Advanced Threat Analytics ATA version 1.7 64-bit (Multilanguage) - Microsoft Imagine

Advanced Threat Analytics ATA version 1.7 64-bit (Multilanguage) - Microsoft Imagine


Microsoft Corporation



Delivery Type:


Available to:

Academic Users

Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats.

How ATA works

ATA takes information from multiple data-sources from logs and events in your network to learn the behavior of users and other entities in the organization and build a behavioral profile about them. ATA can receive events and logs from:
  • SIEM Integration
  • Windows Event Forwarding (WEF)
In addition, ATA leverages a proprietary network parsing engine to capture and parse network traffic of multiple protocols (such as Kerberos, DNS, RPC, NTLM and others) for authentication, authorization and information gathering. This information is collected by ATA via:
  • Port mirroring from Domain Controllers and DNS servers to the ATA Gateway
  • Deploying an ATA Lightweight Gateway (LGW) directly on Domain Controllers

What does ATA do?

ATA technology detects multiple suspicious activities, focusing on several phases of the cyber-attack kill chain including:
  • Reconnaissance, during which attackers are gathering information on how the environment is built, what are the different assets and entities which exist and are generally building their plan for the next phases of the attack.
  • Lateral movement cycle, during which an attacker invests time and effort in spreading their attack surface inside your network.
  • Domain dominance (persistence), during which an attacker captures the information allowing them to resume their campaign using various set of entry points, credentials and techniques.
These phases of a cyber attack are similar and predictable, no matter what type of company is under attack or what type of information is being targeted. ATA searches for three main types of attacks: Malicious attacks, abnormal behavior and security issues and risks.
Malicious attacks are detected deterministically, by looking for the full list of known attack types including:
  • Pass-the-Ticket (PtT)
  • Pass-the-Hash (PtH)
  • Overpass-the-Hash
  • Forged PAC (MS14-068)
  • Golden Ticket
  • Malicious replications
  • Reconnaissance
  • Brute Force
  • Remote execution
ATA detects these suspicious activities and surfaces the information in the ATA Console including a clear view of Who, What, When and How. As you can see, by monitoring this simple, user-friendly dashboard, you are alerted that ATA suspects that a Pass-the-Hash attack was attempted on Client 1 and Client 2 computers in your network.

Advanced Threat Analytics (ATA) version 1.7

Preinstall Information

  1. Review the Prerequisites.
  2. Perform capacity planning
  3. Register, then download and install.

For more information, please review the Microsoft Advanced Threat Analytics documentation.

Loading... Loading...