Skip to content

Enterprise Mobility + Security

How Microsoft Advanced Threat Analytics detects golden ticket attacks

If you’re in the business of threat detection, you are probably familiar with the term “golden ticket”. For those less familiar, a golden ticket is the name of a Kerberos ticket that is manually created by an attacker after gaining access to your environment’s encryption “master key”. A golden ticket allows an attacker to masquerade...

Read more

Ransomware detection with Microsoft Advanced Threat Analytics and Cloud App Security

The rise of ransomware and its media presence in recent months has highlighted, perhaps now more than ever, the importance of robust security systems to detect and respond to devious and evolving threats. We know extortion via ransomware is an effective scare tactic – after all, victims can be of both consumer and commercial variants...

Read more

Cybersecurity attackers toolkit – what you need to know

Cybersecurity attackers toolkit – what you need to know

Cyber attackers have many tools available to them to infiltrate an enterprise network, find that sensitive piece of data they’re looking for, and exfiltrate it from your enterprise. In conversations with customers, I’ve found that some are familiar with these tools; however, many aren’t, or they are not fully aware of how powerful these tools...

Read more

Eliminating plaintext passwords with Microsoft Advanced Threat Analytics using LDAP

I may be stating the obvious, but it’s incredibly important to identify applications, servers, and sensitive accounts that should be using encryption. What we find all too frequently, however, is that passwords are being sent in plaintext in most enterprises. Here’s what you need to know about identifying these vulnerabilities and, more importantly, how to...

Read more

Why you need a cloud access security broker in addition to your firewall

In conversations with customers, a frequent question comes up that I thought I’d answer: why do I need a cloud access security broker (CASB) when I have my trusted firewall? A CASB will help you protect your cloud and SaaS apps from cybersecurity attacks, insider threats, and potential data loss. Firewalls vs CASB Firewalls are...

Read more

Will Advanced Threat Analytics help me with all operating systems?

A frequent question I get from customers is, will Microsoft’s Advanced Threat Analytics (ATA) help me detect suspicious activity on my network, regardless of the operating systems in my environment? “YES!” is the short answer. Any user or entity that connects to the network via Active Directory (AD), queries the DNS servers, or authenticates with AD...

Read more

Uncover insider threats, blind spots in your network with Advanced Threat Analytics

You’ve probably heard time and again that more than 63% of network intrusions are due to compromised user credentials. Once on the network, the adversary remains undetected for months. You’ve spent years building up your perimeter and have a comprehensive protection strategy in place. That said, attackers are still coming through and/or you are worried about...

Read more