Enterprise Mobility and Security Blog

RSS

Automate Advanced Threat Analytics Lightweight Gateway deployment with Powershell

Guest post by Cathy Smith, Senior Consultant, Cybersecurity Group. This blog discusses an open-source project that Cathy leads that automates ATA Lightweight deployment with Powershell. We are happy to share this project and encourage the ATA ecosystem to contribute here! Advanced Threat Analytics (ATA) Version 1.6 introduced a new deployment option, the ATA Lightweight Gateway,...

Continue reading

How to simulate and detect attacks with the Advanced Threat Analytics Playbook

One of the biggest pieces of feedback the Advanced Threat Analytics (ATA) team has received is a request for a clear, easy way to simulate attacks and see how ATA detects them. So that’s exactly what we did. We’ve written a playbook that contains: A step-by-step guide to simulating different techniques used in real-world advanced attack...

Continue reading

Ransomware lateral movement, and how Microsoft Advanced Threat Analytics can help

This post is authored by Arbel Zinger, Program Manager, Advanced Threat Analytics Product Team Companies across the globe were affected by an increased amount of ransomware attacks that caused an estimated damage of $1 billion. Ransomware attacks are becoming more powerful and crafty to force victims to pay their ransoms. Ransomware is now looking for...

Continue reading

Introducing Microsoft Advanced Threat Analytics for your Datacenter

This post was authored by Michael Dubinsky, Senior Program Manager, Microsoft Advanced Threat Analytics. On today’s episode of Microsoft Mechanics we take a look at how Microsoft Advanced Threat Analytics (ATA) detects advanced attacks and insider threats in your environment. My name is Michael Dubinsky, and I lead the product team for Microsoft ATA. In...

Continue reading

Understanding ATA Suspicious Activity Alerts

Advanced Threat Analytics (ATA) detects a variety of suspicious activities (SA) in different phases of the attack-kill-chain. The information appears in the ATA console in a clear and efficient social network-type timeline that helps the security admin filter out noise to identify actual suspicious activities. ATA only raises alerts once it has aggregated suspicious activities...

Continue reading

Advanced Threat Analytics Event Log Collection

Network traffic collection is the main data source Advanced Threat Analytics (ATA) uses to detect threats and abnormal behavior. It also analyzes event log ID 4776, and will likely collect additional events in the future. This is why we’re devoting a topic to understanding methods and configuration for event collection. You can configure the ATA...

Continue reading

Introducing Advanced Threat Analytics v 1.7!

Today, we are pleased to announce the public release of Advanced Threat Analytics (ATA) v 1.7! This is a key release for ATA with several exciting features and improvements. In my last blog post where I announced the ATA v 1.6 release, I shared that ATA has been monitoring over 5 million users and 10...

Continue reading

ATA Behavior Analysis Monitoring

Intro ATA analyzes and learns user and entity behavior by aggregating data from various data sources, such as deep packet inspection of domain-controller traffic, windows events, and data provided by SIEM systems. After ATA begins gathering information about Active Directory traffic and correlating that information with AD components, it will scan for abnormal behavior and...

Continue reading

Best Practices for Securing Advanced Threat Analytics

Today we are discussing best practices for securing Advanced Threat Analytics (ATA). ATA is somewhat unique in its role within a network environment. Like many other security products, ATA is typically deployed and managed as a system by the IT Operations Team, but the detections ATA provides are of key value to the Security Operations...

Continue reading