Forum Discussion

StevenHiggins's avatar
StevenHiggins
Copper Contributor
Jul 17, 2017

Advanced Threat Analytics Licensing

I posted this in Yammer as well, and do apologize if you've found it in both places.

Have a bit of a licensing conundrum with Advanced Threat Analytics, and I hope someone can help. I have reviewed the Licensing Datasheet, the setup guide, and did quite a bit more research (including posts in this community), but an answer still eludes me.

The scenario: A customer wants to license everyone with ATA per-user via EM+S (but the problem exists with any per-user licensing model). There exists in the customer infrastructure a 3-tiered app with machines that request files or data from other machines. These machines will have service accounts in AD, but they are not end-user accessed.

Given no other information, I'd say 'license the service accounts with an ATA user license'. But deprecated user accounts (previously beating hearts) are monitored without having to be licensed; and I've balked on the possibility that situation implies any non-human account could be covered without having to be licensed. Plus, verbiage from the licensing guide:
𝑨𝑻𝑨 π’π’Šπ’„π’†π’π’”π’†π’” 𝒂𝒓𝒆 π’“π’†π’’π’–π’Šπ’“π’†π’… π’π’π’π’š 𝒇𝒐𝒓 π’„π’π’Šπ’†π’π’• 𝑢𝑺𝑬𝒔 (𝒐𝒓 𝒔𝒆𝒓𝒗𝒆𝒓 𝑢𝑺𝑬𝒔 𝒖𝒔𝒆𝒅 𝒂𝒔 π’„π’π’Šπ’†π’π’• 𝑢𝑺𝑬𝒔) 𝒕𝒉𝒂𝒕 𝒂𝒓𝒆 𝒐𝒏 𝒐𝒓 𝒂𝒄𝒄𝒆𝒔𝒔𝒆𝒅 π’ƒπ’š 𝒆𝒏𝒅 𝒖𝒔𝒆𝒓 π’…π’†π’—π’Šπ’„π’†π’” π’‚π’–π’•π’‰π’†π’π’•π’Šπ’„π’‚π’•π’†π’… π’ƒπ’š 𝒂𝒏 π‘¨π’„π’•π’Šπ’—π’† π‘«π’Šπ’“π’†π’„π’•π’π’“π’š π’Žπ’‚π’π’‚π’ˆπ’†π’… π’ƒπ’š 𝑨𝒅𝒗𝒂𝒏𝒄𝒆𝒅 𝑻𝒉𝒓𝒆𝒂𝒕 π‘¨π’π’‚π’π’šπ’•π’Šπ’„π’”.
^This leaves me with the distinct impression that licenses are not required, but not an assurance.

Can anyone provide a solid answer?

Thanks,

4 Replies