XcellSecure SM | Microsoft Advanced Threat Analytics

Detect suspicious activity proactively with Microsoft Advanced Threat Analytics

Protect your organisation from advanced threat capabilities

Advanced Threat Analytics provides a solution to help detect advanced attacks such as, Pass the Hash, Ticket and Malware.

7 Days Free Trial Schedule Demo Take Tour Datasheet

The importance of Advanced Threat Analytics
in numbers

146 days

Median number of days an attacker will reside within a network before they are detected.

>63%

Over 50% of all network breaches are down to compromised user credentials.

£380 Billion

The potential cost of cybercrime to the wider, global community.

£2.9 Million

The average cost of a significant data breach to an Enterprise organisation.

Protection against suspicious activities

Advanced Threat Analytics provides a solution to help detect advanced attacks such as, Pass the Hash, Ticket and Malware.

Dramatically reduce the risk of costly damage to your organisation
Succinct, real-time view of your attack timeline
Intelligence to learn what ‘normal behaviour’ looks like on your network and analyse the behaviour
Report on suspicious user activities or device behaviours

Peace of mind for your organisation, with Advanced Threat
Protection

Quickly detect threats with behavioural analytics
Adapt as fast as your potential attackers do
Drill-down into only important events
Reduce false positive
fatigue

Key features

Behavioural Analytics

ATA begins to understand entity behaviors while also automatically adjusting to known and approved changes within the business.

Simple actionable attack timeline

Simple actionable attack timeline to make your job easier, by detailing questionable activities and providing relevant recommendations.

Mobility Support

Mobility Support to closely monitor your external assets like devices, as closely as your internal assets.

Seamless deployment.

ATA functions as an appliance, either hardware or virtual. It utilises port mirroring to allow seamless deployment alongside Active Directory without affecting existing network topology.

Email Alerts

configured send an email to specific users or groups in your organisation when it detects a suspicious activity.

Organizational Security Graph

ATA builds an Organizational Security Graph, which is a map of entity interactions representing the context and activities of the users, devices, and resources.

Easy deployment

ATA can be deployed either as an out of band solution by utilizing port mirroring without effecting the existing environment. ATA can also be deployed directly on the domain controllers without the added overhead of additional servers. Once deployed ATA automatically starts analyzing and detecting suspicious activities.

How ATA works

ATA leverages a proprietary network parsing engine to capture and parse network traffic of multiple protocols (such as Kerberos, DNS, RPC, NTLM, and others) for authentication, authorization, and information gathering. This information is collected by ATA via

  • Port mirroring from Domain Controllers and DNS servers to the ATA Gateway and/or
  • Deploying an ATA Lightweight Gateway (LGW) directly on Domain Controllers

ATA takes information from multiple data-sources, such as logs and events in your network, to learn the behavior of users and other entities in the organization, and builds a behavioral profile about them. ATA can receive events and logs from

  • SIEM Integration
  • Windows Event Forwarding (WEF)
  • Directly from the Windows Event Collector (for the Lightweight Gateway)

Malicious attacks

Malicious attack are detected deterministically, by looking for the full list of known attack types including

Pass-the-Ticket (PtT)
Pass-the-Hash (PtH)
Overpass-the-Hash
Forged PAC (MS14-068)
Golden Ticket
Malicious replications
Reconnaissance & Remote execution
Brute Force

ATA Components

ATA consists of the following components

  • ATA Center
    The ATA Center receives data from any ATA Gateways and/or ATA Lightweight Gateways you deploy.
  • ATA Gateway
    The ATA Gateway is installed on a dedicated server that monitors the traffic from your domain controllers using either port mirroring or a network TAP.
  • ATA Lightweight Gateway
    The ATA Lightweight Gateway is installed directly on your domain controllers and monitors their traffic directly, without the need for a dedicated server or configuration of port mirroring. It is an alternative to the ATA Gateway.

An ATA deployment can consist of a single ATA Center connected to all ATA Gateways, all ATA Lightweight Gateways, or a combination of ATA Gateways and ATA Lightweight Gateways.

Deployment options

You can deploy ATA using the following combination of gateways

  • Using only ATA Gateways
    Your ATA deployment can contain only ATA Gateways, without any ATA Lightweight Gateways: All the domain controllers must be configured to enable port mirroring to an ATA Gateway or network TAPs must be in place.

  • Using only ATA Lightweight Gateways
    Your ATA deployment can contain only ATA Lightweight Gateways: The ATA Lightweight Gateways are deployed on each domain controller and no additional servers or port mirroring configuration is necessary.

  • Using both ATA Gateways and ATA Lightweight Gateways
    Your ATA deployment includes both ATA Gateways and ATA Lightweight Gateways. The ATA Lightweight Gateways are installed on some of your domain controllers (for example, all domain controllers in your branch sites). At the same time, other domain controllers are monitored by ATA Gateways (for example, the larger domain controllers in your main data centers).

In all these scenarios, all the gateways send their data to the ATA Center.

TALK TO OUR SECURITY EXPERT

talk to our cloud expert

Microsoft Advanced Threat Analytics - WHAT OUR CUSTOMERS HAVE TO SAY?

Its detailed dashboard showing multiple attacks that your organization or product is receiving

-Dilip Joshi

The first noticeable thing is the GUI of the tool easy to operate. Dashboard configuration is good,

-karan soni

Easy to operate, less complex, good for log analysis and integration.

-asma khan

FREQUENTLY ASKED QUESTIONS

Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats.

Perform the following steps on the ATA Gateway server.
  1. Extract the files from the zip file. ...
  2. Run Microsoft ATA Gateway Setup.exe and follow the setup wizard.
  3. On the Welcome page, select your language and click Next.
  4. The installation wizard automatically checks if the server is a domain controller or a dedicated server.

Microsoft ATA uses data gathered by on-premise ATA gateways, machine learning, network logs and events as well as past user and device behavior to detect suspicious activity and malicious attacks. ... Microsoft ATA can also detect malicious attacks, including brute force attacks and remote execution.

The ATA Lightweight Gateway supports installation on a domain controller running Windows Server 2008 R2 SP1 (not including Server Core), Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 (including Core but not Nano

Microsoft Advanced Threat Analytics leverages deep packet inspection technology, as well as information from additional data sources (Security Information and Event Management and Active Directory) to build an Organizational Security Graph and detect advanced attacks in near real time.

The ATA Gateway receives network traffic and Windows Events from your network and processes it in the following main components: Gateway core functionality. Type. Description. Network Listener.

Microsoft Advanced Threat Analytics

Related Products & Services

Business email

Business Email

Our Business Email package comes with a storage space of 5GB per account. This is dedicated to file storage and also backs up all your mails on our state of the art infrastructure, making sure you never experience a loss of mails

Microsoft Integration_1

Microsft 365

Includes Office 365, Windows 10 & Enterprise Mobility + Security. Learn More Now. Trusted & Secure. Secure Cloud Service. Intelligent Security. Built For Teamwork. Achieve More Together.

Email signature

E-mail Signatures

Microsoft Office 365, Exchange Server and G Suite solutions for email signatures, archiving, email utilities & more.