SOLVED
Home

ATA considered a HIDS or NIDS or something else?

%3CLINGO-SUB%20id%3D%22lingo-sub-745883%22%20slang%3D%22en-US%22%3EATA%20considered%20a%20HIDS%20or%20NIDS%20or%20something%20else%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-745883%22%20slang%3D%22en-US%22%3E%3CP%3ELike%20the%20subject%20says.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20Advanced%20Threat%20Analytics%20considered%20a%20HIDS%20or%20NIDS%20or%20something%20else%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20why.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-745883%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdvanced%20Threat%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-755319%22%20slang%3D%22en-US%22%3ERe%3A%20ATA%20considered%20a%20HIDS%20or%20NIDS%20or%20something%20else%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-755319%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F373635%22%20target%3D%22_blank%22%3E%40precedent%3C%2FA%3E%26nbsp%3B%20ATA%20is%20an%20abnormal%20behavior%20detection%20product.%26nbsp%3B%3CSPAN%3EUEBA%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EATA%20technology%20detects%20multiple%20suspicious%20activities%2C%20focusing%20on%20several%20phases%20of%20the%20cyber-attack%20kill%20chain%20including%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EReconnaissance%2C%20during%20which%20attackers%20gather%20information%20on%20how%20the%20environment%20is%20built%2C%20what%20the%20different%20assets%20are%2C%20and%20which%20entities%20exist.%20Typically%2C%20this%20is%20where%20attackers%20build%20plans%20for%20their%20next%20phases%20of%20attack.%3C%2FLI%3E%0A%3CLI%3ELateral%20movement%20cycle%2C%20during%20which%20an%20attacker%20invests%20time%20and%20effort%20in%20spreading%20their%20attack%20surface%20inside%20your%20network.%3C%2FLI%3E%0A%3CLI%3EDomain%20dominance%20(persistence)%2C%20during%20which%20an%20attacker%20captures%20the%20information%20that%20allows%20them%20to%20resume%20their%20campaign%20using%20various%20sets%20of%20entry%20points%2C%20credentials%2C%20and%20techniques.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EYou%20can%20find%20more%20information%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fadvanced-threat-analytics%2Fwhat-is-ata%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
precedent
Occasional Visitor

Like the subject says. 

 

Is Advanced Threat Analytics considered a HIDS or NIDS or something else?

 

And why.

1 Reply
Solution

@precedent  ATA is an abnormal behavior detection product. UEBA 

 

ATA technology detects multiple suspicious activities, focusing on several phases of the cyber-attack kill chain including:

  • Reconnaissance, during which attackers gather information on how the environment is built, what the different assets are, and which entities exist. Typically, this is where attackers build plans for their next phases of attack.
  • Lateral movement cycle, during which an attacker invests time and effort in spreading their attack surface inside your network.
  • Domain dominance (persistence), during which an attacker captures the information that allows them to resume their campaign using various sets of entry points, credentials, and techniques.

You can find more information here.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
48 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies