Microsoft Advanced Threat Analytics (ATA) is a simple and effective solution that helps you protect your enterprise on-prem resources from advanced targeted attacks by automatically analyzing, learning, and identifying normal vs. abnormal entity behavior from users, devices, and other resources.
ATA is the solution we acquired last year from a hot security startup.
For the IT teams working to keep up with the changing nature (and increasing volume) of cyber security attacks, ATA is an incredible tool because it helps you understand what’s happening within your network.
ATA provides this inside look at the potentially harmful activity within your network by identifying suspicious user and device activity with built-in intelligence, and this intelligence filters its feedback such that you see clear, relevant attack information on a simple timeline. ATA does this by creating a graph of the relationships and interactions of users, devices and resources.
ATA also detects known malicious attacks (like Pass-the-Hash, Pass-the-Ticket, Reconnaissance, etc.) and it catches known security issues like broken trust and weak protocols.
How this helps:
The problems caused by compromised user credentials is the #1 issue we hear reported by organizations all over the world.
The reason for this problem is twofold:
First, many end users are still getting up to speed when it comes to understanding the importance of credential security.
Second, the existing security tools are just too cumbersome – they create way too many false positives, they take years to fine tune, and the reports they generate are nearly impossible to read and understand quickly.
Perhaps the most problematic issue of all is how traditional IT security solutions operate once a breach occurs. Getting a massive data dump when you’re trying to identify and isolate the intrusion can take far too long at a time when every second can make or break your organization. It’s counterproductive to have your security software hand you a haystack when you really need a needle.