Enterprise Mobility and Security Blog

RSS

How Microsoft EMS can support you in your journey to EU GDPR compliance – Part 6

The General Data Protection Regulation (GDPR) strengthens the right of individuals in the European Union (EU) to control their personal data and requires organizations to bolster their privacy and data protection measures. Enterprise Mobility + Security (EMS) technologies may help you meet these new requirements. In the whitepaper “Beginning Your GDPR Journey,” we introduced five...

Continue reading

Introducing Microsoft Advanced Threat Analytics v1.8!

We are pleased to announce the general availability of Microsoft Advanced Threat Analytics (ATA) v1.8. This is a key release for our customers with several new features and improvements. Cyberattacks continue to get more sophisticated, and so in turn, we must continue to tune our products and detections. As a leading solution in the user...

Continue reading

Automate Advanced Threat Analytics Lightweight Gateway deployment with Powershell

Guest post by Cathy Smith, Senior Consultant, Cybersecurity Group. This blog discusses an open-source project that Cathy leads that automates ATA Lightweight deployment with Powershell. We are happy to share this project and encourage the ATA ecosystem to contribute here! Advanced Threat Analytics (ATA) Version 1.6 introduced a new deployment option, the ATA Lightweight Gateway,...

Continue reading

How to simulate and detect attacks with the Advanced Threat Analytics Playbook

One of the biggest pieces of feedback the Advanced Threat Analytics (ATA) team has received is a request for a clear, easy way to simulate attacks and see how ATA detects them. So that’s exactly what we did. We’ve written a playbook that contains: A step-by-step guide to simulating different techniques used in real-world advanced attack...

Continue reading

Ransomware lateral movement, and how Microsoft Advanced Threat Analytics can help

This post is authored by Arbel Zinger, Program Manager, Advanced Threat Analytics Product Team Companies across the globe were affected by an increased amount of ransomware attacks that caused an estimated damage of $1 billion. Ransomware attacks are becoming more powerful and crafty to force victims to pay their ransoms. Ransomware is now looking for...

Continue reading

Introducing Microsoft Advanced Threat Analytics for your Datacenter

This post was authored by Michael Dubinsky, Senior Program Manager, Microsoft Advanced Threat Analytics. On today’s episode of Microsoft Mechanics we take a look at how Microsoft Advanced Threat Analytics (ATA) detects advanced attacks and insider threats in your environment. My name is Michael Dubinsky, and I lead the product team for Microsoft ATA. In...

Continue reading

Understanding ATA Suspicious Activity Alerts

Advanced Threat Analytics (ATA) detects a variety of suspicious activities (SA) in different phases of the attack-kill-chain. The information appears in the ATA console in a clear and efficient social network-type timeline that helps the security admin filter out noise to identify actual suspicious activities. ATA only raises alerts once it has aggregated suspicious activities...

Continue reading

Advanced Threat Analytics Event Log Collection

Network traffic collection is the main data source Advanced Threat Analytics (ATA) uses to detect threats and abnormal behavior. It also analyzes event log ID 4776, and will likely collect additional events in the future. This is why we’re devoting a topic to understanding methods and configuration for event collection. You can configure the ATA...

Continue reading

Introducing Advanced Threat Analytics v 1.7!

Today, we are pleased to announce the public release of Advanced Threat Analytics (ATA) v 1.7! This is a key release for ATA with several exciting features and improvements. In my last blog post where I announced the ATA v 1.6 release, I shared that ATA has been monitoring over 5 million users and 10...

Continue reading