Azure Advanced Threat Protection (ATP) brings the full power and security of the Microsoft Cloud to your on-premises identity and infrastructure. In this episode of Coffee with Conrad, we discuss how it works and how it can help you.
What Is ATP?
Azure Advanced Threat Protection (ATP) is an under-discussed, underappreciated piece of technology. With remote work and cloud technology taking precedence in the current professional landscape, it’s important to understand how it fits in with the modern office and workplace. When considering how ATP can help, it’s critical to remember that your security monitoring is only as good as the information you feed into it. Microsoft talks a lot about signals, which is the information our systems are providing us with. These signals are essential to understanding how Azure ATP interacts with the system around it, detecting security issues.
The first place Azure ATP goes is to your local Active Directory (AD). When we discuss AD, we’re talking about the local AD that’s been around for a long time as part of your Windows server. It’s the local AD that your team members still log into. Even in a hybrid environment where people are still using Office 365, you can have your data compromised.
Understand that these attackers don’t always attack right away. Hackers don’t like to tell you they were in your system. The more they can sit in your system, and mine your data, the easier it is for them to hack your account. Once they figure out how to do this, they can continue doing it. It is to their benefit to not set off any warning signs for you to realize they’ve been there until it is too late. If you’re not using multi-factor authentication and challenging those accessing your cloud data, you’re exposed to a variety of cybersecurity threats.
So there are a lot of signals being sent via Office 365. The issue here is that your local Windows directory is bad at understanding where attacks are coming from. Whether it’s coming from an external source or an individual person within your business, the attacks are happening within your environment whether you realize it or not.
What Does Azure Advanced Threat Protection Do?
It detects identity-based attacks throughout the kill. Azure ATP gathers information to help protect the system. This means gathering signals and sending that information into Azure. If someone is logging in from multiple access points, it can submit that information. Azure ATP collects signals that may otherwise be considered suspicious for further evaluation or consideration. Because Azure ATP is able to collect information about patterns and traffic, it can pass all these signals along, notifying someone when a collection of signals come up. It can also relay specific information such as what the issue was or how it should be hunted down.
If you have a license that has this capability already, get it deployed. Don’t wait another second! If you’re in a license that is close to having it, get it deployed. Ignorance is no way to protect your system. Agile IT recommends you take full advantage of the useful data Azure ATP can share to help keep your systems more secure.
One advantage of Azure ATP is that you don’t have to get rid of your local Active Directory. If you plan on keeping it, you will need to protect it. With Azure ATP, you don’t have to deploy another management infrastructure security tool to manage that process. You may need to do some configuration in Active Directory, but you don’t have to manage servers and infrastructure.
Having this capability allows you to think about adding multiple layers to your protection. In the world of IT security, there is no one fix for all problems. Functional security demands a multi-dimensional approach with multiple solutions. You need multiple security measures. The great thing about Microsoft is that the multiple layers of security they arm you with work well with each other.
Active Directory With Azure Advanced Threat Protection
If you’re currently using a local Active Directory environment, especially if you’re re-using Office 365, there’s nothing holding you back from deploying Azure ATP. If you’re licensed for it and have a local Active Directory, you should 1000% do this. There’s no reason not to get the extra information and intelligence Azure ATP will provide you with. It makes no sense to wait on deploying this as the capabilities are a part of your license. Agile IT can help if you need assistance with the process.
As far as defending network-attached storage is concerned, you can tie Azure ATP to the radius connection for your VPN. If you’re using a VPN solution, Azure ATP can monitor that. There are some other attachments it can monitor as well. While it’s not really intended for storage, it can certainly look at unusual file-sharing activities.
Azure ATP isn’t just collecting signals to your environment, but across all Microsoft environments as well. When you set up Azure ATP to watch what’s happening in your environment, it can also view attacks on similar IP addresses as well someplace else. The great part about this capability is that when multiple ATP systems work together (i.e. Defender ATP), you can begin to detect and analyze emerging patterns. You also maximize detection during the attack stages.
Learn More About Azure Advanced Threat Protection
Having various ATPs working together protects your content, notices exploits, and catches identity attacks. Much of this technology has been around for decades, but very few people could afford it. It requires hardware and software set up along with various vendors in place to help with the implementation. They then had to make constant changes. Now? There’s increased accessibility for all these systems — not just security services, but commonality throughout the cloud that applies the system to all these other customers. Accessibility and connectivity are greater than ever before, with the accessibility maturation making the tool more valuable than ever.
Need help determining how Azure ATP can help secure your organization? Schedule a call.