Viimeisin kampanjatiedotteemme on ilmestynyt 19.2.24, kts tarkemmat tiedot KAMPANJA-linkistä!

Softa SuperStore

26.02.2024 • • 06:12

Asiakaspalvelu
ark. 10.30 - 16
09 - 3424 370
 

          TUOTEHAKU

 TUOTERYHMÄT

 Muokkaa evästevalintoja
Näytä ostoskori
PÄÄVALIKKO
 
Luotettava Kumppani –yritys
 
Veloitukseton päivitysmuistutuspalvelu!
 
Softa SuperStore - yksi Suomen vahvimmista!

 

Microsoft Advanced Threat Analytics

Microsoft Advanced Threat Analytics (ATA) is an on-premises product that helps IT security professionals protect their enterprise from advanced targeted attacks by automatically analyzing, learning, and identifying normal and abnormal behavior among entities (users, devices, and resources). ATA also helps identify known malicious attacks, security issues and risks using world-class, cutting edge research in behavioral analytics to help enterprises identify security breaches before they cause damage.

Licensing Options
ATA is licensed either standalone with a Client Management License (CML) – available per User or per Operating System Environment (OSE).

Please see the Advanced Threat Analytics FAQ for additional details.

About Advanced Threat Analytics

One of the common complaints in IT security is the flood of security reports and false positives. With this in mind, ATA is designed to help IT focus on what is important in a simple and fast way. After detection of suspicious activities, ATA provides clear and relevant threat information on a simple attack timeline with recommendations for investigation and remediation.

ATA detects:

  • Analysis for abnormal behaviorAbnormal user behavior: Behavioral analytics leverage Machine Learning to uncover questionable activities and abnormal behavior. (Anomalous logins, Unknown threats, Password sharing, Lateral movement).
  • Malicious attack detectionMalicious attacks: ATA detects known malicious attacks almost as instantly as they occur. (Pass-the-Ticket, Pass-the-Hash, Overpass-the-Hash, Forged PAC (MS14-068), Remote execution, Golden Ticket, Skeleton key malware, Reconnaissance, Brute Force).
  • Alerts for known security issues and risksKnown security issues and risks: ATA identifies known security issues using world-class security researchers’ work. (Broken trust, weak protocols, known protocol vulnerabilities).
Changing nature of cyber-security attacks

Today, the topic of cyber-security has moved from IT and the datacenter to the highest levels of the boardroom. Attacks and threats have grown substantially more sophisticated in frequency and severity. Attackers reside within a network an average of eight months before they are even detected. In the vast majority of attacks, they compromise user credentials and they are increasingly using legitimate IT tools rather than malware.

You are now working under the assumption of a breach. How do you find the attackers—before they cause damage?

Microsoft Advanced Threat Analytics

Traditional IT security tools provide limited protection against sophisticated cyber-security attacks when user credentials are stolen. Initial set up, creating rules, and fine-tuning are cumbersome and may take years. Every day, you receive several reports full of false positives. Most of the time, you don’t have the resources to review this information and even

if you could, you may still not have the answers, since these tools are designed to protect the perimeter, primarily stopping attackers from gaining access. Today’s complex cyber-security attacks require a different approach.

Microsoft Advanced Threat Analytics (ATA) provides a simple and fast way to understand what is happening within your network by identifying suspicious user and device activity with built-in intelligence and providing clear and relevant threat information on a simple attack timeline.

Microsoft Advanced Threat Analytics leverages deep packet inspection technology, as well as information from additional data sources (Security Information and Event Management and Active Directory) to build an Organizational Security Graph and detect advanced attacks in near real time.

What is Microsoft Advanced Threat Analytics?

ATA is an on-premises platform to help you protect your enterprise from advanced targeted attacks by automatically analyzing, learning, and identifying normal and abnormal entity (user, devices, and resources) behavior.

Benefits

Detect threats fast with behavioral analytics                    Detect suspicious activities and malicious attacks with behavioral analytics
Using its proprietary algorithm, Microsoft Advanced Threat Analytics works around the clock to help you pinpoint suspicious activities in your systems by profiling and knowing what to look for. No need for creating rules, fine-tuning, or monitoring a flood of security reports, since the intelligence needed is built in. ATA also identifies known advanced attacks and security issues.

Adapt as fast as your enemiesAdapt to the changing nature of cyber-security threats
ATA continuously learns the behavior of organizational entities (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. As attacker tactics get more sophisticated, ATA helps you adapt to the changing nature of cyber-security threats with continuously-learning behavioral analytics.

Focus on what’s important using the simple attack timeline Focus on what is important with a simple attack timeline
The constant reporting of traditional security tools and sifting through them to locate the important and relevant alerts can get overwhelming. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the who, what, when, and how. ATA also provides recommendations for investigation and remediation for each suspicious activity.

Reduce false positive fatigueReduce false positive fatigue
Traditional IT security tools are often not equipped to handle the rising amounts of data, turning up unnecessary red flags and distracting you from the real threats. With ATA, these alerts happen once suspicious activities are contextually aggregated to its own behavior, as well as to the other entities in its interaction path. The detection engine also automatically guides you through the process, asking you simple questions to adjust the detection process according to your input.

Key features

Behavioral analytics
ATA begins to understand entity behaviors while also automatically adjusting to known and approved changes in the enterprise. For instance, certain users have access to a specified set of servers, folders, and directories and the system learns their activity from the tools and resources they normally use.

Simple, actionable attack timeline
ATA’s attack timeline makes your job easier and security measures better by listing questionable activities as they occur, accompanied with recommendations based on the specific activity alert.

Mobility support
No matter where your corporate resources reside— within the corporate perimeter, on mobile devices, or elsewhere—ATA witnesses authentication and authorization. This means that external assets like devices and vendors are as closely monitored as internal assets.

Organizational Security Graph
ATA builds an Organizational Security Graph, which is a map of entity interactions representing the context and activities of the users, devices, and resources.

SIEM Integration
ATA works seamlessly with SIEM after contextually aggregating information into the attack timeline. It can collect specific events that are forwarded to ATA from the SIEM. Also, you can configure ATA to send an event to your SIEM for each suspicious activity with a link to the specific event on the attack timeline.

Email Alerts
You can configure ATA to send an email to specific users or groups in your organization when it detects a suspicious activity. Each email will include a link to the specific attack in the ATA attack timeline, keeping the appropriate people up to date on the security issues in your organization, even when they do not monitor the attack timeline.

Seamless deployment
ATA functions as an appliance, either hardware or virtual. It utilizes port mirroring to allow seamless deployment alongside Active Directory without affecting existing network topology. It automatically starts analyzing immediately after deployment. You don’t have to install any agents on the domain controllers, servers or computers.

Softa SuperStore
Softa SuperStore
Softa SuperStore