Microsoft Advanced Threat Analytics for Protecting AD Now Available

Microsoft's Advanced Threat Analytics uses machine learning to help enterprises spot suspect behavior associated with leaked user credentials.  

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Microsoft Advanced Threat Analytics

As promised, Microsoft officially released its Advanced Threat Analytics (ATA) product for Active Directory in August, Alex Simons, director of program management for the company's Identity and Security Services unit, announced in a brief Aug. 26 statement.

"You can download the GA [generally availability] evaluation bits and implement ATA in your organization," wrote Simons. To help administrators incorporate the technology into their Active Directory environments, the company has created a Microsoft Security TechCenter "discussion forum where you can post your questions and feedback," he added. The company also launched a dedicated TechNet blog for the product.

The software, which is deployed on-premises, is based on technology from last year's acquisition of Aorato, a provider of Active Directory (AD) security software. Microsoft Advanced Threat Analytics employs machine learning, user behavioral analytics and information on a massive stockpile of known threats to combat identity-based attacks and breaches that can put an organization's data at risk.

Usernames and passwords are the currency of malicious hackers who sometimes resort to highly personalized phishing emails and sophisticated social engineering techniques to trick users into forking over their access information. ATA relies on a technology called User and Entity Behavioral Analytics (UEBA) to spot behavior that is out of the norm, alerting administrators to potential breaches and enabling them to shut down such attempts quickly and without having to pore over security logs.

Microsoft feels that ATA can help put an end to leaks caused by stolen credentials and other security mishaps that can prove costly to businesses. Compromised credentials are responsible for more than 75 percent of network intrusions, according to the software giant.

And for enterprises, the cost of those intrusions is quickly adding up. Data breaches are costing companies an average of $3.5 million, Microsoft claims. All told, cyber-crime is taking an estimated $500 million—a half-trillion dollars—out of the global economy each year.

ATA is one example of Microsoft focusing its enterprise security and management efforts on the user.

On Aug. 17, the company announced that it had enabled a new one-step mobile-device management (MDM) enrollment feature on its new Windows 10 that streamlines the process of on-boarding devices running the new operating system. Powered by Azure Active AD and Intune, the capability makes "it drop-dead simple to bring devices into a well-managed state that complies with your corporate policies," Alex Simons, director of program management at Microsoft's Identity and Security Services Division, said in a statement.

Giving the boot to devices that are breaking the rules is just as simple, boasted Microsoft Program Manager Mahesh Unnikrishnan. "When a device is found to be out of compliance, Azure AD's conditional access control engine will block access to users for applications that require compliant devices. In this scenario, an 'access denied' message will be displayed to end users," wrote Unnikrishnan in a company blog post.

In June, Microsoft rolled out a new reporting option for Azure Active Directory Premium. By glancing at the new Users with Leaked Credentials view, administrators can see if any of their users' credentials are present in publicly posted lists.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...