Tanium XEM platform integration with Microsoft Sentinel enables active threat hunting

Tanium has unveiled the first of several powerful integrations between Microsoft and the Tanium XEM platform. The integration marks the latest expansion in a relationship that includes Tanium’s membership in the Microsoft Intelligent Security Association (MISA) and its availability in the Microsoft Azure Marketplace.

By making Tanium’s endpoint data accessible directly from the Sentinel console, the integration enables IT organizations to detect, investigate, triage, prioritize, and remediate threats automatically, extending Sentinel’s advanced security and analytics capabilities, reducing the number of false positives that require disposition, and allowing security practitioners to better identify threats that might otherwise be missed.

“Environments like ours are complex — there’s a great diversity of the types of devices and a large number of users accessing sensitive information,” said Mark Wantling, CIO the University of Salford.

“It‘s a lot for my relatively small InfoSec team to manage, so I’m very excited about Tanium’s integration with Microsoft Sentinel. Now my team can investigate, identify, triage, and remediate threats quickly without even leaving the Sentinel console, and that’s a gamechanger.”, Wantling continued.

The Tanium integration with Sentinel also enables active threat hunting. With Tanium’s real-time data taken directly from the endpoint, security practitioners are better able to contextualize and correlate alerts sourced from both Microsoft and Tanium with almost no delay across an entire IT environment.

They get accurate real-time data rather than information that may no longer be correct as a result of inherent latency. Additionally, Tanium gives incident responders the ability to take immediate action on alerts as they happen including quarantining a device, deploying a patch, or updating software, all from the Sentinel console.

Customers benefit from proactive, predictive, automated management of their entire IT stack.

Tanium + Sentinel gives Microsoft customers the ability to monitor and ensure their Microsoft’s solutions are available and operate at optimal health. With its real-time distributed architecture, Tanium can independently verify that all Microsoft services are deployed and up-to-date and validate that it is fully performant on every endpoint.

If needed, customers can deploy a patch or quarantine a device in seconds to ensure they get the most out of their Microsoft investments.

“We’re excited to continue to expand our relationship with Microsoft,” said Rob Jenks, SVP of corporate strategy at Tanium.

“Already we work together to make Microsoft environments healthier and more secure by reducing risks for customers and protecting their investments in Azure, and soon we’ll be releasing a series of powerful integrations with Microsoft tools in addition to our Sentinel Integration.”, Jenks continued.