Thursday, 4th March 2021

Tanium collaborates with OpenCTI

Power and flexibility of Tanium’s platform, combined with OpenCTI's real-time Cyber Threat Intelligence, will enable organisations to dramatically increase their threat detection capabilities.

Tanium is working with with OpenCTI, an open source platform which specialises in the analysis of cyber threats. The collaboration will allow the integration of Tanium’s behavior-based detection offering, Tanium Signals, with OpenCTI, helping organisations to store, organise and visualise intelligence information in real-time. The Tanium-OpenCTI connector is now ready for production use and available to all Tanium customers.

The ability to collect and analyse Cyber Threat Intelligence (CTI) is critical, as cyber teams need to anticipate the next move of attackers and the tools and techniques they are likely to use. With the integration of data provided by OpenCTI, companies using both tools can increase their intelligence and analysis capabilities to anticipate, search and respond more quickly and effectively to cyber threats.

For security operations center (SOC) teams, using OpenCTI with Tanium enables them to analyse and contextualise data related to signature-based detection (YARA rules, Tanium Signals, etc.), indicators of compromise (examples of phishing emails, IP address lists, etc.), techniques, tactics and procedures (TTPs) and cyber attribution. Organisations will be able to feed the Tanium platform with the latest and relevant intelligence data provided by OpenCTI, providing them with the ability to aggregate several sources of threat intelligence.

The OpenCTI project is led by the non-profit organisation Luatix, the French National Cybersecurity Agency (ANSSI) and the European Union CSIRT (CERT-EU), with many contributions from European and American organisations. It answers the need for organising cyber threat intelligence sources and enhancing the use of CTI for risk prevention and management. Community-developed connectors for CTI providers support organisations rolling out OpenCTI's architecture by allowing them to make use of its many threat intelligence sources (both public and private) in their Tanium platform.

With more than 500 large organisations already using OpenCTI worldwide, including several Tanium customers, the platform embodies a community-based approach which is essential to enhancing cybersecurity tools that are integrated within a diverse ecosystem of sources. The creation of the connector between OpenCTI and the Tanium platform also highlights the benefit for organisations in using open and scalable solutions, as opposed to single-use solutions operating in silos. Tanium plans to further develop this collaboration later this year.

"Implementing OpenCTI into Tanium's solutions is a critical step towards improving cyber risk prevention and ultimately assuming greater control over the ever-increasing number and complexity of threats. The detection capabilities of Tanium’s tools are enhanced by OpenCTI’s unique architecture, its support of more than twenty different intelligence sources, and the active involvement of the Open Source community in developing the platform," said Samuel Hassine, Director of Security Strategy and Operations at Tanium and co-creator of OpenCTI. "The OpenCTI platform is decentralized, scalable and flexible in its settings and day-to-day use. This makes it easy for the CISO community in companies and organisations around the world to adopt OpenCTI, at a time when the use of Threat Intelligence is essential to address cyber threats in a faster and more effective way."

“ESG research continually tells us that security teams can’t get enough threat intelligence from their security vendors, with many reporting the use of multiple intelligence sources”, said Dave Gruber, Senior Analyst at ESG. “Security analysts depend on third-party threat intelligence to help detect and analyze threats. However, like other security data pipeline challenges, aggregating, correlating and analysing threat intelligence from multiple sources can be a complicated process. Collaboration between threat intelligence platforms like OpenCTI and Tanium can help overcome this challenge, allowing security teams to get the most out of their intelligence sources while optimising operational processes.”

"We have always wanted Tanium to be designed as openly as possible so that it can easily fit into our customers' rich and complex ecosystems. We are proud to have this agreement in place which is of paramount importance as OpenCTI is increasingly being used by IT security teams in France and all over the world," concludes Dagobert Levy, Vice President, South EMEA, at Tanium.

New report shows how hackers and criminals exploited COVID-19 pandemic in 2020 to target all busines...
Tanium survey of IT decision makers finds that enterprises are observing uptick in risky behaviours...
LogMeIn has published results of a global study executed by IDG that reveals the new reality of long...
Imperva Sonar platform enables organizations to manage complex and automated cyberattack risks.
BlackBerry has released the 2021 BlackBerry Threat Report, detailing a sharp rise in cyberthreats f...
The Privacy Compliance Hub is a clear, user-friendly and engaging way to spread privacy compliance a...
CNI organisations demonstrate strong appetite for digital transformation but misplaced confidence co...
Company debuts brand-new eCrime Index showing intensity of cyber-criminal market over time; reveals...