Welcome Xcellator
  • Get In Touch
    Contact Sales 24x7
    Contact Support 24x7
    Toll Free 24x7
    Get In Touch
    • 0

    XcellSecure SM | Microsoft Advanced Threat Analytics

    Detect suspicious activity proactively with Microsoft Advanced Threat Analytics

    Protect your organisation from advanced threat capabilities

    Advanced Threat Analytics provides a solution to help detect advanced attacks such as, Pass the Hash, Ticket and Malware.

    7 Days Free Trial Schedule Demo Take Tour Datasheet

    The importance of Advanced Threat Analytics
    in numbers

    146 days

    Median number of days an attacker will reside within a network before they are detected.

    >63%

    Over 50% of all network breaches are down to compromised user credentials.

    £380 Billion

    The potential cost of cybercrime to the wider, global community.

    £2.9 Million

    The average cost of a significant data breach to an Enterprise organisation.

    Protection against suspicious activities

    Advanced Threat Analytics provides a solution to help detect advanced attacks such as, Pass the Hash, Ticket and Malware.

    Dramatically reduce the risk of costly damage to your organisation
    Succinct, real-time view of your attack timeline
    Intelligence to learn what ‘normal behaviour’ looks like on your network and analyse the behaviour
    Report on suspicious user activities or device behaviours

    Peace of mind for your organisation, with Advanced Threat
    Protection

    Quickly detect threats with behavioural analytics
    Adapt as fast as your potential attackers do
    Drill-down into only important events
    Reduce false positive
    fatigue

    Key features

    Behavioural Analytics

    ATA begins to understand entity behaviors while also automatically adjusting to known and approved changes within the business.

    Simple actionable attack timeline

    Simple actionable attack timeline to make your job easier, by detailing questionable activities and providing relevant recommendations.

    Mobility Support

    Mobility Support to closely monitor your external assets like devices, as closely as your internal assets.

    Seamless deployment.

    ATA functions as an appliance, either hardware or virtual. It utilises port mirroring to allow seamless deployment alongside Active Directory without affecting existing network topology.

    Email Alerts

    configured send an email to specific users or groups in your organisation when it detects a suspicious activity.

    Organizational Security Graph

    ATA builds an Organizational Security Graph, which is a map of entity interactions representing the context and activities of the users, devices, and resources.

    Easy deployment

    ATA can be deployed either as an out of band solution by utilizing port mirroring without effecting the existing environment. ATA can also be deployed directly on the domain controllers without the added overhead of additional servers. Once deployed ATA automatically starts analyzing and detecting suspicious activities.

    How ATA works

    ATA leverages a proprietary network parsing engine to capture and parse network traffic of multiple protocols (such as Kerberos, DNS, RPC, NTLM, and others) for authentication, authorization, and information gathering. This information is collected by ATA via

    • Port mirroring from Domain Controllers and DNS servers to the ATA Gateway and/or
    • Deploying an ATA Lightweight Gateway (LGW) directly on Domain Controllers

    ATA takes information from multiple data-sources, such as logs and events in your network, to learn the behavior of users and other entities in the organization, and builds a behavioral profile about them. ATA can receive events and logs from

    • SIEM Integration
    • Windows Event Forwarding (WEF)
    • Directly from the Windows Event Collector (for the Lightweight Gateway)

    Malicious attacks

    Malicious attack are detected deterministically, by looking for the full list of known attack types including

    Pass-the-Ticket (PtT)
    Pass-the-Hash (PtH)
    Overpass-the-Hash
    Forged PAC (MS14-068)
    Golden Ticket
    Malicious replications
    Reconnaissance & Remote execution
    Brute Force

    ATA Components

    ATA consists of the following components

    • ATA Center
      The ATA Center receives data from any ATA Gateways and/or ATA Lightweight Gateways you deploy.
    • ATA Gateway
      The ATA Gateway is installed on a dedicated server that monitors the traffic from your domain controllers using either port mirroring or a network TAP.
    • ATA Lightweight Gateway
      The ATA Lightweight Gateway is installed directly on your domain controllers and monitors their traffic directly, without the need for a dedicated server or configuration of port mirroring. It is an alternative to the ATA Gateway.

    An ATA deployment can consist of a single ATA Center connected to all ATA Gateways, all ATA Lightweight Gateways, or a combination of ATA Gateways and ATA Lightweight Gateways.

    Deployment options

    You can deploy ATA using the following combination of gateways

    • Using only ATA Gateways
      Your ATA deployment can contain only ATA Gateways, without any ATA Lightweight Gateways: All the domain controllers must be configured to enable port mirroring to an ATA Gateway or network TAPs must be in place.
    • Using only ATA Lightweight Gateways
      Your ATA deployment can contain only ATA Lightweight Gateways: The ATA Lightweight Gateways are deployed on each domain controller and no additional servers or port mirroring configuration is necessary.
    • Using both ATA Gateways and ATA Lightweight Gateways
      Your ATA deployment includes both ATA Gateways and ATA Lightweight Gateways. The ATA Lightweight Gateways are installed on some of your domain controllers (for example, all domain controllers in your branch sites). At the same time, other domain controllers are monitored by ATA Gateways (for example, the larger domain controllers in your main data centers).

    In all these scenarios, all the gateways send their data to the ATA Center.

    TALK TO OUR SECURITY EXPERT

    talk to our cloud expert

    Call

    chat

    email

    Microsoft Advanced Threat Analytics - WHAT OUR CUSTOMERS HAVE TO SAY?

    Its detailed dashboard showing multiple attacks that your organization or product is receiving

    -Dilip Joshi

    The first noticeable thing is the GUI of the tool easy to operate. Dashboard configuration is good,

    -karan soni

    Easy to operate, less complex, good for log analysis and integration.

    -asma khan

    FREQUENTLY ASKED QUESTIONS

    Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats.

    Perform the following steps on the ATA Gateway server.
    1. Extract the files from the zip file. ...
    2. Run Microsoft ATA Gateway Setup.exe and follow the setup wizard.
    3. On the Welcome page, select your language and click Next.
    4. The installation wizard automatically checks if the server is a domain controller or a dedicated server.

    Microsoft ATA uses data gathered by on-premise ATA gateways, machine learning, network logs and events as well as past user and device behavior to detect suspicious activity and malicious attacks. ... Microsoft ATA can also detect malicious attacks, including brute force attacks and remote execution.

    The ATA Lightweight Gateway supports installation on a domain controller running Windows Server 2008 R2 SP1 (not including Server Core), Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 (including Core but not Nano

    Microsoft Advanced Threat Analytics leverages deep packet inspection technology, as well as information from additional data sources (Security Information and Event Management and Active Directory) to build an Organizational Security Graph and detect advanced attacks in near real time.

    The ATA Gateway receives network traffic and Windows Events from your network and processes it in the following main components: Gateway core functionality. Type. Description. Network Listener.

    MICROSOFT ADVANCED THREAT ANALYTICS RESOURCES

    Microsoft Advanced Threat Analytics

    Detect suspicious activity proactively with Microsoft Advanced Threat Analytics Protect your organisation from advanced threat capabilities Advanced Threat Analytics provides a solution to help detect advanced attacks such as, Pass the Hash, Ticket and Malware.

    Learn More

    Related Products & Services

    Business email

    Business Email

    Our Business Email package comes with a storage space of 5GB per account. This is dedicated to file storage and also backs up all your mails on our state of the art infrastructure, making sure you never experience a loss of mails

    Tell Me More
    Microsoft Integration_1

    Microsft 365

    Includes Office 365, Windows 10 & Enterprise Mobility + Security. Learn More Now. Trusted & Secure. Secure Cloud Service. Intelligent Security. Built For Teamwork. Achieve More Together.

    Tell Me More
    Email signature

    E-mail Signatures

    Microsoft Office 365, Exchange Server and G Suite solutions for email signatures, archiving, email utilities & more.

    Tell Me More

    It all starts with a domain name
    • com  780.00
    •  1063.00
    • net  1063.00
    • org  1063.00
    NewsLetter Signup
    Media
    Operations
    Legal

    Top Services

    Blog Feeds

    Security

    Facebook
    hostadvice
    host search
    Trustpilot
    search en
    Google
    About Us

    XcellHost Cloud Services – a leading Managed Cloud Service Provider since 1999 based out of Mumbai, INDIA. which provides Managed Cloud Services across the globe helping customers manage Public Clouds (AWS, Azure, GCP, Alibaba) + Private clouds to manage the entire Cloud Management Lifecycle i.e Cloud Assessment, Cloud Migration, Cloud Deployment, Cloud Management, Cloud Monitoring, Cloud Security, Cloud DevOps delivered through Cloud-based ServiceDesk + Cloud-based Management Platform. Our SaaS-based Cloud Marketplace Platform helps enterprises consume over 80+ Cloud Services & help them overcome the complexities of Cloud Billing + Provisioning + Reseller Management combined with our 24 x 7 NOC + SOC Services.

    XcellTube
    Watch Now!
    FREE Website Audit Tool
    Free Website Audit
    cert1
    cert2
    cert3
    Scanned & Secured By
    SiteLock
    Uptime
    Monitored by Site24x7
    Certified By
    Certificates bsi99001 bsi27001
    Copy Protection By
    DMCA-2
    © 1999 - 2020 XcellHost Cloud Services Pvt. Ltd. All rights reserved. Designated Trademarks & Brands are the properties of their respective owners.
    Payment Options
    Payment Method
    Copyright CLARE.AI