Microsoft Advanced Threat Analytics Description
Advanced Threat Analytics (ATA), an on-premises platform, helps protect your company from various types of advanced targeted cyberattacks and insider threats. ATA uses a proprietary network parsing engine that captures and parses network traffic from multiple protocols (such Kerberos, DNS and RPC) for authentication, authorization and information gathering. This information is collected and stored by ATA. ATA uses information from multiple sources, such logs and events in your network to learn about the behavior of users and other entities within the organization and creates a behavioral profile. Reconnaissance is where attackers gather information about the environment, assets, and entities. This is typically where attackers create plans for their next phases. This is when an attacker spends time and effort spreading their attack surface within your network.