From: WindowsITPro
Q. What is Microsoft Advanced Threat Analytics?
A. Microsoft Advanced Threat Analytics (ATA) is based on Microsoft’s Aorato acquisition and provides a solution to help protect your organization from advanced attacks. It uses a number of methods to identify and provide alerting to attacks in your environment before they actually cause any damage. The best analogy I have heard is for credit card companies that monitor your normal usage patterns and alert you for something out of the ordinary. This is what ATA does for your organization’s security. The key methods to detect attacks are:
- Behavioral Analytics – Learning the normal patterns of users and the devices they use. Patterns outside the normal will be flagged such as using different devices or working different/longer hours. This is enabled through machine learning and data from Active Directory. A great example of this working would be the Snowden case where all of a sudden he used his credentials to access huge amounts of data instead of the regular data accessed. It uses deep packet inspection (DPI) and heuristics based on attackers Tactics, Techniques and Procedures (TTPs).
Leave a Reply