Microsoft Advanced Threat Analytics vs. Advanced Threat Protection: What’s the difference?
Microsoft has cybersecurity products for every area of your network from on premise servers to desktops to cloud email and storage. However, when you read through a list of names for some of the available security solutions from Microsoft, there might be confusion as to the intended use for each—mostly because the names are all so similar.
Case in point: The Microsoft “Advanced Threat…” line of products: Microsoft Advanced Threat Analytics, Azure Advanced Threat Protection, Windows Defender Advanced Threat Protection, Office 365 Advanced Threat Protection. Within this list, there are technologies intended for either enterprise, small business or both and for on premise, cloud or hybrid deployment.
Most importantly, they all serve different purposes and protect different areas of an organization’s infrastructure:
Microsoft Advanced Threat Analytics is an enterprise solution deployed on premise to protect an organization’s networks. Microsoft ATA uses data gathered by on premise ATA gateways, machine learning, network logs and events as well as past user and device behaviour to detect suspicious activity and malicious attacks.
All information on suspicious network activities is presented by the ATA console, also hosted on premise. Network activity reported via the ATA console could include abnormal behaviour such as suspicious logins or lateral movement. Microsoft ATA can also detect malicious attacks, including brute force attacks and remote execution. Additionally, ATA can identify security risks such as weak protocols or known vulnerabilities.
Microsoft Advanced Threat Protection isn’t actually one product. There are three different Advanced Threat Protection is separate products, all of which protect different areas.
Azure ATP is the most direct comparison to Advanced Threat Analytics. Like Microsoft ATA, Azure Advanced Threat Protection protects the on premise networks of an organization. Azure ATP uses the same types of data to identify and report the same kinds of cyber threats.
In contrast, Azure ATP exists as a hybrid solution rather than solely on premise. Azure ATP parses network traffic via on premise ATP sensors, which function very similarly to ATA gateways, but all parsed data is sent to the Azure cloud for analysis and reporting. Instead of a local ATA console, all information is presented in the cloud by the Azure ATP workspace portal.
Compared to Microsoft ATA, Azure ATP provides the same function while requiring less on premise infrastructure and compute. Furthermore, Azure ATP integrates better with Microsoft’s other security solutions. Azure ATP is included with the Enterprise + Mobility Suite E5 license.
Windows Defender Advanced Threat Protection is a unified endpoint security platform, yet another enterprise offering designed to protect an organization’s network. Included with Windows 10 Enterprise E5, Windows 10 Education E5, or Microsoft 365 E5 (which includes Windows 10 Enterprise E5), Windows Defender ATP is a hybrid solution that uses data gathered from Windows 10 endpoints, cloud security analytics and threat intelligence to protect an organization’s networks.
Windows Defender ATP is managed from the cloud via the Windows Defender ATP portal. Because network security requires a layered approach, Windows Defender ATP can work alongside other Microsoft Windows and third-party security solutions
Finally, the third ATP product is Office 365 Advanced Threat Protection. Office 365 ATP is an improvement to Exchange Online Protection. While Exchange Online Protection provides Quarantine for Office 365 mailboxes, Office 365 ATP is an email filtering service that protects organizations from unknown threats in real time using these additional features:
From the group of solutions detailed, Office 365 ATP is the first that is intended for deployment by enterprise and small business alike. Separating it further from the previously discussed offerings, Office 365 exists entirely in the cloud with no on premise presence necessary, although it can protect local Exchange servers.
Originally an enterprise solution, Office 365 ATP is included in the Office 365 Enterprise E5 and Office 365 Education E5 subscription plans. Microsoft makes Office 365 ATP available to small business by offering it as an add-on license for select Office 365 subscriptions plans. Most recently, Microsoft has added Office 365 ATP to Microsoft 365 Business.
|Azure Active Directory Datasheet|
|Microsoft OA-ATD Implementing Advanced Threat Analytics datasheet|
|Microsoft advanced threat analytics datasheet|
|MS ATP Glossary|