Advance Threat Protection (ATP) - Bowline Security
17323
page-template-default,page,page-id-17323,page-child,parent-pageid-17325,ajax_fade,page_not_loaded,,footer_responsive_adv,qode-theme-ver-10.1.1,wpb-js-composer js-comp-ver-5.0.1,vc_responsive
 

Advance Threat Protection (ATP)

Detection & Investigation of Advance Attacks

What is Advance Threat Protection

Advance Threat Protection detects and helps investigate advanced attacks and insider threats across on-premises, cloud and hybrid environments. ATP is built to support the most demanding workloads of security analytics for the modern enterprise.

 

ATP fuses together unique machine learning algorithms, world-class security research, and the depth of the critical security data. It will help protect from both known and unknown attacks, detecting threats early before they change into actual damage.

 

ATP will help you protect your identity across both your cloud and on-premises directories.

Detection

By use of Intelligent Security Graph, ATP detects malicious activity by collecting multiple data sources, network traffic, event logs, VPN data, and much more to create a coherent behavioral profile for each user. Malicious activity will typically generate anomalous behavior, raising a security alert.

 

ATP comes with a set of deterministic models that identify both common and newly discovered implementations of attacker techniques such as Pass-the-Hash, Overpass-the-Hash, Golden Ticket and other techniques.

Investigation

ATP shows the attack as a contextual alert timeline, where each individual alert includes both description of the malicious activity that triggered it, as well as the required onward response steps which should be taken.

 

Once the alert is triaged and shows signs that it is worthy of investigation, ATP provides you with the tools and event metadata that are needed to conduct a deeper investigation of the involved users and entities.

 

Additionally, you can switch to Windows Defender Advance Threat Protection which supplements the alert context with the operations performed on the involved endpoints. 

Try Out Advance Threat Protection

Monitor your identity and network traffic: 

Identify and track malicious activity immediately.

 

End-to-end investigation experience:

Pivot between an entity’s behavior across the organization (using ATP) and the behavior of a specific endpoint (using Windows Defender ATP).

 

Interested with this service? 

Kindly contact us and we can protect your cyberspace

Get in touch with Bowline Security. We will defend your cyber space.