Implementing and Managing Microsoft Advanced Threat Analytics

På denna Microsoft Advanced Threat Analytics-kurs lär du dig att implementera och använda Advanced Threat Analytics (ATA) för att snabbt snabbt identifiera avancerade beständiga hot. ATA ger dig stöd i din jakt på cyberhot i allt från att upptäcka kända angrepp och hitta onormal aktivitet med maskininlärning och beteendeanalys. Kursen hålls på engelska av en expert från säkerhetsföretaget CQure.

200+ days. That’s the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. The Microsoft Advanced Threat Analytics (ATA) helps to identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline. Customers that want to proactively monitor the environment should be more aware about which activities are malicious, which are good. This is a great challenge when this relates to the hundred-servers environment.

Target audience

Infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

Materials

Author’s unique tools, Exercises and presentations slides with notes.

About the Author

Paula Januszkiewicz is a word-renowned Security Expert. Paula loves to perform Penetration Tests, IT Security Audits, and after all she says: ‘harden’em all’! Enterprise Security MVP and trainer (MCT) and Microsoft Security Trusted Advisor.

Top-speaker at world known conferences, including being No 1 speaker at Microsoft Ignite!

Prerequisites

An ideal candidate for this course should have attended Masterclass: Hacking and Securing Windows Infrastructure. You should alternatively have good knowledge on Windows authentication mechanisms and protocols. You should have good understanding of PTH and PTT attacks. Experience in Active Directory Domain Services is highly recommended.

Agenda

Threat landscape

  • Risks for cloud and on-premise infrastructure
  • Modern threats
  • Incident response flaws

ATA Architecture

  • ATA Center
  • ATA Gateway
  • ATA Console
  • Multi-segment networks

Prerequisites

  • Active Directory requirements
  • Networking requirements
  • Database requirements
  • Capacity planning
  • Port and protocols 

Installation

  • Port monitoring
  • Event collection
  • Mobility support
  • Integration to SIEM/Syslog
  • Virtualization issues

Detection module

  • Incident responding
  • Short-term lease subnets
  • Honeytokens

Analytics module

  • Suspicious Activities Time Line
  • Filtering Suspicious Activities
  • Self-learning

Management

  • ATA Console
  • ATA Configuration
  • Alerts
  • Health Center
  • Database management
  • Telemetry

Troubleshooting

  • Backup and Restore
  • Logs
  • Performance counters
  • Database

Further steps

  • Advanced monitoring techniques
  • Incident response plans

Boka kursen

Boka din plats redan idag.

Om kursen

Pris: 26 950,00 kr

exklusive moms

Längd 3 dagar
Kurskod CQ-ATA
Boka kursen

Välj ort och kursstart

26 juni

23 oktober

18 december

Kunduppgifter