Threat Management Plan Part 3: Advanced Threat Analytics
6 hours 59 minutes
Welcome back to the M s. 3. 65 Security Administration. Course
I'm gonna start. Or Jim Daniels
and we or a Model three. Invest 3 65. Threat protection. Less than three. Threat management,
Advanced Threat Analytics.
If your gamer
you've probably seen this before, you're probably seeing that mean I'm in your base, killing all your dudes.
You can relate. Some of the games were really challenging.
You can probably relate to this
and game setting. However, in cybersecurity,
she don't want this to happen.
You don't want something from the inside
to bring you down.
Segway, That is, we're going. Actually, we're going to look at advanced for analytics firm with what it is and requirements.
And how did the boy
we're going to look at configuration of 80 a. And we're gonna look at managing their services once they're configured.
Advanced Threat Analytics is a on premises platform
that's used to discover suspicious server and network behavior that mainly to internal or external attacks.
88 technology detects multiple times to suspicious activities
focusing with several phases of these cyber attack kill chain,
This is wish
Attackers gather information about your environments bill
different areas. What different in and do these air there. This is where they plan to come back to hit you
lateral movement cycle.
This is when an attacker invest time and effort and spreading their attacks office inside your network.
Let's say somebody has compromised
your facilities department.
Maybe they're gonna move laterally and work one purchasing They're gonna work one. The Scotty and information,
they're gonna do a lateral so they have more of a surface to do. Arm
the main dominance
information that allows hackers to resume their campaign. So if they have various entry points, credentials and techniques that no to work when your environment.
Inner advance for analytics
The three components of 80 a
is 80 a center,
the 80 a gateway Andy 80. A lightweight gateway.
If you're saying yourself age in this all seems kind of familiar.
So we looked earlier at Azar Advance trip
and the previous lessons
and that is basically advance for analytics. However, that was hybrid
cloud environment, plus home for him.
80 a is purely one friend.
The architecture for 80 a is as follows.
It monitors your domain control network traffic by utilizing port mirroring to an 80 a gateway using a physical or virtual switch.
If you deploy 80 a lightweight gateway directly under domain controller,
it removes the requirement for Port Mary.
In addition, 80 Achon levers when those events
ported directly from your domain controllers or from a seem server and analyze the data for attacks and threats
so we can see the 80 a lot way gateway
that installs directly when a domain controller,
whereas the gateway
is more like a listening device toe where they get information and they get events from your network in front of the main controllers.
But it's the middle man.
It goes through the Gateway gateway, since it to the 80 a center
88 is included for use with any in the process of building Security License Week
with US East 3 45.
That being said, if you had the M s 3 65 suite, which also includes Aaron Process Billing and Security Suite either the 3 35 you also have the ability to use a T A.
All you need is a read only account tomorrow, sort of the main
to monitor the main control, and he's be functional Level 2003 plus
for the A T A center. It needs to be server 2012 or two,
and it has to have a self signed certificate.
has to be within five minutes of each other, and this is a standard that
really expands across and of directory.
So chances are, unless you're heading really miserable
synchronization issues within your environment already, Tom Sink requirement. You already have that.
require Server 2012 or two plus
88 wave requires server 2012 or two and beyond. 80. Lightweight Gateway is on a D. C. Running 2008 or two sp 1 2012 plus
minimum, two cores and six Dig of ram on the D. C. For the lightweight gateway,
you cannot put 80. A lightweight gateway. One server
to configure advanced our analytics
from these steps.
I need to meet the three wrecks
installed a C A center and so gateways
the 80 a center and gateway installations.
Set your A V Exclusions
and configure 80 a center and components
some of the regular management
within a T A.
We'll include user access management within the role groups.
You may want to export import 88 configuration
even move 88. Database to another drive and look at the reports
which is not a component of advanced right analytics.
80. A Gateway
80 a center
80 a lightweight gateway or the 88 Gateway Center.
Which one do you think it iss
correct? Answer is 88 Gateway Center. The Gateway Center is not a complainer.
You have a gateway. You have the center
and also the lightweight Get away
to recap this lesson a ta is a warm premises platform as used to discover a suspicious server and networking behavior
that may lead to internal or external attacks.
Thank you for joining me on this lesson. Have you see for the next one take care?