Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Get Quote

 
  

Azure Advanced Threat Protection (ATP) cloud service helps protect your organization from insider threats and compromised identities. It constantly monitors the domain controllers and analyzes events. It identifies threat patterns and their source, both on-premises and in the cloud.

What can Azure Advanced Threat Protection do?

Identify suspicious insider activity

Azure ATP tracks user behavior across the network and sets a baseline that is considered normal for each individual account. In the event of abnormal activities, such as unusual logon time and access of critical files, an alert is sent to the system admins along with insights about the threat. Azure ATP sensors monitor all the domain controllers for user activity.

Prevent lateral attacks

Security reports (to show which user or device is using a clear-text password to authenticate) and user profile analytics reduce the risk of user accounts getting compromised.

To thwart lateral attacks in the organization, there is a feature called Lateral Movement Paths (LMPs) that provides a visual interpretation of potential attacks on sensitive and vulnerable accounts and how to mitigate them.

Mitigate advanced threats

Typically, black hats look for sources, like a user with low privileges, for easy entry into an organization's network. Then, they move laterally and take control of the entire network, including domain controllers, privileged accounts, and sensitive data.

The security alerts in Azure ATP are distinguished into the following categories in the form of phases observed in a typical cyber-attack kill chain:

  • Reconnaissance
  • Compromised credentials
  • Lateral movement
  • Domain dominance
  • Exfiltration

With Azure ATP, system admins can identify malicious users, breaches in the network, or credential thefts. However, limitations such as short log retention and the inability to view changes made to on-premises and cloud environments comprehensively make threat detection complex and time-consuming in the native tool.

Enhancing advanced threat protection in Azure AD using ADAudit Plus

What value can ADAudit Plus add to Azure ATP?

Correlated and comprehensive reporting

ADAudit Plus presents all the data across the hybrid environments in a single console.

Custom reports

Custom reports can be configured as per your organizational needs, apart from the 200+ preconfigured reports in ADAudit Plus that are at your disposal.

Autonomous response to threats

ADAudit Plus facilitates automatic remediation measures in response to an alert, assuring admins that the network is being taken care of, round the clock.

Timeless data logging and archiving

Using ADAudit Plus, Active Directory's audit logs can be stored indefinitely. If there is a requirement to check the logs, such as in the cases of a data breach or for compliance purposes, the logs can be easily retrieved from the archives.

About ADAudit Plus

ADAudit Plus is a real-time, web-based Windows Active Directory change reporting software that audits, tracks, reports and alerts on Windows (Active Directory, workstations logon/logoff, file servers and servers), NetApp filers and EMC servers to help meet the demands of the much-needed security, audit and compliance. With ADAudit Plus, track authorized/unauthorized AD management changes, access of users, GPO, groups, computer, OU. Track every file, folder modifications, access and permissions changes with 200+ detailed event-specific reports and get instant emails alerts. You can also export the results to XLS, HTML, PDF and CSV formats to assist in interpretation and computer forensics. For more information on ADAudit Plus, visit https://www.manageengine.com/active-directory-audit/.

More related links

     

Native auditing becoming a little too much?

Try ADAudit Plus login monitoring tool to audit, track, and respond to malicious login and logoff actions instantaneously.

Try ADAudit Plus for free
 

ADAudit Plus Trusted By