Detecting advanced threats against Active Directory can be approached in a variety of ways. When looking at Microsoft Advanced Threat Analytics (ATA) compared to STEALTHbits StealthDEFEND for Active Directory they have the same goal and a similar approach, however, there are some key differences.
Microsoft is in a privileged position to build a threat detection solution to protect against Active Directory attacks. Their end product is similar to what you would expect from a third-party vendor.
They leverage their own network parsing engine which captures authentication, DNS and other network traffic via port mirroring on all domain controllers and DNS servers. In addition, ATA uses information from event logs to build user and device behavioral profiles which are analyzed by a machine learning algorithm to detect anomalies
Now contrast that to StealthDEFEND. StealthDEFEND uses its own agent deployed on domain controllers which audits authentication, LDAP, and all change activity which enables it to build user behavioral profiles that are analyzed by a machine learning algorithm to detect anomalies.
Where the approaches diverge is the capabilities beyond threat detection. With StealthDEFEND we felt it was critical to provide users several key things Microsoft ATA is lacking.
On the surface, Microsoft Advanced Threat Analytics and StealthDEFEND for Active Directory have the exact same goal, to provide organizations with early detection of reconnaissance activities and/or advanced attacks against Active Directory.
At STEALTHbits, our goal is to help organizations secure credentials & data. With almost 20 years of experience in enterprise software we know customers would love one less agent on their servers. This is why our agent provides a number of capabilities wrapped into a single package.
This blog highlights the difference in approach between Microsoft ATA and StealthDEFEND for Active Directory, but this is not a full list of the differences between the two products. Both Advanced Threat Analytics and StealthDEFEND are amazing products to help with the detection of threats. However it is the prevention, response, and data protection that separates StealthDEFEND for Active Directory.
STEALTHbits is happy to work with any customer based on their environment and use cases to have a more detailed understanding of how StealthDEFEND will help their organization. Schedule a demo or contact us, today.
Rod Simmons is VP of Product Strategy at STEALTHbits Technologies responsible for the vision and strategy of their Active Directory Management and Security solutions. Rod has been in the technology space for over 20 years.
Prior to joining STEALTHbits, he served as Director of Product Management at BeyondTrust responsible for the Privileged Access Management products. He has also held positions leading Solution Architects and Product Managers at Quest Software and Netpro Computing Inc.
Learn why Active Directory security should be a priority for your organization and ways to mitigate against a data breach with this free white paper!Read more
Start a Free Stealthbits Trial!
No risk. No obligation.