3. Dezember 2015 von 10:00 bis 11:00 Uhr
Ich hatte bereits über diesen neuen Service gepostet und Erläuterungen geschrieben. Nun gibt es auch dazu ein Webinar:
Anmeldung: https://info.microsoft.com/DE-EMS-WBNR-FY16-12Dec-01-Angriffe-auf-Ihr-Unternehmen-schneller-erkennen-und-handelnmit-Microsoft-Advanced-Threat-Analytics-ATA_Registration.html?ls=Social&lsd=Facebook&WT.mc_id=MSCOM_de-de_ADC_Facebook
Interessante Informationen gibt es hier:
- FactSheet
- Webseite zum Produkt
- TechNet Artikel zur Public Preview
- TechNet Dokumentation
Vor was wird mit dem Tool eigentlich geschützt ? (Auszug aus TechNet)
“ATA runs in the background and automatically analyzes, learns, and identifies normal behavior on your network, alerting you to possible security concerns, including:
- Reconnaissance and Brute Force Suspicious Activities:
- Reconnaissance using DNS
- Reconnaissance using Account Enumeration
- Bruteforce (LDAP, Kerberos)
- Identity Theft Suspicious Activities:
- Pass-The-Ticket
- Pass-The-Hash
- Over-Pass-The-Hash
- Skeleton Key
- MS14-068 exploit (Forged PAC)
- Golden Ticket
- Remote Execution
- Honey Token account suspicious activities
- Abnormal behavior: ATA uses behavioral analytics and machine learning to uncover questionable activities and abnormal behavior such as anomalous logins, abnormal resource access, abnormal working hours, unknown threats, password sharing and lateral movement.
- Abnormal Behavior based on Resource access, Source Computers and Work hours (machine learning algorithm)
- Massive object deletion
- Security issues and risks: ATA identifies known security issues, such as broken trust, weak protocols and known protocol vulnerabilities.
- Sensitive account exposed in plain text authentication
- Service exposing accounts in plain text authentication
- Broken Trust”