At their Ignite conference this week, Microsoft announced the launch of their new security analytics platform that has been developed to detect advanced persistent threats using behavioural analysis of devices and end users. Advanced Threat Analytics (ATA) detects security issues and malware using security research and provides threat details on an attack timeline to help IT security professionals to target and focus on the important threats.
Using technology from their acquisition of Aorato, the on-premises platform automtically analyses and identifies suspicious behaviour through Active Directory, Microsofts’s identity management tool, an event management tool and a company’s current security information.
Idan Plotnik, former CEO at Aorato and Principal Group Manager of the ATA team at Microsoft, commented in a blog: “The ATA attack timeline is a clear, efficient and convenient feed that surfaces the right things at the right time, giving you the power of perspective on the who, what, when, why and how. ATA provides visibility like in a social network; you can search for any users, devices or resources and see their behavioural profile.”
Plotnik explained that ATA uses a “combination of detecting security issues and risks, attacks in real-time based on an attacker’s tactics, techniques and procedures, and behavioural analysis leveraging machine learning algorithms.” The new tool is able to carry out deep packet inspection, log analysis, as well as detecting APTs using Active Directory information. He added: “After building the interaction map, ATA identifies abnormal behaviour of entities, advanced attacks and security risks without the need to create rules, policies, or install desktop and server agents.”
ATA is, at the moment, in public preview.