Last week, Microsoft announced Advanced Threat Analytics 1.6. In fact, I even wrote a blog on how to upgrade to it!

Today, we’ll walk through installing the new Lightweight gateway.

In the past, Microsoft required that you deploy a full ATA Gateway, which requires a dedicated server as well as port-mirroring setup to that Gateway server. Keep in mind that you only need Gateways pulling traffic from Read/Write Domain Controllers.

NOTE:

It is still our recommendation to deploy a traditional Gateway in a traditional datacenter or large branch office scenario. One of the biggest reasons, is that by having port-mirroring, it provides a truly separate attack vector (access to network switches) than the traditional hackers that typically are breaching the weakest thing in your environment…passwords. That being said, Lightweight Gateways do have their place:

  1. Small/Medium offices with physical infrastructure where the capital cost to deploy ATA would be too high
  2. Small/Medium offices with a small virtual footprint
  3. Domain controllers in a Private Cloud/Managed IT environments (ie Rackspace, IBM, etc
  4. Domain controllers in Public Cloud (Azure, AWS, Google Cloud, etc)

As far as sizing, you should follow the new documentation here.

ATA Lightweight Gateway Sizing

It is recommended that you use an ATA Lightweight Gateway rather than an ATA Gateway whenever possible, as long as your domain controllers comply with the sizing table listed here.

An ATA Lightweight Gateway can support the monitoring of one domain controller based on the amount of network traffic the domain controller generates.

Packets per second* CPU (cores**) Memory (GB)***
1,000 2 6
5,000 6 16
10,000 10 24

*Total number of packets-per-second on the domain controller being monitored by the specific ATA Lightweight Gateway.

**Total amount of non-hyper threaded cores that this domain controller has installed.

While hyper threading is acceptable for the ATA Lightweight Gateway, when planning for capacity, you should count actual cores and not hyper threaded cores.

***Total amount of memory that this domain controller has installed.

NOTE

If the domain controller does not have the necessary amount of resources required by the ATA Lightweight Gateway, the domain controller performance will not be effected, but the ATA Lightweight Gateway might not operate as expected.

Let’s first login to the ATA console and grab the latest Gateway installer

051016_0128_ATALightwei1.png

Unpack the ZIP and run the installer

051016_0128_ATALightwei2.png 051016_0128_ATALightwei3.png

You can see the new ATA Lightweight Gateway option

051016_0128_ATALightwei4.png

Select your cert (hopefully your CA issued Computer cert) and your domain account

051016_0128_ATALightwei5.png 051016_0128_ATALightwei6.png 051016_0128_ATALightwei7.png

Now the install is complete!

051016_0128_ATALightwei8.png

And you can see the Gateway appear (with a nice icon) auto-populated with some of the options for collection.

051016_0128_ATALightwei9.png

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>