Beruflich Dokumente
Kultur Dokumente
Threat Analytics
January 2017
Frantiek Fait
Technology Solution Professional
Sobering statistics
The frequency and sophistication of
cybersecurity attacks are getting worse.
146
The median # of days that
>63% $500B
of all network intrusions The total potential cost of
$3.8M
The average cost of a data
attackers reside within a are due to compromised cybercrime to the global breach to a company
victims network before user credentials economy
detection
Government Energy and Manufacturing Education Health and Retail Banking and
and public telco social services financial
sector services
:// DNS
DC2
ATA CENTER
INTERNET
DC3
DMZ
ATA
Lightweight
DC4 Gateway
VPN
DB
Fileserver
Web
SIEM
ATA GATEWAY 1
:// DNS
Port-mirroring Fileserver
settings
DC2
Receives data from ATA Gateways and
stores in the database ATA CENTER
Fileserver
SIEM
ATA GATEWAY 1
:// DNS
single Gateway
ATA CENTER
ATA GATEWAY 2
SIEM
:// DNS
Fileserver
DC1
Installed locally on light or branch-site ATA
Lightweight
Domain Controllers DC2
Gateway
DB
Performs resolution of network entities
Fileserver
Transfers relevant data to the ATA Center
1 Analyze After installation:
Simple non-intrusive port mirroring, or
deployed directly onto domain controllers
Remains invisible to the attackers
Analyzes all Active Directory network traffic
Collects relevant events from SIEM and
information from Active Directory (titles,
groups membership, and more)
2 Learn ATA:
Automatically starts learning and profiling
entity behavior
Identifies normal behavior for entities
Learns continuously to update the activities
of the users, devices, and resources
What is entity?
Entity represents users, devices, or resources
3 Detect Microsoft Advanced Threat Analytics:
Looks for abnormal behavior and identifies
suspicious activities
Only raises red flags if abnormal activities are
contextually aggregated
Leverages world-class security research to detect
security risks and attacks in near real-time based on
attackers Tactics, Techniques, and Procedures (TTPs)