At the beginning of May 2015 Microsoft released a preview of its Advanced Threat Analytics (ATA), a new security tool designed to detect and eliminate attacks based on behavior analysis. The system monitors user activity and system traffic to create behavior profiles. If (or when, since security measures require some degree of pessimism) anomalies occur, the system creates an “attack timeline” of events organized by recency and analyzed in context to prevent unnecessary alerts.
ATA is equipped to detect malicious attacks, including Pass-the-Hash, Golden Ticket, and Skeleton Key Malware, among others. These are most often marked by password monkey business, particularly Pass-the-Hash, a hacking technique that uses the underlying authentication protocols of a password to access protected data. A primary function of ATA is detecting high numbers of password attempts, which alerts the administrator to an attack and prevents infiltration while keeping irrelevant alerts minimal. Supposing that Smitty over in cubicle 2 incorrectly enters his password several times before he manages to break into his own account every day, ATA will adapt to this behavior and it will not be presented as a threat until Smitty requires a few hundred attempts, at which point it is safe to say he should either seek a different profession or he has become the unwitting front for an attacker.
Other features of ATA include an Organizational Security Graph, which maps typical activities and assists anomaly detection, SIEM integration for additional security, and seamless deployment throughout the network to reduce obnoxious installations. Microsoft claims its product will reduce the average 200 day attack response time (eliminate would be ideal, but those who expect perfection are often met with disappointment and those who claim perfection are often met with legal action). To test the product, Microsoft’s preview is available here and a detailed outline of the product can be found here.
To have additional tips and technology information sent right to your inbox, SIGN UP FOR OUR NEWSLETTER.