Endpoint monitoring

We can work with your organisation to help with endpoint monitoring.

Our experience regarding intrusions around the world shows that targeted threat actors maintain remote access to an environment for 6-18 months before being detected. Unfettered access can linger on for years and sometimes never be detected. We can provide your organisation with a service that allows risk to be realised, with respect to the visibility and coverage we have of the environment, so that your exec board understand exposure.

We have a strategic alliance with Tanium, a market leading endpoint threat detection solution, and we have been working together since 2013. This sophisticated software, combined with our expertise and experience, provides unrivalled endpoint visibility. We use this solution both to push our proprietary threat intelligence out to the endpoints, and to pull back data to analyse for signs of current and historic compromises.

We are uniquely qualified to derive maximum benefit from any Tanium deployment: we have a rich set of bespoke content for Tanium, are Tanium’s first accredited consulting partner, and have managed more deployments than any organisation other than Tanium themselves. Tanium’s real-time data collection provides our experienced threat hunting team with telemetry from up to hundreds of thousands of endpoints in seconds, enabling the rapid and comprehensive identification of malicious activity. It also accelerates any corrective action, whether that means applying a patch to an entire enterprise or performing a remote forensic investigation, thereby reducing business risk.

We also use Tanium to:

  • Push out host-based indicators of compromise (IOCs) across an estate, alerting our team to every host which matches the IOC;
  • Enable our threat intelligence teams to pull telemetry (e.g. details of all running processes) from all endpoints several times per day for analytics;
  • Remotely and forensically preserve live memory and other volatile artefacts necessary for triage and future investigation, minimising the need for labour-intensive deep dive forensics;
  • Enable action to be taken on malicious processes and services – these can be stopped on a single machine, or across an entire enterprise; and,
  • Integrate custom packages for detection and investigation.

Contact us

Kris  McConkey

Kris McConkey

Cyber Threat Operations Lead Partner, PwC United Kingdom

Tel: +44 (0)7725 707360

Oliver Smith

Oliver Smith

Threat Detection & Response - Director, PwC United Kingdom

Tel: +44 (0)7718 339 124

Follow us