How Microsoft keeps your data protected
Your infrastructure is moving to the cloud. So are concerns about protecting your infrastructure there. You can’t turn your back on the protection you still need on-premises. Don’t worry, Microsoft has got you covered.
The Microsoft Enterprise Mobility Suite wasÂ created for the cloud, but it keeps one foot on the ground. Microsoft Advanced Threat Analytics (ATA) operates on-premise within your organization. Hereâs what you need to know about its advanced threat detection.
Homeland platform security
ATA wasÂ designed by Microsoft to protect your business from advanced targeted attacks. It analyzes, learns, and identifies user activity. Who are they? What devices do they use? What resources do they access?
ATA warns your IT security staff if someone breaks from their regular resource patternÂ and uses applications or devices at odd times. It might be a sign that an attacker has assumed this userâs identity.
ATA doesnât wait for an attack. It takes a proactive stance with sophisticated automated behavioral analytics. It helps your organization identify suspicious activities as they are happening.
Statistics show that the averageÂ time an attacker resides in your network before detection is 200 or more days. Thatâs a lot of time to be gathering data and information. Plenty of time to set up and strike.Â Your data and your companyâs reputation are at stake. Losses from cybercrime is on target to take a $500 billion bite out of the global economy. The average cost of a data breach to a company is $3.5 million.
Four steps to protection
Once itâs activated, Microsoft ATA gets right to work.
- It analyzes. ATA uses deep packet inspection technology to scan all Active Directory traffic. It can also collect relevant events from other sources, such as SIEM.
- It learns. ATA begins to profile user behavior, learning the devices and resources they use. It builds a map of these interactions and then monitors the matrix.
- It detects. ATA looks for anomalies. Is someone using devices or resources that stray from their usual activity?
- It alerts. If ATA detects suspicious activity, it prepares the information and lets you know. Itâs near real-time monitoring.
ATA can be either hardware or a virtual appliance. It uses port mirroring to deploy alongside Active Directory. Existing network topology isnât affected.
ATA doesnât need any agents on domain controllers, servers, or computers. It goes to work immediately.
ATAâs key features
- Behavioral analytics. ATA gathers and interprets user behavior. It automatically adjusts to known and approved changes.
- A simple actionable attack timeline. ATA details what it finds suspicious. It gives you relevant recommendations.
- Mobility support. ATA is on-premises, but it also monitors external devices.
- Email alerts. ATA can send emails to users and groups if it detects suspicious activity.
A network watchdog
ATA works round the clock. Built-in intelligent learning capabilities keep you from spendingÂ time creating rules and adding information about users to prevent false alerts.
Cyber-attacks constantly change. Your employees change, too. ATA is built to be dynamic. It continuously learns user activity and adjusts itself. ATA applies this same learning method to watch forÂ known cyber-security threats, too.
Traditional security tools rely on constant reporting. It needs to be sorted to find threats. Microsoftâs ATA uses a simple attack timeline. Itâs an efficient feed that reduces the flood of reporting down to a simple who, what, when, and how.
You get recommendations for investigations and suggestions for resolution for each suspicious activity.
ATA doesnât cry wolf
Growing amounts of data are overwhelming IT security methods. It creates red flags that distract you from real threats.
Alerts work differently with ATA. Red flags are raised only when suspicious activities are sufficient, and placed in context by the ATA algorithms. The result is a dramatic reduction in false positives. The detection engine also guides you through its learning process. It asks you simple questions to adjust its detection process.
A new approach
Network log analysis is no longer enough to detect advance cyber-attacks. Thereâs too much data. Itâs like finding a needle in a haystack. If you do find one, itâs likely too late. By the time you spot an anomaly and piece together the threat, a hacker will already have done damage.
Thatâs why approaching it with behavioral analytics makes more sense. Rather than wait for an attack, Microsoftâs ATA watches and predicts.
To learn more about introducing Microsoftâs Advanced Threat Analytics into your enterprise, contact MessageOps today by calling 877-788-1617.