Advance Threat Protection detects and helps investigate advanced attacks and insider threats across on-premises, cloud and hybrid environments. ATP is built to support the most demanding workloads of security analytics for the modern enterprise.
ATP fuses together unique machine learning algorithms, world-class security research, and the depth of the critical security data. It will help protect from both known and unknown attacks, detecting threats early before they change into actual damage.
ATP will help you protect your identity across both your cloud and on-premises directories.
By use of Intelligent Security Graph, ATP detects malicious activity by collecting multiple data sources, network traffic, event logs, VPN data, and much more to create a coherent behavioral profile for each user. Malicious activity will typically generate anomalous behavior, raising a security alert.
ATP comes with a set of deterministic models that identify both common and newly discovered implementations of attacker techniques such as Pass-the-Hash, Overpass-the-Hash, Golden Ticket and other techniques.
ATP shows the attack as a contextual alert timeline, where each individual alert includes both description of the malicious activity that triggered it, as well as the required onward response steps which should be taken.
Once the alert is triaged and shows signs that it is worthy of investigation, ATP provides you with the tools and event metadata that are needed to conduct a deeper investigation of the involved users and entities.
Additionally, you can switch to Windows Defender Advance Threat Protection which supplements the alert context with the operations performed on the involved endpoints.
Monitor your identity and network traffic:
Identify and track malicious activity immediately.
End-to-end investigation experience:
Pivot between an entity’s behavior across the organization (using ATP) and the behavior of a specific endpoint (using Windows Defender ATP).
Interested with this service?
Kindly contact us and we can protect your cyberspace