Security analysis with Microsoft Advanced Threat Analytics

Under the Radar

Finding the Correct License

ATA is licensed via the Enterprise Client Access License (CAL) Suite, Enterprise Mobility Suite (EMS), or Enterprise Cloud Suite (ECS). Enterprises will need to contact their Microsoft partner who is best able to plan the licensing details. Basically, you can license ATA by user or by installed device. The price is around $60 per device or $80 per user. However, you only need to license the devices that users access with Active Directory login information.

The number thus mainly depends on two factors: the number of domain controllers on your network, and the number of Active Directory users and computers on the network that the DC needs to authenticate. Although ATA monitors the network for attacks on disabled user accounts, you do not need to license those accounts. If you connect ATA with a SIEM, you do not need a special license for that link.

Enterprises that use the Enterprise Client Access License (ECAL) suite have been able to use ATA free of charge since August 2015. All licenses for ATA are included in the ECAL. Companies that deploy the Enterprise Mobility Suite (EMS) or Enterprise Cloud Suite (ECS) can also use ATA free of charge. However, if you do not have a license for all users of devices with ECAL, EMS, or ECS, you need to purchase ATA CALs for the missing users.

Uninstalling the ATA Center and the ATA gateways is just as easy as installing. If you decide to stop using the solution, simply call the installed program management on the servers involved and uninstall the gateway or Center there – depending on what you want to remove. Afterward, it is a good idea to reboot the remaining servers in the ATA infrastructure so they can parse the new configuration files.

Conclusions

Microsoft Advanced Threat Analytics is an easy-to-use tool that helps you monitor your network security. If you have BYOD-style users with smartphones, tablets, home computers, or multiple workstations spread over various branches, using ATA makes sense.

You do not need a trained security expert to deploy ATA; you simply set up the ATA Center and a gateway. The software immediately starts monitoring and informs you of any suspicious activity. Admins who want to keep their networks as secure as possible but do not have the budget or time for complex security audits would do well to try ATA.

The Author

Thomas Joos is a freelance IT consultant and has been working in IT for more than 20 years. Additionally, he writes hands-on books and papers on Windows and other Microsoft topics. Online, you can meet him at http://thomasjoos.spaces.live.com.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Endpoint Security for Windows 10
    Windows 10, build 21H1, has numerous protection mechanisms out of the box. We look at the option for delaying updates, the components and features of Microsoft Defender, and recommendations for hardening the operating system.
  • Azure Application Gateway load distribution tool
    In the Azure cloud, Microsoft offers the Azure Application Gateway managed service as a Layer 7 load balancer that needs virtually no internal resources to set up and operate.
  • Open source forensics for adaptive detection of threats on CRITIS networks
    The open source tool Velociraptor is at the heart of a solution that automatically detects cyber threats in industrial environments, offering a defensive strategy and protecting critical infrastructures.
  • Targeted attacks on companies
    Watering hole and spear phishing targeted attacks offer the greatest rewards to cybercriminals. Here's how to protect your company from these types of attacks.
  • CrowdSec crowd security service
    Threats can be detected and averted at an early stage with crowd security, in which organizations form a community to take concentrated action against cyberattacks by sharing attack data. We explain how this strategy works with the CrowdSec cloud service.
comments powered by Disqus