Happy Friday everyone!

Advanced Persistent Threats (APTs) are long term intrusions in your network where attackers have gained access and take time to plan and gather information of your environment. Target credit card breach and AshleyMadison data breach are two notable and successful APT attacks. Microsoft Advanced Threat Analytics (ATA) is a set of networking monitoring tools combined with SIEM (security information and event management) systems and event log machine learning that helps protected against APTs and unknown threats.

ata-architecture-topology

When compared to Gartner’s Security criteria, ATA arguably covers off on all twelve points. It comes within the Microsoft EMS bundle which leads it to being a very cost effective security solution. See our previous blog post regarding Adaptive Security Architecture for more information.

Documentation for installing ATA can be found here. I highly recommend confirming each step as detailed in the instructions, it helps when troubleshooting the final install. If there was any difficulty in implementing ATA, it comes from planning the architecture and enabling Windows Event Log Collection. The architecture isn’t incredibly complex but does require port mirroring in large organizations and implementations of multiple gateways based on server loads.

Regardless of how or why you installed ATA, what are you being protected from? Microsoft gives a complete list of threats that ATA protects against here. You can also test some of these threat types using methods outlined here.

threats-detected

For the less technical individuals, ATA protects against the dreaded Advanced Persistent Threats. Because of the machine learning components of ATA, it takes time to analyze (21 days in fact) your user’s behaviors and monitor for things out of the daily routine. When attackers have breached your network, they are looking to gather as much information as possible before they make their move. ATA analyzes these types of reconnaissance threats and prevents them executing. ATA also alerts administrators when threats are detected; this gives crucial time to prepare for any attacks and how to mitigate damage based on the type of threat detected.

Overall, Microsoft Advanced Threat Analytics is a next-generation security solution. It protects not only from direct malicious attacks, but compromised credentials and other inevitable end user/administrator over-sights. If you are using Microsoft EMS Suite, I highly suggest implementing ATA for enhanced peace of mind.