Produktbeskrivning
Traditional IT security tools provide limited protection against sophisticated cyber-security attacks when user credentials are stolen. Initial set up, creating rules, and fine-tuning are cumbersome and may take years. Every day, you receive several reports full of false positives. Most of the time, you don't have the resources to review this information and even if you could, you may still not have the answers, since these tools are designed to protect the perimeter, primarily stopping attackers from gaining access. Today's complex cyber-security attacks require a different approach. Microsoft Advanced Threat Analytics (ATA) provides a simple and fast way to understand what is happening within your network by identifying suspicious user and device activity with built-in intelligence and providing clear and relevant threat information on a simple attack timeline. Microsoft Advanced Threat Analytics leverages deep packet inspection technology, as well as information from additional data sources (Security Information and Event Management and Active Directory) to build an Organizational Security Graph and detect advanced attacks in near real time.
Egenskaper
Behavioral analyticsATA begins to understand entity behaviors while also automatically adjusting to known and approved changes in the enterprise. For instance, certain users have access to a specified set of servers, folders, and directories and the system learns their activity from the tools and resources they normally use.
Simple, actionable attack timelineATA's attack timeline makes your job easier and security measures better by listing questionable activities as they occur, accompanied with recommendations based on the specific activity alert.
Mobility supportNo matter where your corporate resources reside - within the corporate perimeter, on mobile devices, or elsewhere - ATA witnesses authentication and authorization. This means that external assets like devices and vendors are as closely monitored as internal assets.
Organizational Security GraphATA builds an Organizational Security Graph, which is a map of entity interactions representing the context and activities of the users, devices, and resources.
SIEM integrationATA works seamlessly with SIEM after contextually aggregating information into the attack timeline. It can collect specific events that are forwarded to ATA from the SIEM. Also, you can configure ATA to send an event to your SIEM for each suspicious activity with a link to the specific event on the attack timeline.
Email alertsYou can configure ATA to send an email to specific users or groups in your organization when it detects a suspicious activity. Each email will include a link to the specific attack in the ATA attack timeline, keeping the appropriate people up to date on the security issues in your organization, even when they do not monitor the attack timeline.
Seamless deploymentATA functions as an appliance, either hardware or virtual. It utilizes port mirroring to allow seamless deployment alongside Active Directory without affecting existing network topology. It automatically starts analyzing immediately after deployment. You don't have to install any agents on the domain controllers, servers or computers.
Teknisk specifikation
Allmänt
| Kategori | Säkerhetstillämpningar - intrångs- och sårbarhetsdetktering |
|---|
| Typ av produkt | Licens- och programvaruförsäkring |
|---|
| Språk | Alla språk |
|---|
Licensiering
| Antal licenser | 1 användar-SAL |
|---|
| Licensprissättning | Volym |
|---|
| Licensprogram | Microsoft Services Provider License Agreement (SPLA) |
|---|
Service och support
| Typ | Uppdatering vid nya versioner - hel |
|---|
