Virtual Event Today: Cloud & Data Security Summit - Join Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Microsoft Acquires Active Directory Security Startup Aorato

Microsoft has acquired Israeli cyber security startup Aorato, a company focused on protecting Active Directory deployments.

The Herzelia, Israel-based company makes an “Directory Services Application Firewall” (DAF) which analyzes Active Directory-related traffic to detect attacks.

Microsoft has acquired Israeli cyber security startup Aorato, a company focused on protecting Active Directory deployments.

The Herzelia, Israel-based company makes an “Directory Services Application Firewall” (DAF) which analyzes Active Directory-related traffic to detect attacks.

Offered as a virtual or physical appliance, DAF utilizes port mirroring and integrates alongside Active Directory without affecting an existing network topology.

However, Aorato said that it would stop selling the product following the acquisition, which has been rumored to be around $200 million.

“With this acquisition, we will cease selling our Directory Services Application Firewall (DAF) product,” Aorato said in a post to its website Thursday. “As part of Microsoft, we will share more on the future direction and packaging of these capabilities at a later time.”

Takeshi Numoto, Corporate Vice President, Cloud and Enterprise Marketing at Microsoft, confirmed the acquisition on Thursday and explained some of the reasoning behind Microsoft’s decision to purchase the enterprise security software maker.

Advertisement. Scroll to continue reading.

“We are making this acquisition to give customers a new level of protection against threats through better visibility into their identity infrastructure,” Numoto wrote in on the Official Microsoft Blog Nov. 13. “With Aorato we will accelerate our ability to give customers powerful identity and access solutions that span on-premises and the cloud, which is central to our overall hybrid cloud strategy.”

“Companies need new, intelligent solutions to help them adapt and defend themselves inside the network, not just at its edge,” Numoto continued.

“Aorato’s sophisticated technology uses machine learning to detect suspicious activity on a company’s network. It understands what normal behavior is and then identifies anomalies, so a company can quickly see suspicious behavior and take appropriate measures to help protect itself. Key to Aorato’s approach is the Organizational Security Graph, a living, continuously-updated view of all of the people and machines accessing an organization’s Windows Server Active Directory (AD).”

With Active Directory used by most enterprises, Numoto explained that most of Microsoft’s customers should be able to easily take advantage of Aorato’s technology.

“This will complement similar capabilities that we have developed for Azure Active Directory, our cloud-based identity and access management solution,” he said.

Researchers from Aorato have uncovered several security vulnerabilities in Microsoft’s Active Directory offering, including a flaw that could be exploited by an attacker to change a targeted user’s password. Back in May, the company found that disabled user accounts could remain valid for up to 10 hours after being revoked, giving attackers the opportunity to leverage them to access an organization’s network.  

Tal Be’ery, VP of Research at Aorato, has been a SecurityWeek columnist since 2012.

“We are excited about the technology that Aorato has built and, especially, the people joining the Microsoft team through this acquisition,” Numoto said.

Investors in Aorato include VC firms Accell Partners, Glilot Capital Partners, Google Chairman Eric Schmidt’s Innovation Endeavors, and individuals including Rakesh Loonkar and Mickey Boodaei.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

N-able has appointed Russell Rosa as Chief Revenue Officer.

Stacy O'Mara has joined Armadin as Chief Policy Officer and Director of Global Government Affairs.

F5 has appointed Cathy Peterman as Chief People Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.