You may have noticed that there are currently four Microsoft products with “Advanced Threat Protection” in their name:
- Azure Advanced Threat Protection
- Office 365 Advanced Threat Protection
- Windows Defender Advanced Threat Protection
- SQL Advanced Threat Protection
While each of these solutions offers value to its users, there’s been some confusion around the similar naming of these products. Let’s clear up confusion by taking a closer look at each of these products and their features, benefits, and intended use cases.
Office 365 Advanced Threat Protection
At its core, Office 365 Advanced Threat Protection is a cloud-based email filtering system that complements the built-in security features of Exchange Online Protection which is the default email scanning engine in Office 365. This solution helps protect your business systems from incoming malware and viruses, as well as provides robust reporting and URL trace capabilities that provide your company administrators rich insight into cyber-attacks that are being waged against your business.
Additionally, Office 365 Advanced Threat Protection comes with Safe Attachments to help prevent malicious attachments from impacting your environment and anti-phishing capabilities that detect phishing attacks. With Safe Attachments, all attachments are put in a detonation chamber before being sent to recipients. This helps to prevent zero-day attacks. The anti-phishing technology applies a set of machine learning models with detection algorithms to incoming messages. All messages are subject to an extensive set of models trained to detect phishing messages. This helps protects your organization from impersonation attacks.
Office 365 Advanced Threat Protection helps to protect your business by scanning links in real time and presenting your users with a warning when they try to access it. If the user chooses to proceed with viewing the suspicious link, your company administrator receives notification via reporting for tracking purposes. With this, you can gain rich insights into whom is being targeted at your organization, who is opening suspicious links and putting your company at risk of a cyber-attack, and where further awareness training may be needed.
Beyond safeguarding your employees’ email inboxes, this product also provides comprehensive protection for:
Office 365 Advanced Threat Protection is sold a la carte, as part of the Office 365 E5 package, or as part of the Microsoft 365 E5 package. If you have a subscription to a qualifying Exchange or Office 365 plan, you can add Office 365 Advanced Threat Protection for $2 per user per month.
Windows Defender Advanced Threat Protection
Windows Defender Advanced Threat Protection (ATP) is a security solution that empowers administrators to detect, investigate, and respond to complex threats to their networks. Windows Defender ATP is an endpoint security platform that identifies and centralizes threat information then sends that information back to Microsoft. With a consolidated archive of threat information, Microsoft will share the information about the threat and make the entire Windows Defender ATP system stronger. This is a powerful product that makes Windows more secure than ever before.
Windows Defender Advanced Threat Protection uses analytics stored in the cloud to quickly adapt to changing threats to your systems and deploy new defenses in real time. The solution keeps tabs on your system’s overall security status and provides you with actionable recommendations to help further reduce your vulnerability to attack.
Using this product, each device has its own historical timeline with security events recorded for the past 6 months. Microsoft has made it easy to integrate this product with a wide range of operating systems, including Mac OS, Linux, iOS, and Android (additional license needed). In this way, you can record historical events from these operating systems to help with forensic analysis with no additional infrastructure.
Windows Defender Advanced Threat Protection is sold as part of Windows 10 Enterprise E5 or as part of the Microsoft 365 E5 package.
Azure Advanced Threat Protection
Azure Advanced Threat Protection is a cloud service that helps detect and investigate advanced attacks and insider threats across your entire network. This product retains the benefits of the on-premise Advanced Threat Analytics (ATA) solution and moves them to the cloud.
Because it uses the cloud and Azure scale, it can support the most demanding workloads of security analytics of today’s largest enterprise organizations.
Azure Advanced Threat Protection searches your networks for 3 main types of attacks:
- Malicious attacks
- Abnormal behavior
- Security issues and risks
Azure Advanced Threat Protection uses data across multiple data sources, including logs and events within your networks, to understand the behavior of your users and other entities in order to build a rich behavioral profile that accurately represents them. This information is presented in the Azure Advanced Threat Protection workspace portal that gives you a clear view of the who, what, when, and how of security incidents in your organization.
Azure Advanced Threat Protection is available as part of the Enterprise Mobility + Security E5 bundle, the Microsoft 365 E5 bundle, or as a stand-alone SKU for $5.50 per user per month.
SQL – Advanced Threat Protection
SQL Advanced Threat Protection (ATP) offers three new features that improve the overall security of your database. The three features, data discovery & classification, vulnerability assessment and threat detection are explained in detail below:
- Data Discovery & Classification provides capabilities built into Azure SQL Database for discovering, classifying, labeling & protecting the sensitive data in your databases. It can be used to provide visibility into your database classification state, and to track the access to sensitive data within the database and beyond its borders.
- Vulnerability Assessment is an easy to configure service that can discover, track, and help you remediate potential database vulnerabilities. It provides visibility into your security state, and includes actionable steps to resolve security issues, and enhance your database fortifications.
- Threat Detection detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit your database. It continuously monitors your database for suspicious activities and provides immediate security alerts on potential vulnerabilities, SQL injection attacks, and anomalous database access patterns. Threat Detection alerts provide details of the suspicious activity and recommend action on how to investigate and mitigate the threat.
SQL Advanced Threat Protection (ATP) pricing aligns with Azure Security Center standard tier at $15/node/month, where each protected SQL Database server is counted as one node. The first 60 days after enablement are considered a free trial period and are not charged.
Complementary Advanced Threat Protection Solutions
Despite their similar names, these four products are quite distinct. They should be used in tandem for additional layers of protection such as integrating Azure ATP for detecting identity issues across hybrid networks, Windows Defender ATP for protecting devices and associated endpoints and for adding the ability to monitor multiple entry points on devices associated with your network. Office Advanced Threat Protection watches incoming email and protects users against malicious web links. Layered threat protection provides your business with multiple security options to prevent dangerous security breaches.
Securing the pathways to and from your data is just as important as protecting the data itself. That’s where SQL ATP with its Data Discovery & Classification, Vulnerability Assessment, and Threat Detection capabilities ensures your business’s data is just as safe as the users accessing it.