Story image

Microsoft releases its Advanced Threat Analytics

02 Sep 2015

Microsoft has announced that its Advanced Threat Analytics is now generally available. 

Microsoft says its ATA is designed to help people detect suspicious user and entity activities, know malicious attacks and security issues. 

In a recent company blog post, Idan Plotnik, principal group manager of Microsoft Advanced Threat Analytics team, says a new approach for identifying cyber-security incidents is needed.

The blind spot in IT security

“Cybersecurity attacks are more frequent and more sophisticated than ever,” Plotnik says. “We know you are now living in a world where you assume you are breached and attackers are already in your systems.”

Plotnik says it is not unusual for attackers to have access to a corporate network for 200 days or more before they are discovered. 

“They do this by taking advantage of privileged or non-privileged user accounts to access resources without their knowledge,” he explains. “This is a huge blind spot in most IT security systems. When the attackers use this blind spot to hide in a company's network, innovative and advanced technology is needed to detect the breach, mitigate and prevent further attacks.”

After building ATA, Plotnik says he discovered two important things.

He says using only machine learning algorithms in User Behavioural Analytics is not enough to detect advanced attacks, and a more comprehensive approach is needed.

“In most cases, the algorithms will detect anomalies after the fact when there is a good chance the attacker was already successful,” he explains. ‘The way to detect advanced attacks, is through the combination of detecting security issues and risks, attacks in real-time based on TTPs, and behavioural analysis leveraging Machine Learning algorithms. 

“Only this combined approach gives you a comprehensive, timely view of your security posture,” Plotnik says.

Plotnik says analysis of multiple data sources is the key to detecting advanced attacks.

“Analysing logs will only tell you half the story and in the worst case will provide you false positives,” he says. “The real evidence is located in the network packets.

“This is why you need the combination of deep packet inspection (DPI), log analysis, and information from Active Directory to detect advanced attacks.”

Plotnik says his team designed Microsoft Advanced Threat Analytics based on these points.

Plotnik says his team spent a ton of design and development time to make sure ATA has a simple, straightforward and fast deployment process. 

Users can download the GA evaluation bits and implement ATA in their organisation now. 

“We know how much pain cyber-security attacks are causing you. As a team, our goal is to innovate and help you protect your organisation from these advanced attacks,” Plotnik adds. 

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.