Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Our Offering
Secret US military
computers 'cyber
Cybercrime costs US economy up to Cyberspace changes Universities face a rising
attacked'
$140 billion annually, report says the fog of war barrage of cyberattacks
BBCAngeles
Los ] Times [2013] Politics.co.uk [2013] Ars Technica [2013]
140+ days. That's the average amount of time that attackers reside
within your network until they are detected
Leading security categories provide an important layer of protection for businesses. They don’t however, offer a
response to the compromised credential problem, sanctioned cloud Apps or early detection for suspicious
user/device behaviors .
Security Information and Event Management (SIEM) is security technology that specializes in real-time collection and
historical analysis of security events from different event and contextual data sources in support of threat detection and security
incident response.
Next-Generation Firewalls (NGFW) combine a traditional firewall with other network device filters such as an
application firewall, deep packet inspection (DPI), website filtering, and more, resulting in more layers of protection
that help improve filtering of network traffic.
Endpoint Detection and Response (EDR) solutions focus on detecting and investigating suspicious activities and
issues on hosts and endpoints (desktops, servers, tablets and laptops) to provide identification and block malicious
code and applications.
Traditional IT security solutions are typically:
Recipient
Unsafe Safe
Admin sets policy
NOTHING TO INSTALL
No agent required on end points to gather data
D I S CO V E RY A N D I N S I G H T S – E X P E R I E N C E
App Discovery Dashboard
User and Entity
Behavior Enterprises successfully
Analytics UEBA use UEBA to detect
malicious and abusive
behavior that otherwise
went unnoticed by
Monitors behaviors of users and other entities existing security
by using multiple data sources
monitoring systems,
Profiles behavior and detects anomalies
by using machine learning algorithms such as SIEM and DLP.
Evaluates the activity of users and other
entities to detect advanced attacks
Detect threats Adapt as fast Focus on what Reduce the Prioritize and
fast with as your is important fatigue of false plan for next
Behavioral enemies fast using the positives steps
Analytics simple attack
timeline
1 Analyze After installation:
• Simple non-intrusive port mirroring, or
deployed directly onto domain controllers
• Remains invisible to the attackers
• Analyzes all Active Directory network traffic
• Collects relevant events from SIEM and
information from Active Directory (titles,
groups membership, and more)
2 Learn ATA:
• Automatically starts learning and profiling
entity behavior
• Identifies normal behavior for entities
• Learns continuously to update the activities
of the users, devices, and resources
What is entity?
Entity represents users, devices, or resources
3 Detect Microsoft Advanced Threat Analytics:
• Looks for abnormal behavior and identifies
suspicious activities
• Only raises red flags if abnormal activities are
contextually aggregated
• Leverages world-class security research to detect
security risks and attacks in near real-time based on
attackers Tactics, Techniques, and Procedures (TTPs)
:// DNS
DC2
ATA CENTER
INTERNET
DC3
DMZ
ATA
Lightweight
DC4 Gateway
VPN
DB
Fileserver
Web
Built into Windows, cloud-powered
No additional deployment and infrastructure
Continuously up-to-date, lower costs
Built into
Threat Intelligence
Always-on endpoint from partnerships
behavioral sensors Security analytics
Forensic collection
Behavioral IOAs Dictionary Threat Intelligence by
Microsoft hunters
Known adversaries
unknown
SecOps console
Exploration
Files and URLs detonation
Alerts
Response
Built into Windows Behavioral based, cloud powered Rich timeline for investigation Unique threat intelligence
post-breach detection knowledge base
No additional deployment & Actionable, correlated alerts for Easily understand scope of breach Unparalleled threat optics
Infrastructure. Continuously known and unknown adversaries Data pivoting across endpoints provides detailed actor profiles
up-to-date, lower costs. Real-time and historical data Deep files and URLs analysis 1st and 3rd party TI data