Tanium collaborates with OpenCTI to help orgs increase their threat detection capabilities

Tanium has announced a collaboration with OpenCTI, an open source platform which specialises in the analysis of cyber threats.

The collaboration will allow the integration of Tanium’s behavior-based detection offering, Tanium Signals, with OpenCTI, helping organizations to store, organize and visualise intelligence information in real-time. The Tanium-OpenCTI connector is now ready for production use and available to all Tanium customers.

The ability to collect and analyse Cyber Threat Intelligence (CTI) is critical, as cyber teams need to anticipate the next move of attackers and the tools and techniques they are likely to use.

With the integration of data provided by OpenCTI, companies using both tools can increase their intelligence and analysis capabilities to anticipate, search and respond more quickly and effectively to cyber threats.

For security operations center (SOC) teams, using OpenCTI with Tanium enables them to analyse and contextualise data related to signature-based detection (YARA rules, Tanium Signals, etc.), indicators of compromise (examples of phishing emails, IP address lists, etc.), techniques, tactics and procedures (TTPs) and cyber attribution.

Organizations will be able to feed the Tanium platform with the latest and relevant intelligence data provided by OpenCTI, providing them with the ability to aggregate several sources of threat intelligence.

The OpenCTI project is led by the non-profit organization Luatix, the French National Cybersecurity Agency (ANSSI) and the European Union CSIRT (CERT-EU), with many contributions from European and American organizations. It answers the need for organizing cyber threat intelligence sources and enhancing the use of CTI for risk prevention and management.

Community-developed connectors for CTI providers support organizations rolling out OpenCTI’s architecture by allowing them to make use of its many threat intelligence sources (both public and private) in their Tanium platform.

With more than 500 large organizations already using OpenCTI worldwide, including several Tanium customers, the platform embodies a community-based approach which is essential to enhancing cybersecurity tools that are integrated within a diverse ecosystem of sources.

The creation of the connector between OpenCTI and the Tanium platform also highlights the benefit for organizations in using open and scalable solutions, as opposed to single-use solutions operating in silos. Tanium plans to further develop this collaboration later this year.

“Implementing OpenCTI into Tanium’s solutions is a critical step towards improving cyber risk prevention and ultimately assuming greater control over the ever-increasing number and complexity of threats.

“The detection capabilities of Tanium’s tools are enhanced by OpenCTI’s unique architecture, its support of more than twenty different intelligence sources, and the active involvement of the Open Source community in developing the platform,” said Samuel Hassine, Director of Security Strategy and Operations at Tanium and co-creator of OpenCTI.

“The OpenCTI platform is decentralized, scalable and flexible in its settings and day-to-day use. This makes it easy for the CISO community in companies and organizations around the world to adopt OpenCTI, at a time when the use of Threat Intelligence is essential to address cyber threats in a faster and more effective way.”

“ESG research continually tells us that security teams can’t get enough threat intelligence from their security vendors, with many reporting the use of multiple intelligence sources”, said Dave Gruber, Senior Analyst at ESG.

“Security analysts depend on third-party threat intelligence to help detect and analyze threats. However, like other security data pipeline challenges, aggregating, correlating and analysing threat intelligence from multiple sources can be a complicated process.

“Collaboration between threat intelligence platforms like OpenCTI and Tanium can help overcome this challenge, allowing security teams to get the most out of their intelligence sources while optimising operational processes.”

“We have always wanted Tanium to be designed as openly as possible so that it can easily fit into our customers’ rich and complex ecosystems. We are proud to have this agreement in place which is of paramount importance as OpenCTI is increasingly being used by IT security teams in France and all over the world,” concludes Dagobert Levy, Vice President, South EMEA, at Tanium.