Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Contact us Visit the contact us page
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
IDC Study: Customers cite 407% ROI with Google Chronicle. Learn More IDC Study: Customers cite 407% ROI with Google Chronicle. .
Building a Modern Endpoint Architecture with Tanium
building-a-modern-endpoint-architecture-with-tanium
August 4, 2020

Today, we are announcing an expanded partnership with Tanium, which includes joint solutions between Tanium Threat Response and Chronicle for security analytics, along with BeyondCorp Remote Access, our cloud solution for the zero trust access system used to protect Google itself. The integration between Threat Response and Chronicle, sold by Tanium, is available now. We’re also furthering our integration between Tanium and BeyondCorp as a next step in our partnership. Our vision is to provide an integrated solution for securing endpoint devices and operating systems, browser-based access, and analyzing all activity for unusual behavior and threats.

A fundamental design principle of the Chronicle platform is the ability to manage massive amounts of security telemetry, easily and over long periods of time. Log volumes have grown, and legacy systems have struggled to keep up from a cost and speed perspective. More recently, the rise of Endpoint Detection and Response (EDR) solutions has accelerated this data growth. As more IT systems move from the data center to the cloud, corporate endpoints have become the central point for security and control.

The combination of an EDR solution and Chronicle is our most common customer use case. EDRs can generate huge volumes of extremely useful and detailed telemetry — including registry key alterations, file hashes, and process trees — but aren’t built for long term retention of that telemetry. Moreover, EDRs don’t correlate network, proxy, and other data from elsewhere in the architecture. For customers looking to secure their endpoints from modern threats, use that data to detect other threats and investigate incidents, a Chronicle-Endpoint Security integration is a helpful solution.

Integrating Tanium Endpoint Data into Chronicle

We announced an early partnership with Tanium in 2019. Since then, we’ve made great progress integrating Tanium Threat Response and Chronicle. With this integration, Tanium endpoint telemetry is automatically sent to Chronicle, where it is linked with other data, analyzed for new threats, and retained for instant investigation for a year by default. Unlike EDR vendors, Tanium provides unified endpoint security and management, offering capability including device inventory, configurations, and patches to ensure good hygiene and limit the attack surface. The ability to manage configurations and also detect threats enables better protection and response for our customers.

Detection Rules on Endpoint Telemetry

Google Cloud is excited to work with Tanium to help our joint customers deploy this unique and powerful Chronicle-Tanium integration. You can read the joint press release here and can get additional perspective from Anton Chuvakin, former Gartner analyst and current Google Cloud strategist here. Tanium customers can contact their account managers to learn more. Join us on August 20 for a webinar to learn more and see the products in action.

Let’s work together

Ready for Google-speed threat detection and response?

Contact us Visit the contact us page