Enterprise Mobility and Security Blog

ems_business-scenario-insights-1

Automate Advanced Threat Analytics Lightweight Gateway deployment with Powershell

Guest post by Cathy Smith, Senior Consultant, Cybersecurity Group. This blog discusses an open-source project that Cathy leads that automates ATA Lightweight deployment with Powershell. We are happy to share this project and encourage the ATA ecosystem to contribute here! Advanced Threat Analytics (ATA) Version 1.6 introduced a new deployment option, the ATA Lightweight Gateway,...

Continue reading

ems-hybrid-cloud_webinars_square

How to simulate and detect attacks with the Advanced Threat Analytics Playbook

One of the biggest pieces of feedback the Advanced Threat Analytics (ATA) team has received is a request for a clear, easy way to simulate attacks and see how ATA detects them. So that’s exactly what we did. We’ve written a playbook that contains: A step-by-step guide to simulating different techniques used in real-world advanced attack...

Continue reading

EMS_Security1

Ransomware lateral movement, and how Microsoft Advanced Threat Analytics can help

This post is authored by Arbel Zinger, Program Manager, Advanced Threat Analytics Product Team Companies across the globe were affected by an increased amount of ransomware attacks that caused an estimated damage of $1 billion. Ransomware attacks are becoming more powerful and crafty to force victims to pay their ransoms. Ransomware is now looking for...

Continue reading

Cybersecurity attackers toolkit – what you need to know

Cyber attackers have many tools available to them to infiltrate an enterprise network, find that sensitive piece of data they’re looking for, and exfiltrate it from your enterprise. In conversations with customers, I’ve found that some are familiar with these tools; however, many aren’t, or they are not fully aware of how powerful these tools...

Continue reading

Mechanics_icon

Introducing Microsoft Advanced Threat Analytics for your Datacenter

This post was authored by Michael Dubinsky, Senior Program Manager, Microsoft Advanced Threat Analytics. On today’s episode of Microsoft Mechanics we take a look at how Microsoft Advanced Threat Analytics (ATA) detects advanced attacks and insider threats in your environment. My name is Michael Dubinsky, and I lead the product team for Microsoft ATA. In...

Continue reading

Eliminating plaintext passwords with Microsoft Advanced Threat Analytics using LDAP

I may be stating the obvious, but it’s incredibly important to identify applications, servers, and sensitive accounts that should be using encryption. What we find all too frequently, however, is that passwords are being sent in plaintext in most enterprises. Here’s what you need to know about identifying these vulnerabilities and, more importantly, how to...

Continue reading

Will Advanced Threat Analytics help me with all operating systems?

A frequent question I get from customers is, will Microsoft’s Advanced Threat Analytics (ATA) help me detect suspicious activity on my network, regardless of the operating systems in my environment? “YES!” is the short answer. Any user or entity that connects to the network via Active Directory (AD), queries the DNS servers, or authenticates with AD...

Continue reading

Uncover insider threats, blind spots in your network with Advanced Threat Analytics

You’ve probably heard time and again that more than 63% of network intrusions are due to compromised user credentials. Once on the network, the adversary remains undetected for months. You’ve spent years building up your perimeter and have a comprehensive protection strategy in place. That said, attackers are still coming through and/or you are worried about...

Continue reading

Introducing Advanced Threat Analytics v 1.7!

Today, we are pleased to announce the public release of Advanced Threat Analytics (ATA) v 1.7! This is a key release for ATA with several exciting features and improvements. In my last blog post where I announced the ATA v 1.6 release, I shared that ATA has been monitoring over 5 million users and 10...

Continue reading

ATA Behavior Analysis Monitoring

Intro ATA analyzes and learns user and entity behavior by aggregating data from various data sources, such as deep packet inspection of domain-controller traffic, windows events, and data provided by SIEM systems. After ATA begins gathering information about Active Directory traffic and correlating that information with AD components, it will scan for abnormal behavior and...

Continue reading