Connect with us

Hi, what are you looking for?


Application Security

Microsoft Acquires Active Directory Security Startup Aorato

Microsoft has acquired Israeli cyber security startup Aorato, a company focused on protecting Active Directory deployments.

The Herzelia, Israel-based company makes an “Directory Services Application Firewall” (DAF) which analyzes Active Directory-related traffic to detect attacks.

Microsoft has acquired Israeli cyber security startup Aorato, a company focused on protecting Active Directory deployments.

The Herzelia, Israel-based company makes an “Directory Services Application Firewall” (DAF) which analyzes Active Directory-related traffic to detect attacks.

Offered as a virtual or physical appliance, DAF utilizes port mirroring and integrates alongside Active Directory without affecting an existing network topology.

However, Aorato said that it would stop selling the product following the acquisition, which has been rumored to be around $200 million.

“With this acquisition, we will cease selling our Directory Services Application Firewall (DAF) product,” Aorato said in a post to its website Thursday. “As part of Microsoft, we will share more on the future direction and packaging of these capabilities at a later time.”

Takeshi Numoto, Corporate Vice President, Cloud and Enterprise Marketing at Microsoft, confirmed the acquisition on Thursday and explained some of the reasoning behind Microsoft’s decision to purchase the enterprise security software maker.

“We are making this acquisition to give customers a new level of protection against threats through better visibility into their identity infrastructure,” Numoto wrote in on the Official Microsoft Blog Nov. 13. “With Aorato we will accelerate our ability to give customers powerful identity and access solutions that span on-premises and the cloud, which is central to our overall hybrid cloud strategy.”

Advertisement. Scroll to continue reading.

“Companies need new, intelligent solutions to help them adapt and defend themselves inside the network, not just at its edge,” Numoto continued.

“Aorato’s sophisticated technology uses machine learning to detect suspicious activity on a company’s network. It understands what normal behavior is and then identifies anomalies, so a company can quickly see suspicious behavior and take appropriate measures to help protect itself. Key to Aorato’s approach is the Organizational Security Graph, a living, continuously-updated view of all of the people and machines accessing an organization’s Windows Server Active Directory (AD).”

With Active Directory used by most enterprises, Numoto explained that most of Microsoft’s customers should be able to easily take advantage of Aorato’s technology.

“This will complement similar capabilities that we have developed for Azure Active Directory, our cloud-based identity and access management solution,” he said.

Researchers from Aorato have uncovered several security vulnerabilities in Microsoft’s Active Directory offering, including a flaw that could be exploited by an attacker to change a targeted user’s password. Back in May, the company found that disabled user accounts could remain valid for up to 10 hours after being revoked, giving attackers the opportunity to leverage them to access an organization’s network.  

Tal Be’ery, VP of Research at Aorato, has been a SecurityWeek columnist since 2012.

“We are excited about the technology that Aorato has built and, especially, the people joining the Microsoft team through this acquisition,” Numoto said.

Investors in Aorato include VC firms Accell Partners, Glilot Capital Partners, Google Chairman Eric Schmidt’s Innovation Endeavors, and individuals including Rakesh Loonkar and Mickey Boodaei.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Thirty-five cybersecurity-related M&A deals were announced in February 2023


Forty cybersecurity-related M&A deals were announced in January 2023.


Seventeen cybersecurity-related M&A deals were announced in the first half of February 2023.