In an episode of Microsoft Mechanics, a new videi look at how Microsoft Advanced Threat Analytics (ATA) detects advanced attacks and insider threats in an environment. The video explain real attack techniques used by advanced attackers worldwide, and how ATA detects them in near real-time.
ATA integrates with existing SIEM solution, and automatically receives new updates, including new behavioral detections, using Microsoft Update infrastructure. And, its robust notification engine, let you configure notifications to be sent either via email or via syslog to existing SIEM solution.
It works by combining analysis of network traffic, events, and pulling contextual data about the entities from directory, such as group memberships, titles, and manager information. It also analyze behavior of each user and computer in the organization with application layer of network protocols. Once network traffic is parsed, user and computer information is extended using information from your organization’s Active Directory.
This information is then sent to ATA Center, where it is profiled and used in multiple behavioral algorithms, such as clustering, decision trees creations, and peer group analysis. It’s then processed in real-time using multiple detection techniques to correlate specific activity to the entity’s behavior, and assess in real-time whether the behavior is malicious or benign. The detected suspicious activity is then visualized in a clear attack timeline where you can investigate the who, what, when, and how of the attack. This timeline also provides detailed information about each suspicious activity, including the raw network and event activities deemed suspicious, in the form of an excel report.
Watch the video to learn more about the ATA:
Download Microsoft Advanced Threat Analytics here.
Microsoft also posted a year in review of Intune, that offer a diverse set of tools for managing complex mobile environment and empowering a workforce on the move.
Intune’s innovative combination of mobile application and device management options gives you flexibility in how you manage and secure mobile productivity.
“Our cloud service model gives you many advantages. It eliminates the need to plan, purchase, and maintain on-premises hardware and infrastructure, lowering costs and making your day-to-day management experience much easier,” writes the team.
Check out our Intune 2016 year in review to see a list of features, innovations, and product news that we released in 2016.