Azure ATP’s proprietary sensors monitor or… Azure ATP では、ネットワーク全体でユーザーのアクティビティと情報 (アクセス許可やグループ メンバーシップなど) が監視されて、各ユーザーの行動ベースラインが作成されます。Azure ATP monitors and analyzes user activities and information across your network, such as permissions and group membership, creating a behavioral baseline for each user.
その後、Azure ATP では、適応型の組み込みインテリジェンスによって異常が識別され、不審なアクティビティやイベントに関する分析情報が … Use Azure ATP to quickly investigate threats, and gain insights across the organization for users, devices, and network resources. Seamless integration with Microsoft Defender ATP provides another layer of enhanced security by additional detection and protection against advanced persistent threats on the operating system.Azure ATP enables SecOp analysts and security professionals struggling to detect advanced attacks in hybrid environments to:Identify attempts to compromise user credentials using brute force attacks, failed authentications, user group membership changes, and other methods.We recommend deploying Azure ATP in three phases:Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure ATP monitors and analyzes user activities and information across your network, such as permissions and group membership, creating a behavioral baseline for each user. Attackers are searching for information about user names, users' group membership, IP addresses assigned to devices, resources, and more, using a variety of methods.Azure ATP monitors and analyzes user activities and information across your network, such as permissions and group membership, creating a behavioral baseline for each user. Azure ATP supports single sign-on integrated with Windows authentication - if you've already logged on to your computer, Azure ATP uses that token to log you into the Azure ATP portal. Azure ATP センサーは、ドメイン コントローラーのリソースとネットワーク アクティビティへの影響が最小限になるように設計されています。 The Azure ATP sensor is designed to have minimal impact on your domain controller resources and network activity. Azure ATP provides you invaluable insights on identity configurations and suggested security best-practices. Through security reports and user profile analytics, Azure ATP helps dramatically reduce your organizational attack surface, making it harder to compromise user credentials, and advance an attack. Azure ATP then identifies anomalies with adaptive built-in intelligence, giving you insights into suspicious activities and events, revealing the advanced threats, compromised users, and insider threats facing your organization. スマートカードでログインすることもできます。 Azure ATP では、既知の悪意ある攻撃と手法、セキュリティ上の問題、およびご利用のネットワークに対するリスクが検出されます。Azure ATP detects known malicious attacks and techniques, security issues, and risks against your network.Azure ATP の検出の完全な一覧については、Azure ATP が実行する検出の内容に関するページをご覧ください。For the full list of Azure ATP detections, see What detections does Azure ATP perform?. Azure ATP クラウド サービスは、Microsoft のインテリジェント セキュリティ グラフに接続されます。 Azure ATP cloud service is connected to Microsoft's intelligent security graph. Azure ATP は、オンプレミスの Active Directory ユーザーまたは Azure Active Directory に同期されたユーザー (あるいは両方) を保護します。 Azure ATP protects your on-premises Active Directory users and/or users synced to your Azure Active Directory. Azure ATP's visual Lateral Movement Paths help you quickly understand exactly how an attacker can move laterally inside your organization to compromise sensitive accounts and assists in preventing those risks in advance.
Azure ATP cloud service runs on Azure infrastructure and is currently deployed in the US, Europe, and Asia. Azure ATP security reports help you identify users and devices that authenticate using clear-text passwords and provide additional insights to improve your organizational security posture and policies.Highlighting attacker behavior if domain dominance is achieved, through remote code execution on the domain controller, and methods such as DC Shadow, malicious domain controller replication, Golden Ticket activities, and more.Identify rogue users and attackers' attempts to gain information. The Azure ATP attack timeline view allows you to easily stay focused on what matters, leveraging the intelligence of smart analytics.