Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building an effective ATA solution

Published byAllen Roberts Modified over 5 years ago

Similar presentations

Presentation on theme: "Building an effective ATA solution"— Presentation transcript:

1 Building an effective ATA solution
7/23/ :22 PM THR3033 Building an effective ATA solution Cristhofer Romeo Munoz Andrew Harris MCS Consultant Sr. Program Manager © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Session Objectives And Takeaways
Tech Ready 15 7/23/2018 Session Objectives And Takeaways Provide details of the required components and configuration for an ATA infrastructure Provide IT professionals with the right decision making strategy on how to deploy ATA Gain knowledge of the handy tools to a seamless deployment © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Microsoft Advanced Threat Analytics
An on-premises platform to identify advanced security attacks and insider threats before they cause damage Behavioral Analytics Detection of advanced attacks and security risks Advanced Threat Detection Microsoft Advanced Threat Analytics brings the behavioral analytics concept to IT and the organization’s users.

4 ATA detects a wide range of suspicious activities
Abnormal authentication requests Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash Skeleton key malware Golden ticket Remote execution Malicious replication requests Abnormal resource access Account enumeration Net Session enumeration DNS enumeration Compromised Credential Privilege Escalation Reconnaissance Lateral Movement Domain Dominance Abnormal working hours Brute force using NTLM, Kerberos or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request MS exploit (Forged PAC) MS exploit (Silver PAC) aka.ms/atasaguide

5 ATA Topology ATA Center ATA Gateway ATA Lightweight Gateway
Parsed network traffic from DCs ATA Lightweight Gateway Domain Controller Domain Controller Port mirroring ATA Gateway Events Windows Event Forwarding SIEM Access to console Alerts sent to SIEM ATA Center Alert notifications

6 Decision 1:Gateway vs. Lightweight Gateway
7/23/ :22 PM Decision 1:Gateway vs. Lightweight Gateway © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 ATA Full Gateway Pros Cons 0 footprint on current AD environment
7/23/ :22 PM ATA Full Gateway Pros Cons 0 footprint on current AD environment Requires additional machines, so often more costly Offload performance requirements to a separate machine Not easy to scale to branch office deployments Can handle larger workload So far not functional in Cloud Environment as they do not support port mirroring (Azure, AWS). No service installation installed on domain controllers Requires network configuration for port mirroring Manual Event Forwarding © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 ATA Lightweight Gateway
7/23/ :22 PM ATA Lightweight Gateway Pros Cons No additional machine required Requires installing a component on each DC Often cheaper option than Full Gateway Often requires upgrade DC hardware No change required in network configuration Can potentially be detected by attackers Easier to deploy to small branch offices. Cannot hold very large loads Automatic Event Forwarding © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Planning Resource sizing
7/23/ :22 PM Planning Resource sizing Runs for 24 hours (default) Gathers DC performance data ATA Center and Gateway sizing recommendations ATA Sizing Tool © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Demo ATA Sizing Tool 7/23/2018 11:22 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Demo ATA Sizing Tool 7/23/2018 11:22 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 NEW!! ATA Audit Settings Policy
7/23/ :22 PM NEW!! ATA Audit Settings Policy Discover all Domain Controllers (DC) Via WMI, enumerate if Audit Policy settings are enforced (a Microsoft best practice; on by default) Via WMI, enumerate the Audit Policy settings per DC Via WMI, discover if the DC has the ATA Lightweight Gateway (LWGW) installed or not Compares the outputs above and provides a high-level status ATA Audit Settings Tool © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 How to Decide? Resource Capacity Can your DCs handle a LWGW?
Are you able upgrade hardware?

14 Decision 2:ATA Center Placement
7/23/ :22 PM Decision 2:ATA Center Placement © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 How to Decide? Do I have the resources available on premise?
7/23/ :22 PM How to Decide? Do I have the resources available on premise? Do I have the resources available in my hypervisor? Can I leverage Azure? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Decision 3:Domain or Workgroup
7/23/ :22 PM Decision 3:Domain or Workgroup © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 7/23/ :22 PM How to Decide? Do I need domain join in order to fully manage the ATA center? Do I believe my Forest is currently compromised? ATA Best Practices ( © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Decision 4:PKI vs. Self-Signed Certs
7/23/ :22 PM Decision 4:PKI vs. Self-Signed Certs © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 7/23/ :22 PM How to Decide? Is a secure and well maintained PKI infrastructure in-place? Is it CSP or KSP? Does it have a key of 2048-bits? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Deployment Worksheet 7/23/2018 11:22 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Please evaluate this session
Tech Ready 15 7/23/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 7/23/ :22 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Building an effective ATA solution"

Similar presentations

Deployment Planning Services

Deployment Planning Services
Successfully migrate existing databases to Azure SQL Database

Successfully migrate existing databases to Azure SQL Database
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Deploy and get started with Microsoft Advanced Threat Analytics

Deploy and get started with Microsoft Advanced Threat Analytics
From IT Pros to IT Heroes - with Azure DevTest Labs

From IT Pros to IT Heroes - with Azure DevTest Labs
Azure on Steroids: Full Automation with PowerShell

Azure on Steroids: Full Automation with PowerShell
Azure File Sync Setup, configuration and management

Azure File Sync Setup, configuration and management
Use any Amazon S3 application with Azure Blob Storage

Use any Amazon S3 application with Azure Blob Storage
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,

6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
Lessons learned from moving to Microsoft Azure

Lessons learned from moving to Microsoft Azure
Plan and deploy Microsoft Advanced Threat Analytics the right way

Plan and deploy Microsoft Advanced Threat Analytics the right way
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
Performing a Seamless Migration in Azure SQL DB

Performing a Seamless Migration in Azure SQL DB
The power of common identity across any cloud

The power of common identity across any cloud
Virtual Machine Diagnostics in Microsoft Azure

Virtual Machine Diagnostics in Microsoft Azure

Similar presentations

Ads by Google