Tanium Threat Intel – A Study of Two Rich-Data Tanium Use Cases for Managing Sophisticated Threats​

Use Case 1: Using Tanium to complement threat-intelligence and your conditional access policies
With the power of Tanium and an IP-based threat feed like Bitsight, you can tailor Conditional Access Policies with your identity provider so risky computers and logins receive 2FA challenges and more scrutiny. Leveraging the BitSight WorkFromHome API coupled with a custom two-line custom Tanium sensor.

Use Case 2: Using Tanium to geolocate endpoints without GPS
By polling the Windows SSID store with Tanium, you can passively geolocate workstations with GPS-like resolution without having a GPS module in your laptops! In this presentation, I demonstrate a beginning-to-end workflow for geolocation of devices without any additional hardware or actively probing for anything!

Additional details:

Session Type
In-Person, Breakout