Welcome Xcellator

XcellSecure SM | Microsoft Advanced Threat Analytics

Detect suspicious activity proactively with Microsoft Advanced Threat Analytics

Protect your organisation from advanced threat capabilities

Advanced Threat Analytics provides a solution to help detect advanced attacks such as, Pass the Hash, Ticket and Malware.

7 Days Free Trial Schedule Demo Take Tour Datasheet

The importance of Advanced Threat Analytics
in numbers

146 days

Median number of days an attacker will reside within a network before they are detected.

>63%

Over 50% of all network breaches are down to compromised user credentials.

£380 Billion

The potential cost of cybercrime to the wider, global community.

£2.9 Million

The average cost of a significant data breach to an Enterprise organisation.

Protection against suspicious activities

Advanced Threat Analytics provides a solution to help detect advanced attacks such as, Pass the Hash, Ticket and Malware.

Dramatically reduce the risk of costly damage to your organisation
Succinct, real-time view of your attack timeline
Intelligence to learn what ‘normal behaviour’ looks like on your network and analyse the behaviour
Report on suspicious user activities or device behaviours

Peace of mind for your organisation, with Advanced Threat
Protection

Quickly detect threats with behavioural analytics
Adapt as fast as your potential attackers do
Drill-down into only important events
Reduce false positive
fatigue

Key features

Behavioural Analytics

ATA begins to understand entity behaviors while also automatically adjusting to known and approved changes within the business.

Simple actionable attack timeline

Simple actionable attack timeline to make your job easier, by detailing questionable activities and providing relevant recommendations.

Mobility Support

Mobility Support to closely monitor your external assets like devices, as closely as your internal assets.

Seamless deployment.

ATA functions as an appliance, either hardware or virtual. It utilises port mirroring to allow seamless deployment alongside Active Directory without affecting existing network topology.

Email Alerts

configured send an email to specific users or groups in your organisation when it detects a suspicious activity.

Organizational Security Graph

ATA builds an Organizational Security Graph, which is a map of entity interactions representing the context and activities of the users, devices, and resources.

Easy deployment

ATA can be deployed either as an out of band solution by utilizing port mirroring without effecting the existing environment. ATA can also be deployed directly on the domain controllers without the added overhead of additional servers. Once deployed ATA automatically starts analyzing and detecting suspicious activities.

How ATA works

ATA leverages a proprietary network parsing engine to capture and parse network traffic of multiple protocols (such as Kerberos, DNS, RPC, NTLM, and others) for authentication, authorization, and information gathering. This information is collected by ATA via

  • Port mirroring from Domain Controllers and DNS servers to the ATA Gateway and/or
  • Deploying an ATA Lightweight Gateway (LGW) directly on Domain Controllers

ATA takes information from multiple data-sources, such as logs and events in your network, to learn the behavior of users and other entities in the organization, and builds a behavioral profile about them. ATA can receive events and logs from

  • SIEM Integration
  • Windows Event Forwarding (WEF)
  • Directly from the Windows Event Collector (for the Lightweight Gateway)

Malicious attacks

Malicious attack are detected deterministically, by looking for the full list of known attack types including

Pass-the-Ticket (PtT)
Pass-the-Hash (PtH)
Overpass-the-Hash
Forged PAC (MS14-068)
Golden Ticket
Malicious replications
Reconnaissance & Remote execution
Brute Force

ATA Components

ATA consists of the following components

  • ATA Center
    The ATA Center receives data from any ATA Gateways and/or ATA Lightweight Gateways you deploy.
  • ATA Gateway
    The ATA Gateway is installed on a dedicated server that monitors the traffic from your domain controllers using either port mirroring or a network TAP.
  • ATA Lightweight Gateway
    The ATA Lightweight Gateway is installed directly on your domain controllers and monitors their traffic directly, without the need for a dedicated server or configuration of port mirroring. It is an alternative to the ATA Gateway.

An ATA deployment can consist of a single ATA Center connected to all ATA Gateways, all ATA Lightweight Gateways, or a combination of ATA Gateways and ATA Lightweight Gateways.

Deployment options

You can deploy ATA using the following combination of gateways

  • Using only ATA Gateways
    Your ATA deployment can contain only ATA Gateways, without any ATA Lightweight Gateways: All the domain controllers must be configured to enable port mirroring to an ATA Gateway or network TAPs must be in place.

  • Using only ATA Lightweight Gateways
    Your ATA deployment can contain only ATA Lightweight Gateways: The ATA Lightweight Gateways are deployed on each domain controller and no additional servers or port mirroring configuration is necessary.

  • Using both ATA Gateways and ATA Lightweight Gateways
    Your ATA deployment includes both ATA Gateways and ATA Lightweight Gateways. The ATA Lightweight Gateways are installed on some of your domain controllers (for example, all domain controllers in your branch sites). At the same time, other domain controllers are monitored by ATA Gateways (for example, the larger domain controllers in your main data centers).

In all these scenarios, all the gateways send their data to the ATA Center.

TALK TO OUR SECURITY EXPERT

FREQUENTLY ASKED QUESTIONS

ATA is an on-premises platform to help you protect your business from advanced targeted attacks by automatically analysing, learning, and identifying normal and abnormal entity (user, devices, and resources) behaviour.

Advanced Threat Analytics delivers behavioral analysis for advanced security threat detection. Sophisticated, automated behavioral analytics that help you identify suspicious activities and advanced threats in near real-time, with simple, actionable reporting.

200+ days. That’s the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. Microsoft Advanced Threat Analytics helps you identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline. (Source: Microsoft)

Key features include:

* Behavioural Analytics ATA begins to understand entity behaviors while also automatically adjusting to known and approved changes within the business.

* Simple actionable attack timeline to make your job easier, by detailing questionable activities and providing relevant recommendations.

* Mobility Support to closely monitor your external assets like devices, as closely as your internal assets.

* Email Alerts configured to send an email to specific users or groups in your organization when it detects suspicious activity.

* Seamless deployment. ATA functions as an appliance, either hardware or virtual. It utilizes port mirroring to allow seamless deployment alongside Active Directory without affecting existing network topology. It automatically starts analyzing immediately after deployment and you don’t have to install any agents on the domain controllers, servers, or computers.

Detect suspicious activities and malicious attacks with behavioral analytics. Using its proprietary algorithm, Microsoft Advanced Threat Analytics works around the clock to help you pinpoint suspicious activities in your systems by profiling and knowing what to look for. No need for creating rules, fine-tuning, or monitoring a flood of security reports, since the intelligence needed is built in. ATA also identifies known advanced attacks and security issues.

Adapt to the changing nature of cyber-security threats. ATA continuously learns the behavior of organizational entities (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. As attacker tactics get more sophisticated, ATA helps you adapt to the changing nature of cyber-security threats with continuously-learning behavioral analytics.

Focus on what is important with a simple attack timeline. The constant reporting of traditional security tools and sifting through them to locate the important and relevant alerts can get overwhelming. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the who, what, when, and how. ATA also provides recommendations for investigation and remediation for each suspicious activity.

Reduce false positive fatigue. Traditional IT security tools are often not equipped to handle the rising amounts of data, turning up unnecessary red flags and distracting you from the real threats. With ATA, these alerts happen once suspicious activities are contextually aggregated to its own behavior, as well as to the other entities in its interaction path. The detection engine also automatically guides you through the process, asking you simple questions to adjust the detection process according to your input.

MICROSOFT ADVANCED THREAT ANALYTICS RESOURCES

Microsoft Advanced Threat Analytics

Related Products & Services

Business email

Business Email

Our Business Email package comes with a storage space of 5GB per account. This is dedicated to file storage and also backs up all your mails on our state of the art infrastructure, making sure you never experience a loss of mails

Microsoft Integration_1

Microsft 365

Includes Office 365, Windows 10 & Enterprise Mobility + Security. Learn More Now. Trusted & Secure. Secure Cloud Service. Intelligent Security. Built For Teamwork. Achieve More Together.

Email signature

E-mail Signatures

Microsoft Office 365, Exchange Server and G Suite solutions for email signatures, archiving, email utilities & more.