Case in point: The Microsoft “Advanced Threat…” line of products: Microsoft Advanced Threat Analytics, Azure Advanced Threat Protection, Windows Defender Advanced Threat Protection, Office 365 Advanced Threat Protection. Within this list, there are technologies intended for either enterprise, small business or both and for on-premise, cloud or hybrid deployment.
Most importantly, they all serve different purposes and protect different areas of an organization’s infrastructure:
(Want a short version? Skip to the end for a comparison chart)
Microsoft Advanced Threat Analytics is an enterprise solution deployed on-premise to protect an organization’s networks. Microsoft ATA uses data gathered by on-premise ATA gateways, machine learning, network logs and events as well as past user and device behavior to detect suspicious activity and malicious attacks.
All information on suspicious network activities is presented by the ATA console, also hosted on-premise. Network activity reported via the ATA console could include abnormal behavior such as suspicious logins or lateral movement. Microsoft ATA can also detect malicious attacks, including brute force attacks and remote execution. Additionally, ATA can identify security risks such as weak protocols or known vulnerabilities.
Microsoft Advanced Threat Protection isn’t actually one product. There are three different Advanced Threat Protection is separate products, all of which protect different areas.
Azure ATP is the most direct comparison to Advanced Threat Analytics. Like Microsoft ATA, Azure Advanced Threat Protection protects the on-premise networks of an organization. Azure ATP uses the same types of data to identify and report the same kinds of cyberthreats.
In contrast, Azure ATP exists as a hybrid solution rather than solely on-premise. Azure ATP parses network traffic via on-premise ATP sensors, which function very similarly to ATA gateways, but all parsed data is sent to the Azure cloud for analysis and reporting. Instead of a local ATA console, all information is presented in the cloud by the Azure ATP workspace portal.
Compared to Microsoft ATA, Azure ATP provides the same function while requiring less on-premise infrastructure and compute. Furthermore, Azure ATP integrates better with Microsoft’s other security solutions. Azure ATP is included with the Enterprise + Mobility Suite E5 license.
Windows Defender Advanced Threat Protection is a unified endpoint security platform, yet another enterprise offering designed to protect an organization’s network. Included with Windows 10 Enterprise E5, Windows 10 Education E5, or Microsoft 365 E5 (which includes Windows 10 Enterprise E5), Windows Defender ATP is a hybrid solution that uses data gathered from Windows 10 endpoints, cloud security analytics and threat intelligence to protect an organization’s networks.
Windows Defender ATP is managed from the cloud via the Windows Defender ATP portal. Because network security requires a layered approach, Windows Defender ATP can work alongside other Microsoft Windows and third-party security solutions
Finally, the third ATP product is Office 365 Advanced Threat Protection. Office 365 ATP is an improvement to Exchange Online Protection. While Exchange Online Protection provides Quarantine for Office 365 mailboxes, Office 365 ATP is an email filtering service that protects organizations from unknown threats in real time using these additional features:
From the group of solutions detailed, Office 365 ATP is the first that is intended for deployment by enterprise and small business alike. Separating it further from the previously discussed offerings, Office 365 exists entirely in the cloud with no on-premise presence necessary, although it can protect local Exchange servers.
Originally an enterprise solution, Office 365 ATP is included in the Office 365 Enterprise E5 and Office 365 Education E5 subscription plans. Microsoft makes Office 365 ATP available to small business by offering it as an add-on license for select Office 365 subscriptions plans. Most recently, Microsoft has added Office 365 ATP to Microsoft 365 Business.
Solution |
What does it protect? |
Purpose |
Location |
Market |
License |
|
Microsoft ATA |
Active Directory |
On-premise threat detection, analysis and reporting |
On-premise |
Enterprise |
Varies |
|
Azure ATP |
Active Directory |
On-premise threat detection with cloud analysis and reporting |
Hybrid |
Enterprise |
Enterprise + Mobility Suite E5 |
|
Windows Defender ATP |
Desktop |
Detects, protects against, investigates and responds to advanced threats on networks |
Hybrid |
Enterprise |
Windows 10 Enterprise E5, Windows 10 Education E5, or Microsoft 365 E5 |
|
Office 365 ATP |
Cloud (email, cloud storage) |
Protects in real time organizations from unknown threats carried by incoming email |
Cloud |
Enterprise and Small Business |
Office 365 Enterprise E5 and Office 365 Education E5, or select Office 365 plans1 plus Office 365 ATP add-on, or Microsoft 365 Business |