Microsoft Releases Azure ATP ( Advanced Threat Protection ) Security Service
Microsoft has recently announced the availability of Azure Advanced Threat Protection i.e, Azure ATP as a new cloud-based Microsoft 365 service. It is generally added in all EMS (Enterprise Mobility Security) E5 license in order to detect and analyze security incidents. But most of the users still wondering, What is Azure ATP, why it is necessary to use in the organization? This blog will let users know the answer to all such questions.
What is Azure ATP or Azure Advanced Threat Protection?
Azure ATP or Azure Advanced Threat Protection is basically designed to help users in detecting and investigating insider threats and advanced attacks on the on-premises and cloud platform. It works as a solution for security operators, professionals, and analysts who need to detect any kind of advanced attacks in a hybrid environment. It helps users in following:
- Via learning based analytics, it detects and identifies all suspicious device activities and users
- It is capable to control threat intelligence over the on-premises and cloud-based environments.
- Keeps all user identities and credentials safe in the Active Directory
- Give clear attack details on the simple timeline for quick action
- It can easily monitor multiple entry points also in integration with Windows Defender ATP (Advanced Threat Protection)
In addition to all this, Azure ATP is also capable of detecting advanced malicious attacks and handle both the cloud and on-premises signals. Moreover, it minimizes the false positives and provides an end-to-end investigation experience.
How are Microsoft Other Security Products & Azure ATP Related?
Security has always been the first priority of Microsoft and spends a lot of the security solutions. But, here the question is how Azure Advanced Threat Protection s related to the family of Microsoft Security? To understand it in a better way, three other Microsoft security products are discussed here showing how they differ from Azure ATP.
- Advanced Threat Analytics (ATA): It is basically an on-premise platform that provides protection from the insider threats and advanced level of cyber attacks. And, this Azure ATP is simply a cloud-based version of ATA.
- Office 365 ATP or Advanced Threat Protection: It is basically used to keep all emails, files, and Office 365 applications safe from all type of potential attacks. It simply secures the user’s inbox from all type of advanced threats, protection from unsafe attachments. Moreover, it also keeps environment safe whenever a user clicks on the malicious link.
- Windows Defender Advanced Threat Protection: This Windows Defender ATP generally combines with the Azure ATP in order to detect and prevent all malicious activity. However, its main focus is on the endpoints i.e., the device is being used in actual.
What Does Azure Advanced Threat Protection Do?
The main motive of Azure ATP is to monitor the behavior of a user, device, or resource and creates a standard for the comparison. After that, it looks for an anomaly via an adaptive built-in intelligence. This helps users insight into the network traffic in order to identify and react to all type of potential threats quickly.
All type of cyber attacks usually go through the three phases, which are discussed below:
- Reconnaissance: In this phase of attack, the attackers will gather all information about the environment i.e., how it is built, what different assets are used. And, based on that they plan the next phase of attack.
- Lateral Movement Cycle: In this phase, the attackers will invest their time and efforts to spread their attack area inside the organization’s network
- Domain Dominance (Persistence): It is the most crucial phase of cyber attack. In this the attackers collect the information like user credential, entry points to begin their activities.
These three phases of any cyber attack are always similar and predictable. It does not matter what type of company is under the attack or which information is being targeted. This Azure ATP will always search for only 3 main types of attacks i.e., Malicious Attacks, Abnormal Behavior, and Security Issues and Risks. They include attacks Pass-the-Ticket, Skeleton Key, DNS Reconnaissance, Golden Ticket, Vertical Brute Force, SMB Session Enumeration, etc.
Why Use Azure ATP?
Azure ATP will simply look for all fishy activities and pass-on the details in Azure ATP workspace portal. It provides a clear preview of Who, What, When and How. In addition to this, the Azure Advanced Threat Protection look for security issues and risks also that includes:
- Well-known protocol weakness
- Weak protocols
- Lateral movement path to the sensitive accounts
However, the Azure ATP renders organizations an opportunity to control and manage unauthorized access to their environment. It can easily track suspicious or wicked activities and map unregistered service accounts on the network of client Active Directory.