Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Microsoft Launches Threat Analytics Solution

Microsoft announced on Monday at its first-ever Ignite Conference the launch of a new on-premises user behavior and advanced threat analytics solution.

Microsoft announced on Monday at its first-ever Ignite Conference the launch of a new on-premises user behavior and advanced threat analytics solution.

Using technology from the recently acquired Active Directory security startup Aorato, Microsoft Advanced Threat Analytics (ATA) is designed to help organizations quickly detect sophisticated attacks.

According to Microsoft, the non-intrusive solution leverages information from security information and event management (SIEM) and Active Directory, and uses deep packet inspection (DPI) technology to analyze Active Directory related network traffic. Based on this information, the product creates behavioral profiles for each user, device, and resource in an organization.

Microsoft ATA builds an interaction map representing the context and activities of each of these entities, which enables it to identify abnormal behavior, security risks, and advanced attacks without the need to install agents, or create rules and policies.

According to Idan Plotnik, former CEO of Aorato and current principal group manager of the Microsoft Identity and Security Service Division, ATA uses machine learning algorithms to detect abnormal behavior, including unusual working hours, abnormal resource access, and anomalous logins.

The expert says Microsoft ATA is capable of identifying attackers’ tactics, techniques and procedures (TTPs) in near real time. The solution should be able to spot attacks such as pass-the-hash, overpass-the-hash, pass-the-ticket, forged PAC, Skeleton Key malware, and remote execution on domain controllers. As for security risks, ATA is designed to identify protocol vulnerabilities and weaknesses, broken trust, and the exposure of passwords in clear text over the network.

Microsoft Advanced Threat Analytics is capable of detecting all phases of an attack, including the reconnaissance stage, brute force attacks on account passwords, lateral movement in the network, and identity theft, Plotnik said.

Suspicious activities and attacks detected by the product are displayed in a timeline, making it easy for security teams to understand what is happening on their networks.

Microsoft Advanced Threat Analytics is currently in public review version. Organizations are encouraged to install the product, and share their questions and feedback on the ATA discussion forum.

In addition to ATA, Microsoft announced on Monday several other new solutions designed to “empower IT professionals.” The list includes Office 365 transparency and control enhancements, Microsoft Azure Stack (next-generation hybrid cloud), Windows Update for Business, and System Center Configuration Manager.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...