Protecting your network: Azure ATP

In a previous blog post ( I was talkng about the protection measures that we have against attackers, but today I want to go deeper with Azure ATP.

Azure Advanced Threat Protection (Azure ATP) assists security professionals in monitoring on-premises Active Directory to identify, detect, and protect from advanced threats and malicious activities. 

Azure ATP is a cloud-based service that utilizes agents / sensors on the domain controllers to track authentication activities. Azure ATP gives IT the tools to proactively assess the environment:

  • Monitor users, entity behavior, and activities with learning-based analytics 
  • Protect user identities and credentials stored in Active Directory 
  • Identify and investigate suspicious user activities and advanced attacks throughout the kill chain 
  • Provide clear incident information on a simple timeline for fast triage 

Once the portal and the sensors has been enabled and tuned, ATP gives the possibility to have access to information such as:

  • Lateral movement paths of sensitive accounts 
  • Modification of sensitive groups 
  • Passwords exposed in clear text 
  • Summaries of suspicious activities and health issues 

For those not familiarized with all those language, let me put it clear, Azure ATP gives in a plan language and graphics, which suspicious activities were identified on the network, and the actors and computers involved in the threats.  

Moreover, alerts are graded for severity, color-coded, and organized by threat phase. Each alert is designed to quickly understand exactly what is occurring on the network.

As you can see, Azure ATP is a great tool, and if we combine this tool with MDATP, you will have a clear line of defense against attackers.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s