AATP

What is Azure Advanced Threat Protection?

We have spoken about Azure SQL Advanced Threat Protection but what about Azure's product for your onpremise enviroment

Azure Advanced Threat Protection ( AATP ) Uses AI to forward traffic from your environment and detect problems or threats on your onpremise enviroment

 

What is currently protected

  • Pass the ticket (PtT)
  • Pass the hash
  • Overpass the hash
  • Forged Privileged Attribute Certificate (PAC; MS14-068)
  • Golden ticket
  • Malicious replication
  • Directory service enumeration
  • Server Message Block (SMB) session enumeration
  • Domain Name Service (DNS) reconnaissance
  • Horizontal brute force
  • Vertical brute force
  • Skeleton key
  • Unusual protocol
  • Encryption downgrade
  • Remote execution
  • Malicious service creation

How it works

Once a license is acquired an Azure ATP Admin center will appear in your 365 Admin Portal

You create a workspace for each of your Domain Forests , enter the credentials for the domain and download the Sensor onto a domain controller. This uses the Wireshark driver to forward traffic Live to Azure for real time log Analysis 

You can then see issues live as well as schedule reports

License

Enterprise Mobility + Security (EMS) E5 at 13 Pounds / Month per User