SOLVED
Home

ATA considered a HIDS or NIDS or something else?

%3CLINGO-SUB%20id%3D%22lingo-sub-745883%22%20slang%3D%22en-US%22%3EATA%20considered%20a%20HIDS%20or%20NIDS%20or%20something%20else%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-745883%22%20slang%3D%22en-US%22%3E%3CP%3ELike%20the%20subject%20says.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20Advanced%20Threat%20Analytics%20considered%20a%20HIDS%20or%20NIDS%20or%20something%20else%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20why.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-745883%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdvanced%20Threat%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-755319%22%20slang%3D%22en-US%22%3ERe%3A%20ATA%20considered%20a%20HIDS%20or%20NIDS%20or%20something%20else%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-755319%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F373635%22%20target%3D%22_blank%22%3E%40precedent%3C%2FA%3E%26nbsp%3B%20ATA%20is%20an%20abnormal%20behavior%20detection%20product.%26nbsp%3B%3CSPAN%3EUEBA%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EATA%20technology%20detects%20multiple%20suspicious%20activities%2C%20focusing%20on%20several%20phases%20of%20the%20cyber-attack%20kill%20chain%20including%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EReconnaissance%2C%20during%20which%20attackers%20gather%20information%20on%20how%20the%20environment%20is%20built%2C%20what%20the%20different%20assets%20are%2C%20and%20which%20entities%20exist.%20Typically%2C%20this%20is%20where%20attackers%20build%20plans%20for%20their%20next%20phases%20of%20attack.%3C%2FLI%3E%0A%3CLI%3ELateral%20movement%20cycle%2C%20during%20which%20an%20attacker%20invests%20time%20and%20effort%20in%20spreading%20their%20attack%20surface%20inside%20your%20network.%3C%2FLI%3E%0A%3CLI%3EDomain%20dominance%20(persistence)%2C%20during%20which%20an%20attacker%20captures%20the%20information%20that%20allows%20them%20to%20resume%20their%20campaign%20using%20various%20sets%20of%20entry%20points%2C%20credentials%2C%20and%20techniques.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EYou%20can%20find%20more%20information%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fadvanced-threat-analytics%2Fwhat-is-ata%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
precedent
Occasional Visitor

Like the subject says. 

 

Is Advanced Threat Analytics considered a HIDS or NIDS or something else?

 

And why.

1 Reply
Solution

@precedent  ATA is an abnormal behavior detection product. UEBA 

 

ATA technology detects multiple suspicious activities, focusing on several phases of the cyber-attack kill chain including:

  • Reconnaissance, during which attackers gather information on how the environment is built, what the different assets are, and which entities exist. Typically, this is where attackers build plans for their next phases of attack.
  • Lateral movement cycle, during which an attacker invests time and effort in spreading their attack surface inside your network.
  • Domain dominance (persistence), during which an attacker captures the information that allows them to resume their campaign using various sets of entry points, credentials, and techniques.

You can find more information here.