SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Wed, 2nd Sep 2015
FYI, this story is more than a year old

Microsoft has announced that its Advanced Threat Analytics is now generally available.

Microsoft says its ATA is designed to help people detect suspicious user and entity activities, know malicious attacks and security issues.

In a recent company blog post, Idan Plotnik, principal group manager of Microsoft Advanced Threat Analytics team, says a new approach for identifying cyber-security incidents is needed.

The blind spot in IT security

“Cybersecurity attacks are more frequent and more sophisticated than ever,” Plotnik says. “We know you are now living in a world where you assume you are breached and attackers are already in your systems.

Plotnik says it is not unusual for attackers to have access to a corporate network for 200 days or more before they are discovered.

“They do this by taking advantage of privileged or non-privileged user accounts to access resources without their knowledge,” he explains. “This is a huge blind spot in most IT security systems. When the attackers use this blind spot to hide in a company's network, innovative and advanced technology is needed to detect the breach, mitigate and prevent further attacks.

After building ATA, Plotnik says he discovered two important things.

He says using only machine learning algorithms in User Behavioural Analytics is not enough to detect advanced attacks, and a more comprehensive approach is needed.

“In most cases, the algorithms will detect anomalies after the fact when there is a good chance the attacker was already successful,” he explains. ‘The way to detect advanced attacks, is through the combination of detecting security issues and risks, attacks in real-time based on TTPs, and behavioural analysis leveraging Machine learning algorithms.

“Only this combined approach gives you a comprehensive, timely view of your security posture,” Plotnik says.

Plotnik says analysis of multiple data sources is the key to detecting advanced attacks.

“Analysing logs will only tell you half the story and in the worst case will provide you false positives,” he says. “The real evidence is located in the network packets.

“This is why you need the combination of deep packet inspection (DPI), log analysis, and information from Active Directory to detect advanced attacks.

Plotnik says his team designed Microsoft Advanced Threat Analytics based on these points.

Plotnik says his team spent a ton of design and development time to make sure ATA has a simple, straightforward and fast deployment process.

Users can download the GA evaluation bits and implement ATA in their organisation now.

“We know how much pain cyber-security attacks are causing you. As a team, our goal is to innovate and help you protect your organisation from these advanced attacks,” Plotnik adds.