A technology and go-to-market alliance between Microsoft and Tanium will provide deeper integration with Microsoft Sentinel and Defender. Tanium on Tuesday became the latest provider to join the Microsoft Intelligent Security Association (MISA) program.

MISA is Microsoft’s ecosystem of MSSPs and independent software vendors (ISVs) that offer security software. Since launching MISA in 2018 and expanding it to include MSSPs in 2020, it has grown to roughly 480 members. BigID, iBoss, ReliaQuest, Picus Security and Rackspace are among the latest that Microsoft admitted to the program this year.

Tanium qualified to become part of MISA after integrating its namesake cloud-based platform with Microsoft Sentinel.

Tanium’s Rob Jenks

“What we’re doing with Microsoft is bringing Tanium’s real-time data and visibility and control to their security portfolio in order to take advantage of the best that we both have to offer,” said Rob Jenks, Tanium’s senior VP of corporate strategy. “We’re backing that up with a number of integrations that would enable security operators to use the Microsoft security tooling, but from within those tools take advantage of Tanium’s ability to bring data in real-time at scale and to take action.”

Jenks told Channel Futures that Tanium recently integrated its extended detection and response (XDR) platform with Sentinel, Microsoft’s security information and event management (SIEM) platform. It’s now in the Microsoft Commercial Marketplace, and Tanium said it would soon be available in the Sentinel Content Hub. The hub is a repository of third-party data connectors, parsers, workbooks, analytics rules, notebooks, watchlists and playbooks. The playbooks are Azure Logic Apps custom connectors that enable automated investigations, remediations and response options in Microsoft Sentinel. By releasing the Tanium solution to the marketplace, customers can apply purchases to their Microsoft Azure Consumption Commitments (MACC).

Improving Visibility and Accelerating Remediation

The integration of Tanium with Azure Sentinel promises to expand the visibility of real-time threat time telemetry, according to Tanium. Consequently, Tanium said it would enable faster remediation, patching and active threat hunting.

Besides joining MISA, Tanium is signaling to partners and customers that it has forged tight ties with Microsoft.

“It’s driving what is a rapidly deepening and broadening strategic relationship with Microsoft, accompanied by a number of different technical integrations and charge activity in the market,” Jenks said.

Asked about uptake for Azure Sentinel since Microsoft entered the SIEM market in 2019, Jenks noted its inclusion with Azure.

“Customers and MSSPs themselves are entitled to Sentinel, and it’s often part of a suite of things that they license from Microsoft,” Jenks said.

But does that mean they’re using it for SIEM?

“What we’re seeing is that there’s a lot of interest in enhancing what you can do with Sentinel, in this case with Tanium. In order to further adapt Sentinel, we’re finding that both from Microsoft itself and from our customers and partners. I think there’s an opportunity to drive further adoption of it,” added Jenks.

Most Tanium partners are also Microsoft partners, Jenks noted, adding there are appealing reasons to use Azure Sentinel.

“One of the key benefits is that as a part of the Microsoft portfolio, it offers native Azure deployment and seamless integration to cloud workloads on Azure, etc.,” he said. “It’s a very open platform. And we’ve found it very easy to integrate stuff into Sentinel. We also integrate with our other stuff out there, and I think it’s been particularly straightforward to get our data into Sentinel, and to take advantage of Tanium.”

Integration Road Map

The partnership isn’t only about Microsoft Sentinel, though, Jenks noted, noting the companies have a road map of other integrations. While Tanium already provides Microsoft Defender alerts, customers and partners will be able to act on them in the future.

“We’re adding the ability to take actions using Tanium-based on alerts and other signals that Defender surfaces from within Defender, [creating] a seamless see a problem, fix the problem [capability] from within Defender by using Tanium,” Jenks said.

Tanium is also working with Microsoft’s Active Directory team to enable geo-trust and conditional access use cases, Jenks added. Also, the two companies are working on applying Azure Analytics to Tanium data to enable deeper insights and automation.

While Tanium also has partnerships with Amazon Web Services and Google Cloud, Jenks described Microsoft as a more “strategic” alliance.

“This is way more strategic from a product and a joint go-to-market perspective,” he said.

For its part, Microsoft recently expanded its Defender portfolio with enhanced threat protection capabilities. The company has also added direct access from Defender to Microsoft Sentinel.