Microsoft Announces Advanced Threat Analytics


On the first day of its Ignite Conference 2015, Microsoft announced a raft of their new data protection software that lets you discover threats to your organization faster than ever before.

“Here at Microsoft, we take our responsibility to keep Windows secure seriously,” said Terry Myerson, executive VP of Microsoft operating systems. “This level of commitment and support is far different than Android, for example, where Google refuses to take responsibility for updating their customers’ devices, leaving end-users and business increasingly exposed every day they use the device.”

Shots were fired. In taking a swipe at Google for failing to update consumer devices, Myerson also talked security.

The company said that attackers targeting companies were increasingly using legitimate tools: organizations are being hacked through access made with valid (albeit stolen or otherwise compromised) user credentials, rather than malware, with a Verizon report saying that more than 75 percent of breaches occur this way.

This needs a different approach to cybersecurity, according to Microsoft. It adds that new software built to sniff out irregular activity, even if it looks superficially legitimate, is necessary. In November last year, Microsoft bought enterprise security firm Aorata, and at Ignite 2015, it announced a product based on this purchase: Microsoft Advanced Threat Analytics (ATA), based on Microsoft’s “intelligent cloud” technology.

Advanced Threat Analytics

In a statement, Microsoft said ATA helps “IT security professionals identify security breaches and threats, using behavioral analysis and machine learning to provide clear, actionable information.” The fact sheet states, “The ATA system continuously goes through four steps to ensure protection: analyze, learn, detect and alert.”

Here’s how ATA is designed to work:

  • ATA technology provides an inside look at potentially harmful activity within your network by identifying suspicious user and device activity with built-in intelligence filters.
  • These intelligence filters provide feedback with clear, relevant attack information on a simple timeline.
  • ATA does this by creating a graph of the relationships and interactions of users, devices and resources.

Brad Anderson, Microsoft VP of enterprise client and mobility added that besides identifying “advanced security threats fast,” Anderson suggested you need ATA in your life because “you can adapt to the changing nature of cyber-security threats with a technology that is continuously learning. You can narrow down the most important factors using the simple attack timeline. ATA’s innovative technology reduces false positive fatigue and raises red flags only when needed.”

Additionally, ATA “detects known malicious attacks (like Pass-the-Hash, Pass-the-Ticket, Reconnaissance, etc.) and it catches known security issues like broken trust and weak protocols.”

You can try ATA here (via a preview build) or learn more about ATA here.