Why you must implement Azure ATP or ATA for protection

Rishabh   4 min read Twitter,  Facebook,  Linkedin   4 Apr, 2019
  Azure advanced threat analytics , Azure advanced threat protection
Quick Summary ⁓ With the exponential growth in adopting cloud solutions, we all are trying to make Identity and

With the exponential growth in adopting cloud solutions, we all are trying to make Identity and access management as secure as possible. BUT, are you ignoring the security of On-Prem Environment in the urge of cloud Adoption?

Azure Advanced Threat Analytics OR Azure Advanced Threat Protection, are the services which you must deploy to prevent security breach for your enterprise. It doesn’t really matter which cloud solution provider you are using for Identity management... as most of them offer scalable and robust solutions. However, losing security focus may damage the backbone of the entire Enterprise (On-Premise Environment).

We all know from the best of our experiences and knowledge, attackers will always try to gain access to on-prem directory services, so that they can get a hold of all the resources and they can enter a stage called Domain Dominance.

Based on behavioural analytics of typical attackers, all they need is to compromise one single Identity and then they can move on laterally or gain privileged access of your enterprise resources.

If you are using Azure Active Directory, the cloud sign-in attempts are much secured. For each sign-in attempt Azure Active Directory does anomaly check and protects unusual sign in to different resources from unknown locations.

But the actual threat to your enterprise is, when the attackers has compromised identity and have limited access to your on-prem environment, this could be an entry point for them to start making unusual activities with compromised identities.

If you don’t have any solution implemented which can focus on your On-Premise environment or which can notify you about these kinds of malicious activities, we recommend implementing Azure Advanced Threat Analytics or Azure Advanced Threat Protection.

Azure Advanced Threat Analytics/Azure Advanced Threat Protection have the capabilities to check every authentication or authorization activity done by all the identities of your enterprise, as it uses the most updated information about the sign in activities, i.e., log events from your domain controllers.

It’s not only limited to checking the logs, Azure ATP cloud service learns user behaviour and will notify you once any anomaly is detected, it can be:

  • Gaining access to a restricted resource
  • Compromised Identities sign in from unknown locations
  • VPN connectivity request from unknown devices

This is just a glimpse of how much secured Identity management can be, if we take the appropriate decisions at the right time.

A stitch in time saves nine!

So, don’t wait for an incident to occur and then procure a solution which can protect your On-Prem environment.

Azure ATA and Azure ATP are part of EMS suite offered by Microsoft. If you already have EMS Licenses, we can help you to implement this solution with best possible results.

What next?

Well, stay tuned for upcoming articles. You may contact us at contact@attosol.com for your software and consultancy requirements.

PREVIOUS
Getting started with Git - Part 5 - Protecting Branches
NEXT
Working with multiple GCP configurations & Kubernetes clusters

© 2023, Attosol Private Ltd. All Rights Reserved.