Kurser

Kursusadministration

Brug for hjælp?

  • Gregersensvej 8
  • 2630 Taastrup
Google MapsApple MapsRejseplanen
  • Forskerparken Fyn, Forskerparken 10F
  • 5230 Odense M
Google MapsApple MapsRejseplanen
  • Teknologiparken Kongsvang Allé 29
  • 8000 Aarhus C
Google MapsApple MapsRejseplanen
  • NordsøcentretPostboks 104
  • 9850Hirtshals
Google MapsApple MapsRejseplanen
  • Gammel Ålbovej 1
  • 6092Sønder Stenderup
Google MapsApple MapsRejseplanen

Masterclass: Implementing and Managing Microsoft Advanced Threat Analytics

Få styr på Microsoft Advanced Threat Analytics (ATA), så du er klædt godt på til at overvåge jeres miljø og spotte uhensigtsmæssig adfærd, samt hvilke aktiviteter der er ondsindede og hvilke der er gode. Dette kan være en stor udfordring, når en virksomhed har mange servere.

200 +days! That’s the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. The Microsoft Advanced Threat Analytics (ATA) helps to identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline. Customers that want to proactively monitor the environment should be more aware about which activities are malicious, which are good. This is a great challenge when this relates to the hundred-servers environment.

Deltagerprofil

Infrastructure architects, security professionals, system engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

An ideal candidate for this course should have attended Masterclass Hacking and Securing Windows Infrastructure. You should alternatively have good knowledge on Windows authentication mechanisms and protocols. You should have good understanding of PTH and PTT attacks. Experience in Active Directory Domain Services is highly recommended.

Indhold

Module 1 Threat landscape
  • Risks for cloud and on-premise infrastructure
  • Modern threats
  • Incident response flaws
Module 2 ATA Architecture
  • ATA Center
  • ATA Gateway
  • ATA Console
  • Multi-segment networks
Module 3 Prerequisites
  • Active Directory requirements
  • Networking requirements
  • Database requirements
  • Capacity planning
  • Port and protocols
Module 4 Installation
  • Port monitoring
  • Event collection
  • Mobility support
  • Integration to SIEM/Syslog
  • Virtualization issues
Module 5 Detection module
  • Incident responding
  • Short-term lease subnets
  • Honeytokens
Module 6 Analytics module
  • Suspicious Activities Time Line
  • Filtering Suspicious Activities
  • Self-learning
Module 7 Management
  • ATA Console
  • ATA Configuration
  • Alerts
  • Health Center
  • Database management
  • Telemetry
Module 8 Troubleshooting
  • Backup an Restore
  • Logs
  • Performance counters
  • Database
Module 9 Further steps
  • Advanced monitoring techniques
  • Incident response plans

Kursusmateriale

Author's unique tools, exercises and presentation slides with notes.

Underviser

CQURE Chris
Chris Pietrzak is a system architect and consultant. He is designing and implementing solutions for Security, Network & Management area, mainly for Microsoft platform. The leader of the Microsoft Security Solutions User Group.

Har du faglige spørgsmål så kontakt
Andre kurser