Microsoft Advanced Threat Analytics Client Management License - Licence & software assurance - 1 operating system environment (OSE) - charity - Open Value - additional product, 2 Year Acquired Year 2 - Single Language

Traditional IT security tools provide limited protection against sophisticated cyber-security attacks when user credentials are stolen. Initial set up, creating rules, and fine-tuning are cumbersome and may take years. Every day, you receive several reports full of false positives. Most of the time, you don't have the resources to review this information and even if you could, you may still not have the answers, since these tools are designed to protect the perimeter, primarily stopping attackers from gaining access. Today's complex cyber-security attacks require a different approach. Microsoft Advanced Threat Analytics (ATA) provides a simple and fast way to understand what is happening within your network by identifying suspicious user and device activity with built-in intelligence and providing clear and relevant threat information on a simple attack timeline. Microsoft Advanced Threat Analytics leverages deep packet inspection technology, as well as information from additional data sources (Security Information and Event Management and Active Directory) to build an Organizational Security Graph and detect advanced attacks in near real time.

• Behavioral analytics
• Simple, actionable attack timeline
• Mobility support
• Organizational Security Graph
• SIEM integration
• Email alerts
• Seamless deployment

• Behavioral analytics
  ATA begins to understand entity behaviors while also automatically adjusting to known and approved changes in the enterprise. For instance, certain users have access to a specified set of servers, folders, and directories and the system learns their activity from the tools and resources they normally use.
• Simple, actionable attack timeline
  ATA's attack timeline makes your job easier and security measures better by listing questionable activities as they occur, accompanied with recommendations based on the specific activity alert.
• Mobility support
  No matter where your corporate resources reside - within the corporate perimeter, on mobile devices, or elsewhere - ATA witnesses authentication and authorization. This means that external assets like devices and vendors are as closely monitored as internal assets.
• Organizational Security Graph
  ATA builds an Organizational Security Graph, which is a map of entity interactions representing the context and activities of the users, devices, and resources.
• SIEM integration
  ATA works seamlessly with SIEM after contextually aggregating information into the attack timeline. It can collect specific events that are forwarded to ATA from the SIEM. Also, you can configure ATA to send an event to your SIEM for each suspicious activity with a link to the specific event on the attack timeline.
• Email alerts
  You can configure ATA to send an email to specific users or groups in your organization when it detects a suspicious activity. Each email will include a link to the specific attack in the ATA attack timeline, keeping the appropriate people up to date on the security issues in your organization, even when they do not monitor the attack timeline.
• Seamless deployment
  ATA functions as an appliance, either hardware or virtual. It utilizes port mirroring to allow seamless deployment alongside Active Directory without affecting existing network topology. It automatically starts analyzing immediately after deployment. You don't have to install any agents on the domain controllers, servers or computers.

Traditional IT security tools provide limited protection against sophisticated cyber-security attacks when user credentials are stolen. Initial set up, creating rules, and fine-tuning are cumbersome and may take years. Every day, you receive several reports full of false positives. Most of the time, you don't have the resources to review this information and even if you could, you may still not have the answers, since these tools are designed to protect the perimeter, primarily stopping attackers from gaining access. Today's complex cyber-security attacks require a different approach. Microsoft Advanced Threat Analytics (ATA) provides a simple and fast way to understand what is happening within your network by identifying suspicious user and device activity with built-in intelligence and providing clear and relevant threat information on a simple attack timeline. Microsoft Advanced Threat Analytics leverages deep packet inspection technology, as well as information from additional data sources (Security Information and Event Management and Active Directory) to build an Organizational Security Graph and detect advanced attacks in near real time.