Whether your organization needs to secure a handful or hundreds endpoints the proper configuration of their security is what protects your organization against cyber-attacks.

Traditionally companies rely on third-party antivirus software, firewalls and encryption tools to secure and protect their digital assets without utilizing their native operating systems (OS) that offer built-in security features.

The problem with the security features provided by the widely-used operating systems is their default security settings are permissive and sometimes difficult to configure.

Tanium Protect builds on the native security features of an operating system, enabling organizations to benefit from a simplified OS security management of their endpoint IT environment. The approach reduces spending on IT security while improving the overall security by taking advantage of security features that are native for the respective OS.

Tanium Protect allows companies to activate and manage native security controls such as antivirus and disk encryption while controlling applications and firewalls within a single dashboard. The solution generates reports for incidents triggered by events related to their antivirus, disk encryption and application control statuses.

System Requirements to Run Tanium Protect

Tanium Protect runs as a module on the Tanium Module Server and supports the following endpoint operating systems:

• Windows Vista, Windows 7, Windows 8 or Windows 10
• Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
• CentOS 6 and 7, Red Hat Enterprise Linux (RHEL) 6 and 7, and Ubuntu 16
• Mac OS X 10.8 Mountain Lion

Organizations should be aware of different security policies and remediation options requiring different versions of the respective operating system.

How Tanium Protect Proactively Shields Endpoints

Proactive security measures are the backbone of a company’s defenses when hackers launch advanced persistent threat campaigns. Tanium Protect provides businesses with the tools to block malicious attacks on endpoints at scale by combining their native OS security controls management and third-party controls.

Organizations can manage and control their native security by customizing:

• Policies and Rules: Teams can configure the security settings for each policy that applies to a specific application they are running. Within Tanium Protect organizations can define policies for anti-malware and firewall operation as well as AppLocker, BitLocker, Windows device control, Enhanced Mitigation Experience Toolkit (EMET), Software Restriction (SRP) and Remediation policies.
• Computer Groups: Security teams can create one or more computer groups to which a specific policy applies and thus you can have groups with different security configurations depending on their intended use and level of security required.
• Security Policy Enforcement: Once the business defines their security rules and policies, they can apply, or enforce, them to a computer group. Policies can have the following status:
  • Enforced: A policy is fully in force on an end-point machine.
  • Partially Enforced: A policy of the same type overrides the particular policy.
  • Unenforced: The policy is not activated on an end-point machine.

Organizations can find a policy that has a Partially Enforced or Unenforced status on an endpoint computer in case two or more policies of the same type are applicable. In this case, Tanium Protect enforces only the highest priority policy. Thus, they get security policy priorities within a hierarchical structure.

What Security Policies Can Manage Tanium Protect

Teams can create multiple security rules for multiple security policies in Tanium Protect. Native security features provide protections for both end-point connections, local data storages and portable devices. Policies can be enforced and managed through a single console in Tanium Protect including:

• Anti-malware policies protect endpoints by using the Microsoft Anti-malware engine.
• AppLocker policies: Prevent a specific application from running on endpoints or allow it on the same or another computer group.
• BitLocker policies: Windows 7 and later versions allow for to encryption of disk drives using Windows BitLocker Drive Encryption. Tanium Protect supports creation of BitLocker policies.
• Windows device management: Create policies to control permissions for removable devices on Windows endpoints and prevent installation of new devices. A policy that controls permissions is also a crucial element of a bring-your-own-device (BYOD) policy.
• Enhanced Mitigation Experience Toolkit (EMET) policies: Microsoft EMET policies can protect against memory corruption attacks and provide added security for connections to website that still use Transport Layer Security (TLS) protocol.
• Firewall policies: Define and enforce multiple rules that stipulate how the built-in Windows Firewall manages incoming and outgoing connections and what ports to close.
• Software Restriction Policy (SRP): Creating policies for the Windows SRP component enables you to prevent certain applications from running on endpoints.
• Remediation policies: IT administrators can create a list of tasks that run one after the other on endpoints. These tasks are usually part of a broader strategy to check systems or restore an endpoint to normal operation.

Security teams can create and enforce any of the above security polices for any of their computer groups or individual endpoints.

Conclusion

Tanium Protect enables organizations to configure and run comprehensive security policies that manage built-in OS security modules. By using native security features, companies can reduce their costs. They should also bear in mind that built-in Windows Defender antivirus, for instance, routinely ranks higher than third-party antivirus suites in numerous research reports by independent security labs. The same is true for other built-in security components of an OS.

Adopting a number of third-party cybersecurity suites to manage all aspects of your organization’s IT security is both cost-inefficient, adds risks of software incompatibility, and increases false positives. In many use-case scenarios, the adoption of a single command-and-control center from which teams can create system-wide policies to manage native security tools offers better overall security and minimizes the risks of misconfiguring endpoints.

Do you have questions about Tanium Protect or are considering implementing an endpoint detection and response tool?