FireceFinancialIT on Tanium hiring Mandiant executives while moving into the cyber forensics business to compete directly with FireEye, Intel Security, and others:
“What Tanium has been lacking is when you do find something suspicious in your environment, when you see a piece of malware there, having the ability to go very deep into one particular affected system and look back in time,” said Joe Lea, senior director of product management. “How did the person get onto this machine? Where did they come from? What did they do? What exactly happened on this endpoint?”
The new Trace tool leverages the Tanium agents that deliver near real-time enterprise visibility to look at several core categories of events, such as network connections, file creations or changes, registry changes and more. By analyzing exactly what has happened, how malware entered an endpoint and what it affected once it entered, the system collects deeper knowledge of how to rebuild the endpoint in a way to make it less vulnerable, Lea said.
While investigative work on adding this capability began last fall, two recent executive hires, chief security architect Ryan Kazanciyan and more recently chief security architect Dave Damato, added input into the development of the capabilities, Lea said. Both Damato and Kazanciyan joined from Mandiant, and bring hands-on experience working on big breaches.
Interesting hires. Mandiant is one of the best in the industry when it comes to forensics so this is likely a big win for Tanium, an up-and-coming startup with some really good technology.
Disclosure: I work for Intel Security, a Tanium competitor.