University Information Security is hosting a Microsoft Security Awareness Day on February 12, 2020.
What: Microsoft will demonstrate the functionality and use of Microsoft Defender Advanced Threat Protection (ATP), Azure Advanced Threat Protection (ATP), Office 365 Advanced Threat Protection (ATP), and Azure Information Protection (AIP).
Where: Zehmer Hall, Main Conference Room
When 8:00 to 11:30 AM (breakfast refreshments provided at 8 AM, morning session beginning at 8:30 AM)Please join us for breakfast, technical demonstrations, and a sneak peek at new Microsoft technologies
Why: UVA is now licensed for all four of these Microsoft products (as of November 2019) and therefore ITS and Information Security are exploring their possible deployment. Specifically:
- Defender ATP is being evaluated as a possible replacement for some of the agents previously deployed (such as Cylance and Carbon Black).
- Azure ATP is being used already to help protect our on premises Active Directory by helping to identify suspicious user and device activity with both known-technique detection and behavioral analytics.
- O365 ATP is being piloted to help prevent impersonation, provide safe links and safe attachments (scanning), automated threat investigations and responses, and advanced threat protection for SharePoint, Teams, and OneDrive.
- AIP is being evaluated as a modern approach to data classification and loss prevention, increasing our ability to protect sensitive documents in our on prem file systems and Microsoft 365 cloud platform.
Additional Information about these four Microsoft Products
(Click each of the product names for additional information about each product.)
Microsoft Defender Advanced Threat Protection (ATP) is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service: Endpoint behavioral sensors, Cloud security analytics, and Threat intelligence.
Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure ATP enables SecOp analysts and security professionals struggling to detect advanced attacks in hybrid environments to:
- monitor users, entity behavior, and activities with learning-based analytics
- protect user identities and credentials stored in Active Directory
- identify and investigate suspicious user activities and advanced attacks throughout the kill chain, and
- provide clear incident information on a simple timeline for fast triage
Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. ATP includes:
- Threat protection policies: Define threat-protection policies to set the appropriate level of protection for your organization.
- Reports: View real-time reports to monitor ATP performance in your organization.
- Threat investigation and response capabilities: Use leading-edge tools to investigate, understand, simulate, and prevent threats.
- Automated investigation and response capabilities: Save time and effort investigating and mitigating threats.
Azure Information Protection (AIP) is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations. The protection technology uses Azure Rights Management. This technology is integrated with other Microsoft cloud services and applications, such as Office 365 and Azure Active Directory. It can also be used with your own line-of-business applications and information protection solutions from software vendors, whether these applications and solutions are on-premises, or in the cloud.