Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back to the M s. 3. 65 Security Administration. Course
00:05
I'm gonna start. Or Jim Daniels
00:07
and we or a Model three. Invest 3 65. Threat protection. Less than three. Threat management,
00:13
Advanced Threat Analytics.
00:16
If your gamer
00:18
you've probably seen this before, you're probably seeing that mean I'm in your base, killing all your dudes.
00:25
You can relate. Some of the games were really challenging.
00:30
You can probably relate to this
00:32
and game setting. However, in cybersecurity,
00:36
she don't want this to happen.
00:38
You don't want something from the inside
00:40
to bring you down.
00:42
Segway, That is, we're going. Actually, we're going to look at advanced for analytics firm with what it is and requirements.
00:50
And how did the boy
00:52
we're going to look at configuration of 80 a. And we're gonna look at managing their services once they're configured.
00:59
Advanced Threat Analytics is a on premises platform
01:03
that's used to discover suspicious server and network behavior that mainly to internal or external attacks.
01:08
88 technology detects multiple times to suspicious activities
01:14
focusing with several phases of these cyber attack kill chain,
01:18
including reconnaissance.
01:19
This is wish
01:21
Attackers gather information about your environments bill
01:23
different areas. What different in and do these air there. This is where they plan to come back to hit you
01:32
lateral movement cycle.
01:34
This is when an attacker invest time and effort and spreading their attacks office inside your network.
01:40
Let's say somebody has compromised
01:42
your facilities department.
01:44
Maybe they're gonna move laterally and work one purchasing They're gonna work one. The Scotty and information,
01:51
they're gonna do a lateral so they have more of a surface to do. Arm
01:55
the main dominance
01:57
information that allows hackers to resume their campaign. So if they have various entry points, credentials and techniques that no to work when your environment.
02:07
Inner advance for analytics
02:10
The three components of 80 a
02:13
is 80 a center,
02:15
the 80 a gateway Andy 80. A lightweight gateway.
02:20
If you're saying yourself age in this all seems kind of familiar.
02:23
IHS.
02:24
So we looked earlier at Azar Advance trip
02:29
and the previous lessons
02:31
and that is basically advance for analytics. However, that was hybrid
02:37
cloud environment, plus home for him.
02:38
80 a is purely one friend.
02:42
The architecture for 80 a is as follows.
02:46
It monitors your domain control network traffic by utilizing port mirroring to an 80 a gateway using a physical or virtual switch.
02:53
If you deploy 80 a lightweight gateway directly under domain controller,
02:59
it removes the requirement for Port Mary.
03:01
In addition, 80 Achon levers when those events
03:06
ported directly from your domain controllers or from a seem server and analyze the data for attacks and threats
03:13
so we can see the 80 a lot way gateway
03:15
that installs directly when a domain controller,
03:20
whereas the gateway
03:22
is more like a listening device toe where they get information and they get events from your network in front of the main controllers.
03:30
But it's the middle man.
03:31
It goes through the Gateway gateway, since it to the 80 a center
03:37
88 is included for use with any in the process of building Security License Week
03:42
with US East 3 45.
03:45
That being said, if you had the M s 3 65 suite, which also includes Aaron Process Billing and Security Suite either the 3 35 you also have the ability to use a T A.
03:54
All you need is a read only account tomorrow, sort of the main
04:00
to monitor the main control, and he's be functional Level 2003 plus
04:03
for the A T A center. It needs to be server 2012 or two,
04:08
and it has to have a self signed certificate.
04:11
Time think
04:13
has to be within five minutes of each other, and this is a standard that
04:16
really expands across and of directory.
04:20
So chances are, unless you're heading really miserable
04:25
synchronization issues within your environment already, Tom Sink requirement. You already have that.
04:30
A gateway
04:31
require Server 2012 or two plus
04:36
88 wave requires server 2012 or two and beyond. 80. Lightweight Gateway is on a D. C. Running 2008 or two sp 1 2012 plus
04:47
minimum, two cores and six Dig of ram on the D. C. For the lightweight gateway,
04:54
you cannot put 80. A lightweight gateway. One server
05:00
to configure advanced our analytics
05:02
from these steps.
05:04
I need to meet the three wrecks
05:06
installed a C A center and so gateways
05:11
Ballade,
05:12
the 80 a center and gateway installations.
05:15
Set your A V Exclusions
05:16
and configure 80 a center and components
05:20
some of the regular management
05:23
within a T A.
05:25
We'll include user access management within the role groups.
05:28
You may want to export import 88 configuration
05:31
even move 88. Database to another drive and look at the reports
05:38
quiz,
05:39
which is not a component of advanced right analytics.
05:42
80. A Gateway
05:44
80 a center
05:46
80 a lightweight gateway or the 88 Gateway Center.
05:49
Which one do you think it iss
05:53
correct? Answer is 88 Gateway Center. The Gateway Center is not a complainer.
05:59
You have a gateway. You have the center
06:00
and also the lightweight Get away
06:02
to recap this lesson a ta is a warm premises platform as used to discover a suspicious server and networking behavior
06:11
that may lead to internal or external attacks.
06:14
Thank you for joining me on this lesson. Have you see for the next one take care?

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor