Threat Management Plan Part 3: Advanced Threat Analytics

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Welcome back to the M s. 3. 65 Security Administration. Course
00:05
I'm gonna start. Or Jim Daniels
00:07
and we or a Model three. Invest 3 65. Threat protection. Less than three. Threat management,
00:13
Advanced Threat Analytics.
00:16
If your gamer
00:18
you've probably seen this before, you're probably seeing that mean I'm in your base, killing all your dudes.
00:25
You can relate. Some of the games were really challenging.
00:30
You can probably relate to this
00:32
and game setting. However, in cybersecurity,
00:36
she don't want this to happen.
00:38
You don't want something from the inside
00:40
to bring you down.
00:42
Segway, That is, we're going. Actually, we're going to look at advanced for analytics firm with what it is and requirements.
00:50
And how did the boy
00:52
we're going to look at configuration of 80 a. And we're gonna look at managing their services once they're configured.
00:59
Advanced Threat Analytics is a on premises platform
01:03
that's used to discover suspicious server and network behavior that mainly to internal or external attacks.
01:08
88 technology detects multiple times to suspicious activities
01:14
focusing with several phases of these cyber attack kill chain,
01:18
including reconnaissance.
01:19
This is wish
01:21
Attackers gather information about your environments bill
01:23
different areas. What different in and do these air there. This is where they plan to come back to hit you
01:32
lateral movement cycle.
01:34
This is when an attacker invest time and effort and spreading their attacks office inside your network.
01:40
Let's say somebody has compromised
01:42
your facilities department.
01:44
Maybe they're gonna move laterally and work one purchasing They're gonna work one. The Scotty and information,
01:51
they're gonna do a lateral so they have more of a surface to do. Arm
01:55
the main dominance
01:57
information that allows hackers to resume their campaign. So if they have various entry points, credentials and techniques that no to work when your environment.
02:07
Inner advance for analytics
02:10
The three components of 80 a
02:13
is 80 a center,
02:15
the 80 a gateway Andy 80. A lightweight gateway.
02:20
If you're saying yourself age in this all seems kind of familiar.
02:23
IHS.
02:24
So we looked earlier at Azar Advance trip
02:29
and the previous lessons
02:31
and that is basically advance for analytics. However, that was hybrid
02:37
cloud environment, plus home for him.
02:38
80 a is purely one friend.
02:42
The architecture for 80 a is as follows.
02:46
It monitors your domain control network traffic by utilizing port mirroring to an 80 a gateway using a physical or virtual switch.
02:53
If you deploy 80 a lightweight gateway directly under domain controller,
02:59
it removes the requirement for Port Mary.
03:01
In addition, 80 Achon levers when those events
03:06
ported directly from your domain controllers or from a seem server and analyze the data for attacks and threats
03:13
so we can see the 80 a lot way gateway
03:15
that installs directly when a domain controller,
03:20
whereas the gateway
03:22
is more like a listening device toe where they get information and they get events from your network in front of the main controllers.
03:30
But it's the middle man.
03:31
It goes through the Gateway gateway, since it to the 80 a center
03:37
88 is included for use with any in the process of building Security License Week
03:42
with US East 3 45.
03:45
That being said, if you had the M s 3 65 suite, which also includes Aaron Process Billing and Security Suite either the 3 35 you also have the ability to use a T A.
03:54
All you need is a read only account tomorrow, sort of the main
04:00
to monitor the main control, and he's be functional Level 2003 plus
04:03
for the A T A center. It needs to be server 2012 or two,
04:08
and it has to have a self signed certificate.
04:11
Time think
04:13
has to be within five minutes of each other, and this is a standard that
04:16
really expands across and of directory.
04:20
So chances are, unless you're heading really miserable
04:25
synchronization issues within your environment already, Tom Sink requirement. You already have that.
04:30
A gateway
04:31
require Server 2012 or two plus
04:36
88 wave requires server 2012 or two and beyond. 80. Lightweight Gateway is on a D. C. Running 2008 or two sp 1 2012 plus
04:47
minimum, two cores and six Dig of ram on the D. C. For the lightweight gateway,
04:54
you cannot put 80. A lightweight gateway. One server
05:00
to configure advanced our analytics
05:02
from these steps.
05:04
I need to meet the three wrecks
05:06
installed a C A center and so gateways
05:11
Ballade,
05:12
the 80 a center and gateway installations.
05:15
Set your A V Exclusions
05:16
and configure 80 a center and components
05:20
some of the regular management
05:23
within a T A.
05:25
We'll include user access management within the role groups.
05:28
You may want to export import 88 configuration
05:31
even move 88. Database to another drive and look at the reports
05:38
quiz,
05:39
which is not a component of advanced right analytics.
05:42
80. A Gateway
05:44
80 a center
05:46
80 a lightweight gateway or the 88 Gateway Center.
05:49
Which one do you think it iss
05:53
correct? Answer is 88 Gateway Center. The Gateway Center is not a complainer.
05:59
You have a gateway. You have the center
06:00
and also the lightweight Get away
06:02
to recap this lesson a ta is a warm premises platform as used to discover a suspicious server and networking behavior
06:11
that may lead to internal or external attacks.
06:14
Thank you for joining me on this lesson. Have you see for the next one take care?
Up Next