Microsoft’s Advanced Threat Analytics is going general-availability next month, so – as Redmond says – enterprises can more quickly spot intruders in their networks.
Since the last preview version, ATA engineering head Idan Plotnik says the framework has 13 new features to make it more scalable, with improved threat detection.
“After deployment, ATA immediately starts analysing all AD related network traffic, collecting information about entities from AD, and collecting relevant events from your Security Information and Event Management System,” Plotnik says.
“Based on this analysis, ATA builds the organisational security graph and starts detecting security issues, advanced attacks or abnormal entity behavior. When an attack is detected, ATA builds an attack timeline which makes it easy for security analysts to understand the attack and where to focus their investigation efforts.”
Plotnik, former boss of Aorato which Microsoft acquired to build ATA, says the on-premises platform detects attacks and reduces a network’s attack surface. Along with user and entity behavior analytics, it combines machine learning with information on actor tactics, techniques and procedures.
Much of the sales pitch focusses on helping security bods to reduce the 200-odd days that hackers are on average said to enjoy roaming networks before they are detected.
View full story