Lead Image © fourseasons, 123RF.com
Security analysis with Microsoft Advanced Threat Analytics
Under the Radar
Microsoft Advanced Threat Analytics (ATA) is an extension of the Enterprise Mobility Suite (EMS). The purpose of this on-premises system is to detect suspicious activities on the network that potentially stem from attackers. ATA's focus is attacks on user login data, which explains why the software keeps a close eye on Active Directory (AD) domain controllers. The service is not designed just to protect endpoints such as smartphones or tablets, but also internal networks in Active Directory trees and in Microsoft Azure and Azure Active Directory.
In releasing ATA, Microsoft aims to give enterprises a tool that will protect networks against attacks through a variety of attack vectors. In most companies, users can access the enterprise data with an increasing number of devices and connections. Only a centralized tool like ATA is capable of keeping track of all these devices and detecting attacks quickly.
Setting up the tool is very easy; the network is analyzed immediately after its installation. You install a service that monitors the network and a central acquisition service that prepares the information. The installation can be on dedicated servers or on a server with other roles. Once you install and set up ATA – which should take around 10 minutes – the system starts to analyze the network. If a trojan program or an attacker attempts to read usernames from AD, for example, the tool will detect it and issue an alert in the web interface.
Hidden Attacks on the Network
What kind of attacks does ATA protect you against? According to Microsoft, 76 percent of all attacks on internal networks rely on stolen login credentials. For example, if a user logs on to the file server from their laptop, a large volume of data is transferred. If the user then accesses other services with their credentials, such as SharePoint, CRM, or other solutions, Active Directory creates tickets (hashes)
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Endpoint Security for Windows 10
Windows 10, build 21H1, has numerous protection mechanisms out of the box. We look at the option for delaying updates, the components and features of Microsoft Defender, and recommendations for hardening the operating system. -
Azure Application Gateway load distribution tool
In the Azure cloud, Microsoft offers the Azure Application Gateway managed service as a Layer 7 load balancer that needs virtually no internal resources to set up and operate. -
Advanced monitoring techniques for Azure VMs on Linux
We delve into advanced monitoring methods for enhancing the performance and security of Linux-based Azure virtual machines. -
Reducing the Attack Surface in Windows
The sum total of all possible points of attack can be defined as the attack surface, and you need to take every opportunity to minimize it to the extent possible. Windows has built-in rules that minimize the attack surface; they simply need to be enabled. -
Open source forensics for adaptive detection of threats on CRITIS networks
The open source tool Velociraptor is at the heart of a solution that automatically detects cyber threats in industrial environments, offering a defensive strategy and protecting critical infrastructures.