Security analysis with Microsoft Advanced Threat Analytics

Under the Radar

Finding the Correct License

ATA is licensed via the Enterprise Client Access License (CAL) Suite, Enterprise Mobility Suite (EMS), or Enterprise Cloud Suite (ECS). Enterprises will need to contact their Microsoft partner who is best able to plan the licensing details. Basically, you can license ATA by user or by installed device. The price is around $60 per device or $80 per user. However, you only need to license the devices that users access with Active Directory login information.

The number thus mainly depends on two factors: the number of domain controllers on your network, and the number of Active Directory users and computers on the network that the DC needs to authenticate. Although ATA monitors the network for attacks on disabled user accounts, you do not need to license those accounts. If you connect ATA with a SIEM, you do not need a special license for that link.

Enterprises that use the Enterprise Client Access License (ECAL) suite have been able to use ATA free of charge since August 2015. All licenses for ATA are included in the ECAL. Companies that deploy the Enterprise Mobility Suite (EMS) or Enterprise Cloud Suite (ECS) can also use ATA free of charge. However, if you do not have a license for all users of devices with ECAL, EMS, or ECS, you need to purchase ATA CALs for the missing users.

Uninstalling the ATA Center and the ATA gateways is just as easy as installing. If you decide to stop using the solution, simply call the installed program management on the servers involved and uninstall the gateway or Center there – depending on what you want to remove. Afterward, it is a good idea to reboot the remaining servers in the ATA infrastructure so they can parse the new configuration files.

Conclusions

Microsoft Advanced Threat Analytics is an easy-to-use tool that helps you monitor your network security. If you have BYOD-style users with smartphones, tablets, home computers, or multiple workstations spread over various branches, using ATA makes sense.

You do not need a trained security expert to deploy ATA; you simply set up the ATA Center and a gateway. The software immediately starts monitoring and informs you of any suspicious activity. Admins who want to keep their networks as secure as possible but do not have the budget or time for complex security audits would do well to try ATA.

Infos

Active Directory developer blog: http://blogs.technet.com/b/ad/archive/2015/05/04/microsoft-advanced-threat-analytics-public-preview-release-is-now-available.aspx/
System requirements on TechNet: https://technet.microsoft.com/en-US/library/dn707709.aspx/
TechNet forum: https://social.technet.microsoft.com/Forums/security/en-US/home?forum=mata/

The Author

Thomas Joos is a freelance IT consultant and has been working in IT for more than 20 years. Additionally, he writes hands-on books and papers on Windows and other Microsoft topics. Online, you can meet him at http://thomasjoos.spaces.live.com.

« Previous 1 2 3