Story image

Microsoft releases its Advanced Threat Analytics

02 Sep 15

Microsoft has announced that its Advanced Threat Analytics is now generally available. 

Microsoft says its ATA is designed to help people detect suspicious user and entity activities, know malicious attacks and security issues. 

In a recent company blog post, Idan Plotnik, principal group manager of Microsoft Advanced Threat Analytics team, says a new approach for identifying cyber-security incidents is needed.

The blind spot in IT security

“Cybersecurity attacks are more frequent and more sophisticated than ever,” Plotnik says. “We know you are now living in a world where you assume you are breached and attackers are already in your systems.”

Plotnik says it is not unusual for attackers to have access to a corporate network for 200 days or more before they are discovered. 

“They do this by taking advantage of privileged or non-privileged user accounts to access resources without their knowledge,” he explains. “This is a huge blind spot in most IT security systems. When the attackers use this blind spot to hide in a company's network, innovative and advanced technology is needed to detect the breach, mitigate and prevent further attacks.”

After building ATA, Plotnik says he discovered two important things.

He says using only machine learning algorithms in User Behavioural Analytics is not enough to detect advanced attacks, and a more comprehensive approach is needed.

“In most cases, the algorithms will detect anomalies after the fact when there is a good chance the attacker was already successful,” he explains. ‘The way to detect advanced attacks, is through the combination of detecting security issues and risks, attacks in real-time based on TTPs, and behavioural analysis leveraging Machine Learning algorithms. 

“Only this combined approach gives you a comprehensive, timely view of your security posture,” Plotnik says.

Plotnik says analysis of multiple data sources is the key to detecting advanced attacks.

“Analysing logs will only tell you half the story and in the worst case will provide you false positives,” he says. “The real evidence is located in the network packets.

“This is why you need the combination of deep packet inspection (DPI), log analysis, and information from Active Directory to detect advanced attacks.”

Plotnik says his team designed Microsoft Advanced Threat Analytics based on these points.

Plotnik says his team spent a ton of design and development time to make sure ATA has a simple, straightforward and fast deployment process. 

Users can download the GA evaluation bits and implement ATA in their organisation now. 

“We know how much pain cyber-security attacks are causing you. As a team, our goal is to innovate and help you protect your organisation from these advanced attacks,” Plotnik adds. 

SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.
What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”