seconds, even across the largest global networks.

■ Unique, closed-loop process that not only identifies and immediately prevents even the most advanced threats and zero-day exploits from spreading across the network, but also arms security teams with the ability to investigate, remediate and recover from any incident over millions of endpoints within seconds. 15-second visibility allows

teams to quickly focus on the real issues at scale.

Complete and accurate endpoint data–both current and historical–ensures incidents are fully scoped.

15-second control provides confidence remediation is successful every time.

Shared visibility across Security and IT teams enables effective collaboration.

Threat IntelligenceTurn unknown threats into known with industry leading threat intelligence that benefits from up-to-the-minute data from our global community of customers and partners.

Threat PreventionPrevent threats on the network with URL Filtering, IPS, and tight integration with WildFire to ensure that even the latest unknown threats are blocked.

Network Visibility & ControlSSL decryption, App ID, Content ID, and User ID ensure that all traffic is deeply inspected and controlled according to security policy.

T H R E AT I N T E L L I G E N C E

E N D P O I N T I N T E L L I G E N C E

PALO ALTO NETWORKS: Technology Partner Solution Brief

4401 Great America ParkwaySanta Clara, CA 95054

Main: +1.408.753.4000Sales: +1.866.320.4788 Support: +1.866.898.9087

www.paloaltonetworks.com

© 2015 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at http://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. PAN_TPSB_Tanium_080315

PALO ALTO NETWORKS NEXT-GENERATION FIREWALL WITH WILDFIREPalo Alto Networks next-generation firewall provides unparalleled visibility and control across the network. Its unique architecture allows for seamless integration into virtually any network architecture from branch offices to highly virtualized data centers into public cloud environments. This puts the next-generation firewall in a distinct position to, not only prevent threats across the network, but also recognize new threats that have never been detected before.

As these new threats emerge, Palo Alto Networks next-generation firewall automatically routes suspicious files and URLs to WildFire™ for deep analysis. WildFire inspects millions of samples per week from its global network of customers and threat intelligence partners, looking for new forms of previously unknown malware, exploits, malicious domains, and outbound command and control activity. Through a combination of both static and dynamic analysis, WildFire is able to pinpoint the latest threat tactics and tools. WildFire is also able to build valuable context around indicators of compromise (IOCs), utilizing a growing pool of threat-related objects numbering in the tens of billions. As these new threats are discovered, WildFire automatically generates protections and distributes these updates to the global community within 15 minutes to immediately halt threats from spreading in their environments, without requiring any additional user action. This closed-loop, automated process gives organizations the assurance that their networks are armed with the absolute latest threat intelligence at all times.

TANIUM ENDPOINT PLATFORMThe Tanium Endpoint Platform is the first and only enterprise platform that empowers security and IT operations teams with 15-second visibility and control to secure and manage every endpoint, even across the largest and most complex global networks. Using Tanium, teams can ask questions about the state of every endpoint across the enterprise in plain English, retrieve data on their current and historical state, and execute change as necessary, all within seconds. The Tanium Endpoint Platform can also enrich any number of external or third-party systems, such as SIEMs, log analytics tools, CMDBs and big data clusters, and it includes a variety of ready-to-use connectors to make these configurations simple and seamless for administrators.

Tanium IOC Detect, a module of the Tanium Endpoint Platform, can evaluate complex indicators of compromise, which may contain dozens of attributes, such as filenames, registry settings, IP addresses, MD5 hashes, or even observable suspicious behaviors, over millions of endpoints, and return accurate results in seconds. Tanium IOC Detect allows security teams to easily evaluate multiple IOCs in a single scan, with minimal impact to the endpoint or network, and gives them the flexibility to automate these scans across the entire enterprise, as well as perform quick, ad-hoc scans against just a select group of endpoints. Tanium provides security teams with a complete set of tools necessary to reliably detect, investigate and remediate endpoint security incidents of any nature, as well as provide ongoing enforcement of IT security hygiene, at scale, within seconds.

PALO ALTO NETWORKS + TANIUMWith this breakthrough integration between Palo Alto Networks and Tanium, the Tanium Endpoint Platform receives malicious indicators identified by Palo Alto Networks WildFire, which are automatically imported into the Tanium IOC Detect module. This relationship between WildFire and Tanium IOC Detect enables security teams to quickly and accurately discover compromised endpoints across the organization within seconds. In addition, as Tanium IOC Detect identifies new indicators of compromise at the endpoint, that intelligence is shared directly with Panorama™, which results in the automatic delivery of new network-level protections across next-generation firewalls enterprise-wide.

Applying this level of industry-leading speed and scalability, both on the endpoints and across the network, ensures that protection is rapidly applied at all layers. Security teams now have an integrated solution that can identify and block the most advanced threats and zero-day exploits from continuing to spread right at the outset, along with 15-second visibility and control over every endpoint in the environment, ensuring organizations can reliably investigate, remediate and recover from any incident to stop damage from escalating into a ruinous breach.

2200 Powell Street, 6th Floor Emeryville, CA 94608 Main: +1.510.704.0202 Sales: sales@tanium.com

www.tanium.com