Recently I’ve been doing more work around security and I decided to finally test Advanced Threat Analytics (ATA) in my lab. ATA is a security tool that helps protect your enterprise from multiple threats. ATA focuses on several phases during a cyber-attack that includes:
- Reconnaissance, during which attackers are gathering information on how the environment is built, what are the different assets and entities which exist and are generally building their plan for the next phases of the attack.
- Lateral movement cycle, during which an attacker invests time and effort in spreading their attack surface inside your network.
- Domain dominance (persistence), during which an attacker captures the information allowing them to resume their campaign using various set of entry points, credentials and techniques.
ATA consists of a lightweight gateway that is installed on each domain controller. I’ve always been a bit skeptical regarding installing anything on a DC but I’ve blew up my home lab a few times so I figured it would be ok. The ATA lightweight gateway is available via MSDN, Microsoft VLSC, and or Technet Evaluation.
Here is a look at my installation
I created an account that only has read access to connect to AD. Once the account is entered, click install to complete the setup.
In my next blog (Part 2- Using the ATA console), I will go over navigating the ATA console and reporting.
Disclaimer
All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.