What is Advanced Threat Analytics and how does it protect your environment? (Part 1 – Installation)

Recently I’ve been doing more work around security and I decided to finally test Advanced Threat Analytics (ATA) in my  lab. ATA is a security tool that helps protect your enterprise from multiple threats. ATA focuses on several phases during a cyber-attack that includes:

  • Reconnaissance, during which attackers are gathering information on how the environment is built, what are the different assets and entities which exist and are generally building their plan for the next phases of the attack.
  • Lateral movement cycle, during which an attacker invests time and effort in spreading their attack surface inside your network.
  • Domain dominance (persistence), during which an attacker captures the information allowing them to resume their campaign using various set of entry points, credentials and techniques.

ATA consists of a lightweight gateway that is installed on each domain controller. I’ve always been a bit skeptical regarding installing anything on a DC but I’ve blew up my home lab a few times so I figured it would be ok. The ATA lightweight gateway is available via MSDN, Microsoft VLSC, and or Technet Evaluation.

Here is a look at my installation

I created an account that only has read access to connect to AD. Once the account is entered, click install to complete the setup.

In my next blog (Part 2- Using the ATA console), I will go over navigating the ATA console and reporting.

Disclaimer
All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
WME Cybersecurity Briefings No. 008
Cyber Security

WME Security Briefing 03 May 2024

Security Bulletin: MITRE Corporation Targeted by Nation-State Cyber Attack Overview The MITRE Corporation, a prominent security and cybersecurity researcher in the USA, has fallen prey to compromise in its environment because of a sophisticated cyberattack from

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=