Threat Management Plan Part 3: Advanced Threat Analytics

00:00

Welcome back to the M s. 3. 65 Security Administration. Course

00:05

I'm gonna start. Or Jim Daniels

00:07

and we or a Model three. Invest 3 65. Threat protection. Less than three. Threat management,

00:13

Advanced Threat Analytics.

00:16

If your gamer

00:18

you've probably seen this before, you're probably seeing that mean I'm in your base, killing all your dudes.

00:25

You can relate. Some of the games were really challenging.

00:30

You can probably relate to this

00:32

and game setting. However, in cybersecurity,

00:36

she don't want this to happen.

00:38

You don't want something from the inside

00:40

to bring you down.

00:42

Segway, That is, we're going. Actually, we're going to look at advanced for analytics firm with what it is and requirements.

00:50

And how did the boy

00:52

we're going to look at configuration of 80 a. And we're gonna look at managing their services once they're configured.

00:59

Advanced Threat Analytics is a on premises platform

01:03

that's used to discover suspicious server and network behavior that mainly to internal or external attacks.

01:08

88 technology detects multiple times to suspicious activities

01:14

focusing with several phases of these cyber attack kill chain,

01:18

including reconnaissance.

01:19

This is wish

01:21

Attackers gather information about your environments bill

01:23

different areas. What different in and do these air there. This is where they plan to come back to hit you

01:32

lateral movement cycle.

01:34

This is when an attacker invest time and effort and spreading their attacks office inside your network.

01:40

Let's say somebody has compromised

01:42

your facilities department.

01:44

Maybe they're gonna move laterally and work one purchasing They're gonna work one. The Scotty and information,

01:51

they're gonna do a lateral so they have more of a surface to do. Arm

01:55

the main dominance

01:57

information that allows hackers to resume their campaign. So if they have various entry points, credentials and techniques that no to work when your environment.

02:07

Inner advance for analytics

02:10

The three components of 80 a

02:13

is 80 a center,

02:15

the 80 a gateway Andy 80. A lightweight gateway.

02:20

If you're saying yourself age in this all seems kind of familiar.

02:23

IHS.

02:24

So we looked earlier at Azar Advance trip

02:29

and the previous lessons

02:31

and that is basically advance for analytics. However, that was hybrid

02:37

cloud environment, plus home for him.

02:38

80 a is purely one friend.

02:42

The architecture for 80 a is as follows.

02:46

It monitors your domain control network traffic by utilizing port mirroring to an 80 a gateway using a physical or virtual switch.

02:53

If you deploy 80 a lightweight gateway directly under domain controller,

02:59

it removes the requirement for Port Mary.

03:01

In addition, 80 Achon levers when those events

03:06

ported directly from your domain controllers or from a seem server and analyze the data for attacks and threats

03:13

so we can see the 80 a lot way gateway

03:15

that installs directly when a domain controller,

03:20

whereas the gateway

03:22

is more like a listening device toe where they get information and they get events from your network in front of the main controllers.

03:30

But it's the middle man.

03:31

It goes through the Gateway gateway, since it to the 80 a center

03:37

88 is included for use with any in the process of building Security License Week

03:42

with US East 3 45.

03:45

That being said, if you had the M s 3 65 suite, which also includes Aaron Process Billing and Security Suite either the 3 35 you also have the ability to use a T A.

03:54

All you need is a read only account tomorrow, sort of the main

04:00

to monitor the main control, and he's be functional Level 2003 plus

04:03

for the A T A center. It needs to be server 2012 or two,

04:08

and it has to have a self signed certificate.

04:11

Time think

04:13

has to be within five minutes of each other, and this is a standard that

04:16

really expands across and of directory.

04:20

So chances are, unless you're heading really miserable

04:25

synchronization issues within your environment already, Tom Sink requirement. You already have that.

04:30

A gateway

04:31

require Server 2012 or two plus

04:36

88 wave requires server 2012 or two and beyond. 80. Lightweight Gateway is on a D. C. Running 2008 or two sp 1 2012 plus

04:47

minimum, two cores and six Dig of ram on the D. C. For the lightweight gateway,

04:54

you cannot put 80. A lightweight gateway. One server

05:00

to configure advanced our analytics

05:02

from these steps.

05:04

I need to meet the three wrecks

05:06

installed a C A center and so gateways

05:11

Ballade,

05:12

the 80 a center and gateway installations.

05:15

Set your A V Exclusions

05:16

and configure 80 a center and components

05:20

some of the regular management

05:23

within a T A.

05:25

We'll include user access management within the role groups.

05:28

You may want to export import 88 configuration

05:31

even move 88. Database to another drive and look at the reports

05:38

quiz,

05:39

which is not a component of advanced right analytics.

05:42

80. A Gateway

05:44

80 a center

05:46

80 a lightweight gateway or the 88 Gateway Center.

05:49

Which one do you think it iss

05:53

correct? Answer is 88 Gateway Center. The Gateway Center is not a complainer.

05:59

You have a gateway. You have the center

06:00

and also the lightweight Get away

06:02

to recap this lesson a ta is a warm premises platform as used to discover a suspicious server and networking behavior

06:11

that may lead to internal or external attacks.