Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Data Protection

Microsoft Advanced Threat Analytics Coming in August

Microsoft said on Wednesday that its new Advanced Threat Analytics (ATA) solution will be available for general release next month.

Microsoft said on Wednesday that its new Advanced Threat Analytics (ATA) solution will be available for general release next month.

Using technology gained from Microsoft’s November 2014 acquisition of Active Directory security startup Aorato, Microsoft Advanced Threat Analytics is an on-premises security product that detects various attacks using “user and entity behavior” analytics.

According to Idan Plotnik, former CEO of Aorato and current principal group manager of the Microsoft Identity and Security Service Division, ATA uses machine learning algorithms to detect abnormal behavior, including unusual working hours, abnormal resource access, and anomalous logins.

Microsoft LogoIn addition to detecting abnormal user behavior, ATA can detect known security configuration issues and risks and advanced attacks. Attacks such as Pass-the-Ticket, Pass-the-Hash, Overpass-the-Hash, Forged PAC (MS14-068), Remote execution, Golden Ticket, Skeleton key malware, Reconnaissance, and Brute Force attacks, can be detected by ATA, the software giant said.

In a blog post, Plotnik explained that Microsoft has added new capabilities since it announced the public preview of ATA in May, including:

• Support for Windows Event Forwarding (WEF) to get events directly from servers/workstations to the ATA gateway

• Pass-The-Hash detection enhancements against corporate resources by combining DPI and logs analysis

• Enhancements for the support of non-domain joined devices (and non-Windows) for detection and visibility

Advertisement. Scroll to continue reading.

• Performance improvements to support more traffic and events with ATA Gateway

• Performance improvements to support more ATA Gateways per Center

• Automatic name resolution process to match between computer names and IP’s – this unique capability will save precious time in the investigation process and provide a strong evidence for the security analyst

• Improving our inputs from the user to automatically adjust the detection process

• Automatic detection for NAT devices

• Automatic failover in case the Domain Controller is not reachable

• System health monitoring and notifications providing the overall health state of the deployment as well as specific issues related to configuration, connectivity

• Visibility into sites and locations where entities operate

• Multi-domain support

• Support for Single Label Domains (SLT)

Those interested can still download a preview of ATA here.

Microsoft this week also released a preview of Exchange Server 2016, which will bring enhanced data loss prevention (DLP) capabilities, including 30 new sensitive information types including those common in South America, Asia, and Europe.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybersecurity Funding

CommandK announced that it has raised $3 million in a seed funding round for a solution designed to help organizations secure sensitive data.