The Tanium Integrity Monitor™ simplifies achieving regulatory compliance and makes file integrity monitoring (FIM) more effective enterprise wide. By consolidating point tools, compliance and security teams become more efficient through the speed, scale, and completeness of the Tanium platform.
FIM allows users to continuously watch for changes to important files on endpoints and alert security staff about unauthorized or malicious changes. The various compliance standards—such as PCI-DSS, HIPAA, SOX, NERC-CIP, CIS Critical Security Controls, etc.—require these tools to be deployed and functional.
The Tanium Integrity Monitor tool helps organizations instantly monitor the integrity of all files on their network. It enables continuous monitoring of critical system, application, and log files by leveraging an existing Tanium agent and infrastructure. Administrators can get started by importing existing watch lists from other FIM solutions; they can define and manage new watch lists or customize a pre-defined library of watch lists for critical files. With the ability to prioritize and deploy multiple watch lists to endpoints, Tanium Integrity Monitor enables comprehensive continuous recording of file events and alerting when files change from their expected configurations. File events include additions, deletions, modifications, cryptographic hashes, and permissions.
With Tanium Integrity Monitor, dynamic groups of computers (e.g., Windows machines, Linux machines, or POS systems) can be automatically updated with the right monitoring, continuously checking for common or new attack vectors, so the file integrity monitoring can keep pace with the changing IT environment. Automated whitelisting of planned changes improves signal-to-noise ratio, while labeling of issues improves efficiency of workflows.
Tanium Integrity Monitor generates granular reports on monitored files to satisfy regulatory compliance requirements, specifically PCI-DSS and CIS Critical Control #3. By leveraging the Tanium platform, organizations can perform multiple compliance and security hygiene tasks. On alert, administrators can take additional actions through the Tanium Core Platform. By leveraging Tanium Connect, they can send e-mail and create tickets in change management systems such as ServiceNow, or events in SIEM for easy integration with existing incident management workflows.
The Tanium Integrity Monitor also allows users to consider applying file integrity monitoring to other use cases beyond compliance. The Tanium platform enables the deployment of FIM to every endpoint as a security hygiene best practice. Users can flexibly deploy continuous monitoring for common attack entry points (e.g., browser plug-in directories), or any emerging vectors as the threat landscape evolves.
The Tanium Integrity Monitor can be used in concert with the Tanium Core Platform and other product modules. By using Tanium Comply for security configuration and vulnerability management, and using Tanium Protect to manage native operating system protections, users can further simplify the process of meeting compliance requirements. Tanium Discover enables IT to continuously find and secure machines in scope for compliance. Tanium Protect manages native operating-system protections while Tanium sensors and actions enable third-party protections to be deployed and managed at scale. Even active investigation of alerts using Tanium Trace is possible using the integrated Tanium platform. Each of these product modules, while improving efficiency, also eliminates agents and infrastructure associated with their comparable point tools.