Advanced Threat Analytics
Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats.
ATA technology detects multiple suspicious activities, focusing on several phases of the cyber-attack kill chain including:
-
Reconnaissance, during which attackers gather information on how the environment is built, what the different assets are, and which entities exist. Typically, this is where attackers build plans for their next phases of attack.
-
Lateral movement cycle, during which an attacker invests time and effort in spreading their attack surface inside your network.
-
Domain dominance (persistence), during which an attacker captures the information that allows them to resume their campaign using various sets of entry points, credentials, and techniques.
ATA provides detection for the following various phases of an advanced attack: reconnaissance, credential compromise, lateral movement, privilege escalation, domain dominance, and others. These detections are aimed at detecting advanced attacks and insider threats before they cause damage to your organization.
3 main types of attacks ATA searches
Malicious attacks are detected deterministically, by looking for the full list of known attack types including:
-
Pass-the-Ticket (PtT)
-
Pass-the-Hash (PtH)
-
Overpass-the-Hash
-
Forged PAC (MS14-068)
-
Golden Ticket
-
Malicious replications
-
Reconnaissance
-
Brute Force
-
Remote execution
Abnormal behavior is detected by ATA using behavioral analytics and leveraging Machine Learning to uncover questionable activities and abnormal behavior in users and devices in your network, including:
-
Anomalous logins
-
Unknown threats
-
Password sharing
-
Lateral movement
-
Modification of sensitive groups
Security issues and risks, including:
-
Broken trust
-
Weak protocols
-
Known protocol vulnerabilities