Advanced Threat Protection Part 4: Azure ATP
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
6 hours 59 minutes
Welcome back to the M S ST 65 Security Administration course.
I'm your instructor, Jim Daniels,
and we're on module three Industry 65 Threat Protection
Advanced Threat Protection Part four. As you're a TV
in this lesson, we're going to go over how azure 80 p. Advanced threat protection
helps identify, detect and investigate threats.
We'll also look at some of the configuration and management aspects of azure A teepee,
as your 80 p is a cloud based security solution that leverages your on premises Active directory to identify,
detect and investigate advanced threat
compromise identities and malicious insider actions directed at your organization.
As your 80 p detects multiple suspicious activities focusing on several phases of a cyberattack kill chain.
Some of these include lateral movement,
this one an attacker, invest time and effort
to spread increased their attacks service inside your network.
is when an attacker gathers information on how your environments built.
They're building their plan for their next phase of attack.
If you learn about your target,
you can plan your tax better. That's what reconnaissance is.
Domain dominance. Persistence
is where an attacker captures the information,
allowing them to resume their campaign using various sets of entry points, credentials and techniques.
This is pretty much the
hopefully doesn't get to this. This is where, as your 80 p life will give you an alert and early detection if this will be your fate,
this lot describes how the full of azure 80 peace and network and invent capturing works
and how it drills down to describe the functionality. The main components.
The Azure 80 p portal azure 80 p sensor in the azure 80 p Cloud Service.
The azure 80 p sensor is a stone directly on your domain controller
and accesses the required events low directly from the demand controller is at the source of the logs
after the logs and network traffic or parsed by the sensor
as you're a teepee. Sins only the parsed information
to the azure 18 p. Cloud service.
Only a small percentage of all of the logs were sent
to configure azure. A teepee.
Enter your azure a TV portal.
80 p the 80 p dot after dot com
What do you really remember? All right, anyway,
as they advanced right protection. That's the euro.
Enter the after a TV portal as something in this screenshot.
Create your workspace. Provide a user name and password. You connect to your 80 forced.
sensor set up package,
install the sensor and configure the sensor settings.
I will say that
as you're a TV is not a free service.
It is a resource within azar,
so you will have your normal costs for your workspace
and you will have your normal costs for ingestion.
There's calculators is available to help you with that cost. Just one before disclosure. This is not one of those features, like GOP, as launch percent included with your MSV 65. Sweet or Subscription.
Here's an example of a suspected identity theft or past the tickets.
We have a graph that shows the different steps and different evidence.
It's time stand.
We have the users and the workstations. All that in play are blurred out in this example.
And as an event,
as administrators, we can have the option to re mediate so we can market as close.
We can suppress it
or we can close and exclude
Closing. Exclude is more for false positives
that you don't want to be notified about in the future. You can also download the details, So then you can send them up to personal question. You can send them to ah Sisa, consenting to whoever you need to.
I talked a little bit about how you can
mark each of them
All suspicious activities appear in the list. If they're open, they're here.
suppress is ignored.
Reopened. Once his clothes is suppressed
in, actually reopen it again.
That's when it is dilated, and you will not be able to restore it.
Quiz the components of Azure 80 p. R. The azure 80 p portal
as your 80 p sensor
and the azure 80 p proxy relay.
or false? One of the components
you said. True, you're wrong.
The answer is false. As your 80 p proxy relay
does not exist,
the Azure 80 p clown service is the correct third component.
So to recap, today's very short lesson as your advanced right protection is a cloud based security solution that leverages your one premises active directory to identify, detect and investigate advance stress, compromise identities and malicious insider actions directed at your organization.
As part of the remediation and work Flynn
as you're a teepee, events could be more disclosed. You can suppress them,
reopen them or even deleting from the senseless.
Thank you for joining me for this lesson. Okecie for the next one.