Network Quarantine overview

With Network Quarantine, you can use your existing Network Access control (NAC) solution to control the communication of both managed and unmanaged endpoints (controlling unmanaged endpoints requires Tanium™ Discover).

NAC devices

With the Network Quarantine service, Tanium products can communicate with a NAC to isolate endpoints. Network Quarantine is supported for use with Cisco Identity Services Engine (ISE) to block by MAC address.

For more information, see Configuring NACs.

Automated rules

If you are using ISE, you can create automated rules to find endpoints that need to be quarantined. Automated rules use saved questions to identify endpoints that are causing violations. You can then quarantine these endpoints. For more information, see Quarantine with automated rules.

Product integration

Tanium™ Connect

Network Quarantine generates events when the NAC starts or stops, or when an endpoint is quarantined. You can send notifications about these events to destinations such as email, security information and event management (SIEM) software, or a file by creating a connection in Connect. For more information, see Configuring notifications.

Tanium Discover

When the Network Quarantine service is configured with Tanium Discover, you can also quarantine a MAC address directly from the Discover Interfaces pages. For more information, see the Tanium Discover User Guide.