Advanced Threat Analytics 1.5 Update 64-bit (Multilanguage) - Microsoft Imagine

Advanced Threat Analytics 1.5 Update 64-bit (Multilanguage) - Microsoft Imagine


Microsoft Corporation



Delivery Type:


Available to:

Academic Users
Microsoft Advanced Threat Analytics (ATA) is an on-premises product to help you detect advanced security attacks with User and Entity Behavioral Analytics (UEBA) technologies. By identifying suspicious user and device activities, ATA provides a simple and fast way to understand what is happening within your network. Once these activities are identified, ATA provides clear and relevant threat information on a simple, convenient feed.
Microsoft Advanced Threat Analytics detects:
  • Abnormal behavior:
    • Behavioral Analytics leverages Machine Learning to uncover questionable activities and abnormal behavior.
  • Malicious attacks:
    • Diagnostic engine detects known attacks almost as instantly as they occur.
  • Security issues and risks:
    • Leveraging world-class security researchers’ work, ATA identifies known security issues and risks.
How it works
ATA leverages deep packet inspection technology, as well as information from additional data-sources (Security Information and Event Management systems and Active Directory), to build an organizational security graph and detect advanced attacks in near real time.
The diagnostic engine continuously learns the behavior of organizational entities (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. As the attacker tactics get more sophisticated, Microsoft Advanced Threat Analytics helps you to keep up with continuously-learning behavioral analytics.  
After detection, Microsoft Advanced Threat Analytics provides clear and relevant information on a simple attack timeline, so you can reduce the noise and focus on what is important fast. Attack timeline not only gives you the power of perspective on the “who, what, when, and how” of your enterprise, but also recommendations for investigation and remediation.

Advanced Threat Analytics Update 1.5

 Preinstall Information
  1.     Review Microsoft Advanced Threat Analytics system requirements.
  2.     Review the Microsoft Advanced Threat Analytics deployment guide.
  3.     Register, then download and install the full-featured software.
  4.     Receive email with resources to guide you through your evaluation.
 Pre-deployment Check List 
  1.     Configure port mirroring from the monitored domain controllers. This step is required for ATA to see the domain controller     network traffic. The domain controllers should be set as the source of the traffic and the ATA Gateway should be set as           the destination of the traffic.
  2.     Create a domain read-only user which will be used by ATA to read information from the domain.
  3.     Identify VPN networks.
  4.     Create ATA honeytoken user (optional).
 Microsoft Advanced Threat Analytics Preview Deployment Process
  1.     Install and configure the ATA Center.
  2.     Install the ATA Gateways.
  3.     Configure the ATA Gateways.
  4.     Configure SMTP/Syslog Connectivity (optional).
 For more information, please review the Microsoft Advanced Threat Analytics deployment guide.
Loading... Loading...