1DS-TIR-042016

© 2016 Tanium, Inc. All rights reserved. Tanium is a registered trademark of Tanium, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.

Tanium Incident Response delivers a broad set of capabilities to hunt, contain and remediate threats and vulnerabilities across every endpoint with unparalleled speed and scalability.

Security Teams Are Bringing Sticks To GunfightsThe most alarming trend in cyber security today is the pace of advancement in skill, precision and tactics at attackers’ disposal. Modern attacks are now frighteningly elusive and e�icient, and breaches are staggeringly costly and devastating. Incident response teams defending high value assets are constantly under siege, and almost all are powerless when combating sophisticated and determined attackers, because the tools they are equipped with can only provide views of their environments that are hours, days or even weeks old, and that is simply worthless in this struggle against time.

The Tanium Di�erenceTanium is the first and only enterprise platform that empowers security and IT operations teams with 15-second visibility and control to secure and manage every endpoint, even across the largest global networks. Its patented architecture transcends the inherent limitations of hub-and-spoke technologies by harnessing the speed of low-latency local area networks coupled with a minimal, cost-saving infrastructure that e�ortlessly scales to millions of endpoints without the need for ongoing addition and maintenance of supporting servers. The Tanium platform delivers the speed, scalability and reliability necessary for defending against today’s threat landscape.

At A Glance● Instantly search for suspect files, handles,

and key contextual data (e.g. file paths)

● Comprehensively explore registry settings, registry paths, established connections and listening ports

● Query MD5/Sha1 Hash of running processes, mutexes, and loaded modules

● Quickly remediate at scale: kill processes, capture files, alert users, install patches and apply updates in minutes

● Collect information from compromised endpoints for further analysis

Tanium Incident ResponseTM

Tanium Incident Response OverviewTanium Incident Response, a Tanium Product Module, provides the essential tools and functionality required for hunting, containing and neutralizing unfolding attacks at the endpoint, at any scale, in seconds. Tanium Incident Response provides security teams immense flexibility and a wide array of out of the box functionality that is crucial to discovering attack artifacts, applying remediating actions directly to a�ected endpoints, and verifying compromises are properly eliminated. This unprecedented agility significantly reduces the time required to resolve incidents, and this in turn limits the impact and damage related to incidents such as unauthorized intruders, insider threats and critical system outages.

Adaptability To Scope Even The Most Sophisticated AttacksMalicious attackers are not bound by any rules and o�en strike opportunistically and behave erratically. Under these wide-open circumstances, there aren’t any guidelines or structure that can be prescribed to predict their motives or strategies. Tanium Incident Response provides the flexibility to adapt to this uncertainty, and provides security teams full control over ad-hoc or methodical endpoint investigation and threat detection. Tanium Incident Response includes out of the box capabilities to search for MD5s of processes, mutexes, application logs, scheduled tasks, active users, loaded modules, open ports, running services, unauthorized connections, unmanaged assets, semaphores and much more, and retrieve accurate results back from every endpoint in just seconds.

Remediate Any Attack On The EndpointOnce an incident has been fully scoped, remediation must be executed swi�ly and precisely to limit the time adversaries have to counteract. Tanium Incident Response provides a full suite of out of the box capabilities, for example quarantining machines, killing processes, disabling network connections, changing registry data, uninstalling applications, resetting credentials, shutting down systems and much more, that allow security teams to reestablish full control and stop attacks already underway dead in their tracks in just seconds.

Tanium Incident Response provides the essential tools and functionality required to hunt, contain and neutralize unfolding attacks at the endpoint, at any scale, in seconds.

Data Sheet

2

ABOUT TANIUMTanium gives the world’s largest enterprises and government organizations the unique power to secure, control and manage millions of endpoints across the enterprise within seconds. With the unprecedented speed, scale and simplicity of Tanium, security and IT operations teams now have complete and accurate information on the state of endpoints at all times to more e�ectively protect against modern day threats and realize new levels of cost e�iciency in IT operations. Visit us at www.tanium.com or follow us on Twitter at @Tanium.

© 2016 Tanium, Inc. All rights reserved. Tanium is a registered trademark of Tanium, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.

Tanium Incident Response delivers a broad set of capabilities to hunt, contain and remediate threats and vulnerabilities across every endpoint with unparalleled speed and scalability.

Security Teams Are Bringing Sticks To GunfightsThe most alarming trend in cyber security today is the pace of advancement in skill, precision and tactics at attackers’ disposal. Modern attacks are now frighteningly elusive and e�icient, and breaches are staggeringly costly and devastating. Incident response teams defending high value assets are constantly under siege, and almost all are powerless when combating sophisticated and determined attackers, because the tools they are equipped with can only provide views of their environments that are hours, days or even weeks old, and that is simply worthless in this struggle against time.

The Tanium Di�erenceTanium is the first and only enterprise platform that empowers security and IT operations teams with 15-second visibility and control to secure and manage every endpoint, even across the largest global networks. Its patented architecture transcends the inherent limitations of hub-and-spoke technologies by harnessing the speed of low-latency local area networks coupled with a minimal, cost-saving infrastructure that e�ortlessly scales to millions of endpoints without the need for ongoing addition and maintenance of supporting servers. The Tanium platform delivers the speed, scalability and reliability necessary for defending against today’s threat landscape.

System Requirements

Managed Endpoints Up to 35,0003 Up to 150,000 Up to 400,0004

Hardware Requirements(Tanium Server / Database Server)

Processor Cores (Physical)

Memory

Disk Space2

So�ware Requirements

Operating System

Database Version

16 / 8

24 GB / 16 GB

400 GB / 1 TB

40 / 32

128 GB / 64 GB

1.5 TB / 4 TB

Microso� Windows Server 2008 R2, 2012 or 2012 R2

Microso� SQL Server 2008, 2012 or 2014

80 / 64

256 GB / 128 GB

3 TB / 10 TB

Server Requirements1 Client Requirements1

● Microso� Windows 2000, XP, Vista, 7, 8, 10 or Windows Server 2000, 2003, 2008, 2012

● Mac OS X 10.5+ (Intel-only)

● Linux (RHEL, CentOS, Fedora, SUSE, Debian and Ubuntu)

● Solaris 10 10/09 “U8”+

● IBM AIX 6.1+

1 For more detailed information visit https://kb.tanium.com/System_Requirements2 Disk space requirements are approximations and actual values may vary depending on usage and use cases3 Server may be run virtualized for up to 35K endpoints4 Contact us for environments larger than 400K endpoints

Tanium Incident Response OverviewTanium Incident Response, a Tanium Product Module, provides the essential tools and functionality required for hunting, containing and neutralizing unfolding attacks at the endpoint, at any scale, in seconds. Tanium Incident Response provides security teams immense flexibility and a wide array of out of the box functionality that is crucial to discovering attack artifacts, applying remediating actions directly to a�ected endpoints, and verifying compromises are properly eliminated. This unprecedented agility significantly reduces the time required to resolve incidents, and this in turn limits the impact and damage related to incidents such as unauthorized intruders, insider threats and critical system outages.

Adaptability To Scope Even The Most Sophisticated AttacksMalicious attackers are not bound by any rules and o�en strike opportunistically and behave erratically. Under these wide-open circumstances, there aren’t any guidelines or structure that can be prescribed to predict their motives or strategies. Tanium Incident Response provides the flexibility to adapt to this uncertainty, and provides security teams full control over ad-hoc or methodical endpoint investigation and threat detection. Tanium Incident Response includes out of the box capabilities to search for MD5s of processes, mutexes, application logs, scheduled tasks, active users, loaded modules, open ports, running services, unauthorized connections, unmanaged assets, semaphores and much more, and retrieve accurate results back from every endpoint in just seconds.

Remediate Any Attack On The EndpointOnce an incident has been fully scoped, remediation must be executed swi�ly and precisely to limit the time adversaries have to counteract. Tanium Incident Response provides a full suite of out of the box capabilities, for example quarantining machines, killing processes, disabling network connections, changing registry data, uninstalling applications, resetting credentials, shutting down systems and much more, that allow security teams to reestablish full control and stop attacks already underway dead in their tracks in just seconds.