Microsoft ATA [EOL] Review

Good integration, simple to maintain, and very stable

What is our primary use case?

The solution does all my checks and handles all my domain controllers, and DNS, and integrates with the teams well. Basically, I get to forward some of the notes that ATA generates to my team so I can see them all in a single tool.

What is most valuable?

I like the fact that it looks for some of those very, very obscure techniques and attacks like golden tickets. Those are kind of very, very difficult attacks to spot. Not all of the teams that I worked with in the past had the ability to do that. With Microsoft ATA I was able to have visibility over those kinds of techniques and attacks. 

What needs improvement?

I would say sometimes it gets a little bit cumbersome to upkeep. Sometimes it's heavy to upkeep, however, that's about it in terms of my feedback of any weaknesses. I don't have any major complaints.

There are occasions where it generates some false positives and you have to embark into figuring it out. You need to find out if it was a true alert or a false positive. It's a little bit cumbersome in that area.

I would like more integration with Microsoft, and security solutions better.

For how long have I used the solution?

I've been using the solution for a couple of years.

What do I think about the stability of the solution?

The stability of the solution is very good.

What do I think about the scalability of the solution?

Scalability shouldn't be a problem, at least for the size of network team that I work with. 

Right now we have between 400 and 500 users. This is deployed in a network that is actually about 500 users.

We don't plan to increase usage. We're already using it as fully as we can and we don't have any more room. We might look at all the Microsoft programs that relate to office 365, like the ATP, because there is a difference between the ATA and the ATP. We are going to look and see whether there's any gaps that we can close. I think if you compare ATA with the actual ATP it's basically the same functionality. One is more on-premises versus the cloud. Since we are progressively in moving to the cloud, we might look at the ATP, which integrates better with the Microsoft cloud.

How are customer service and technical support?

They do have good support. I don't think I have a problem with it at all. We have been able to work out any issues fairly quickly. Again, they have good documentation and there's a lot of how-tos. It's being used by a lot of organizations, so there is a lot of information already in the system that you can research.

How was the initial setup?

I wouldn't say the initial setup was straightforward, but it was well documented. Microsoft has good documentation. If you follow it, you have good chance of succeeding. If you deviate from it, you have good chances of never getting there.

Basically we had a planning phase. We laid it all out including how we were going to architect it, and then we deployed the gateway. It was a phased approach. We deployed the ATA lightweight gateway and each domain controller and did the port mirroring and all that.  

It took us, I think, from the planning phase, about three to five days going back and forth. The deployment phase that followed was maybe another three days. After that it was just tweaking, to make sure that we got to fine-tuning down.

We had two architects, two engineers, and then the help desk personnel, which maintains the solution. We used a network architect. We had a systems engineer and then we had the server techs. In total, at any given time, there were about four or five people helping.

What's my experience with pricing, setup cost, and licensing?

I believe we are looking into new licenses. They may be called the E5. Honestly, I don't have it on top of my mind, but I think it's around seven to $10 a user per month.

What other advice do I have?

My sister company is a Microsoft solution provider.

I'm unsure of version of the solution we are using. It might be the most current. What I remember is we were discussing updates recently and the ATA version we were using then was 1.9.

My advice to other users is to spend a good deal of time planning. It pays off at the end. Brainstorm and come up with different scenarios. Write a plan and then write up a backup plan, so if you go into the deployment phase and you run into an issue, and you don't know how to resolve it, you have an exit plan. That way you can go back to the drawing board.  

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?


Which version of this solution are you currently using?

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner/ Reseller
Find out what your peers are saying about Microsoft, Splunk, Varonis and others in User Behavior Analytics - UEBA. Updated: July 2021.
523,372 professionals have used our research since 2012.
Add a Comment
ITCS user