Angriffe durch „Advanced Threat Analytics“ erkennen

SECURE YOUR ENTERPRISE

Microsoft Advanced Threat Analytics

WHAT IS CYBERCRIME?

2016 - SBA Research gGmbH

Cybercrime is…


…Money

€ 57 Billion

Damage due to cybercrime in the EU

10.000

Criminal complaints / year in Austria

$ 500 BillionEstimated cybercrime damage worldwide

Cybercrime is…


…Business

Cybercrime is…


…Sophisticated

Source: Mandiant M-Trends Report 2016

ADVANCED ATTACKS NEED ADVANCED DEFENSES

Microsoft Advanced Threat Analytics (ATA)


Threat Analytics in a Nutshell


Threat Analytics detects…

How it works


Reconnaissance


Password Guessing


The Archenemy of Windows

Pass-the-Hash

• Attacker uses stolen password hash to target clients• Search until higher privilged account is found• Compromise other systems or whole infrastructure


Kerberos Pass-the-Ticket



DEMOS

Detecting Zone Transfers, Failed OWA Logins,and Pass-The-Ticket Attacks

Andreas Tomek

SBA Research gGmbHFavoritenstraße 16, 1040 Wien+43 699 [email protected]

mailto:[email protected]

Angriffe durch „Advanced Threat Analytics“ erkennen

Technology