Why you need Microsoft Advanced Threat Analytics

Posted on 6 August 2017

Most IT security tools offer limited protection against sophisticated cyber-security attacks. This is because they are designed to stop attackers gaining access by defending the perimeter. As a result they are missing a far greater threat. According to Microsoft, most attackers reside on a network for an average of 8 months before they are detected. This means that your business security focus should be on finding the attackers before they cause you serious damage. Fortunately, help is at hand with Microsoft Advanced Threat Analytics (ATA).

Part of the Enterprise Mobility + Security (EMS) suite, ATA is an on-premises platform that will help to protect your organisation from multiple types of advanced targeted cyber attacks and inside threats.

What does Advanced Threat Analytics do?

ATA detects multiple suspicious activities, focusing on several phases of the cyber-attack kill chain including:

  • Reconnaissance – during which attackers are gathering information on how the environment is built, what are the different assets and entities which exist and are generally building their plan for the next phases of the attack.
  • Lateral movement cycle – during which an attacker invests time and effort in spreading their attack surface inside your network.
  • Domain dominance (persistence) – during which an attacker captures the information allowing them to resume their campaign using various set of entry points, credentials and techniques.

These phases of a cyber attack are similar and predictable, no matter what type of company is under attack or what type of information is being targeted. ATA searches for three main types of attacks: Malicious attacks, abnormal behaviour and security issues and risks.

How does ATA work?

Advanced Threat Analytics takes information from multiple data-sources from logs and events in your network to learn the behaviour of users and other entities in the organization and build a behavioural profile about them. In addition, ATA leverages a proprietary network parsing engine to capture and parse network traffic of multiple protocols (such as Kerberos, DNS, RPC, NTLM and others) for authentication, authorisation and information gathering.

This enables ATA to:

  • Detect suspicious activities and malicious attacks with behavioural analytics
  • Adapt to the changing nature of cyber-security threats
  • Deliver a simple attack timeline that allows you to focus on who, what, when and how
  • Reduce false positives, saving time and money

Identity Experts have extensive experience implementing ATA and have recently completed an implementation on 25 servers in multiple countries across the world for a leading law firm.

To find out more about how ATA can help protect your organisation from cyber attacks, contact us.

A few people we've already done it for