First published on CloudBlogs on Aug 07, 2017
The General Data Protection Regulation (GDPR) strengthens the right of individuals in the European Union (EU) to control their personal data and requires organizations to bolster their privacy and data protection measures. Enterprise Mobility + Security (EMS) technologies may help you meet these new requirements. In the whitepaper “ Beginning Your GDPR Journey ,” we introduced five key use case scenarios relevant to data protection, where Microsoft Enterprise Mobility + Security (EMS) technologies may provide critical support:
The General Data Protection Regulation (GDPR) strengthens the right of individuals in the European Union (EU) to control their personal data and requires organizations to bolster their privacy and data protection measures. Enterprise Mobility + Security (EMS) technologies may help you meet these new requirements. In the whitepaper “ Beginning Your GDPR Journey ,” we introduced five key use case scenarios relevant to data protection, where Microsoft Enterprise Mobility + Security (EMS) technologies may provide critical support:
- How to provide persistent data protection on-premises and in the cloud
- How to grant and restrict access to data
- How to gain visibility and control of data in cloud apps
- How to protect data in mobile devices and applications
- How to detect data breaches before they cause damage
Uncover suspicious activity and pinpoint threats
Microsoft Advanced Threat Analytics (ATA) is an on-premises solution that leverages deep packet inspection (DPI) technology to analyze network traffic, as well as data from your SIEM and Active Directory. ATA analyzes this information to create dynamic behavioral profiles for each entity in your organization and builds an Organizational Security Graph (an entity interaction visual map representing the context and activities of users, devices and resources). After building an interaction map, ATA identifies abnormal behavior of entities, as well as advanced attacks and security risks, without the need to create rules, policies, or install desktop and server agents. Microsoft Advanced Threat Analytics focuses on detecting the following suspicious behaviors:- Abnormal behavior : ATA uses Machine Learning algorithms to identify normal and abnormal entity behavior and will detect anomalous logins, abnormal resource access, and even unusual working hours.
Advanced Threat Analytics – Abnormal User Behavior Alert
- Advanced attacks in near real-time based on TTPs : ATA uses Deep Packet Inspection technology and information from other sources to identify advanced attacks such as Pass-the-Hash, Pass-the-Ticket, Overpass-the-Hash, Forged PAC, Golden Ticket, and Remote Execution on the Domain Controllers, Skeleton Key Malware, Honey token activities and more.
Advanced Threat Analytics – Known Malicious Attack detection
- Known security issues and risks : ATA identifies known security issues and risks such as service account exposed passwords in cleartext over the network, broken trust, weak protocols and other protocol vulnerabilities.
Advanced Threat Analytics – Detection of Known Security Issues
The constant reporting of traditional security tools and the need to sift through them to locate the important and relevant alerts can be overwhelming. ATA provides an attack timeline - a clear, efficient, and convenient feed that surfaces the right things in a visual timeline, giving you the power of perspective on the who, what, when, and how. ATA also provides recommendations for investigation and remediation for each suspicious activity.As always, the team at Microsoft encourages to you explore further:
- Understand Microsoft Advanced Threat Analytics and how it works in this video
- Download our Whitepaper to understand how EMS can support your GDPR compliance journey
- Read additional content on the Microsoft GDPR Website
- Try Microsoft Advanced Threat Analytics for Free to explore the features we’ve discussed
Published Sep 08, 2018
Version 1.0Advanced Threat Analytics Team
Copper Contributor
Joined September 05, 2018
Security, Compliance, and Identity Blog
Follow this blog board to get notified when there's new activity