SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
Microsoft
#
Advanced Threat Analytics
Microsoft releases its Advanced Threat Analytics
Wed, 2nd Sep 2015
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

Microsoft has announced that its Advanced Threat Analytics is now generally available.

Microsoft says its ATA is designed to help people detect suspicious user and entity activities, know malicious attacks and security issues.

In a recent company blog post, Idan Plotnik, principal group manager of Microsoft Advanced Threat Analytics team, says a new approach for identifying cyber-security incidents is needed.

The blind spot in IT security

“Cybersecurity attacks are more frequent and more sophisticated than ever,” Plotnik says. “We know you are now living in a world where you assume you are breached and attackers are already in your systems.

Plotnik says it is not unusual for attackers to have access to a corporate network for 200 days or more before they are discovered.

“They do this by taking advantage of privileged or non-privileged user accounts to access resources without their knowledge,” he explains. “This is a huge blind spot in most IT security systems. When the attackers use this blind spot to hide in a company's network, innovative and advanced technology is needed to detect the breach, mitigate and prevent further attacks.

After building ATA, Plotnik says he discovered two important things.

He says using only machine learning algorithms in User Behavioural Analytics is not enough to detect advanced attacks, and a more comprehensive approach is needed.

“In most cases, the algorithms will detect anomalies after the fact when there is a good chance the attacker was already successful,” he explains. ‘The way to detect advanced attacks, is through the combination of detecting security issues and risks, attacks in real-time based on TTPs, and behavioural analysis leveraging Machine learning algorithms.

“Only this combined approach gives you a comprehensive, timely view of your security posture,” Plotnik says.

Plotnik says analysis of multiple data sources is the key to detecting advanced attacks.

“Analysing logs will only tell you half the story and in the worst case will provide you false positives,” he says. “The real evidence is located in the network packets.

“This is why you need the combination of deep packet inspection (DPI), log analysis, and information from Active Directory to detect advanced attacks.

Plotnik says his team designed Microsoft Advanced Threat Analytics based on these points.

Plotnik says his team spent a ton of design and development time to make sure ATA has a simple, straightforward and fast deployment process.

Users can download the GA evaluation bits and implement ATA in their organisation now.

“We know how much pain cyber-security attacks are causing you. As a team, our goal is to innovate and help you protect your organisation from these advanced attacks,” Plotnik adds.

Related stories
Trustifi launches innovative phishing detection training for MSPs
Keeper Security launches user-friendly passphrase generator
How attackers target security blind spots: Three real-life lessons from the SOC
Kaspersky illuminates LockBit ransomware group's advanced tactics
Absolute Security focuses on cyber resilience in company rebrand
Top stories
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services
Business leaders anxious over data security – report
Half of online traffic in 2024 generated by bots, report finds