We have spoken about Azure SQL Advanced Threat Protection but what about Azure's product for your onpremise enviroment
Azure Advanced Threat Protection ( AATP ) Uses AI to forward traffic from your environment and detect problems or threats on your onpremise enviroment
- Pass the ticket (PtT)
- Pass the hash
- Overpass the hash
- Forged Privileged Attribute Certificate (PAC; MS14-068)
- Golden ticket
- Malicious replication
- Directory service enumeration
- Server Message Block (SMB) session enumeration
- Domain Name Service (DNS) reconnaissance
- Horizontal brute force
- Vertical brute force
- Skeleton key
- Unusual protocol
- Encryption downgrade
- Remote execution
- Malicious service creation
How it works
Once a license is acquired an Azure ATP Admin center will appear in your 365 Admin Portal
You create a workspace for each of your Domain Forests , enter the credentials for the domain and download the Sensor onto a domain controller. This uses the Wireshark driver to forward traffic Live to Azure for real time log Analysis
You can then see issues live as well as schedule reports
License
Enterprise Mobility + Security (EMS) E5 at 13 Pounds / Month per User