Microsoft Buys Aorato in Move to Secure Active Directory

Aiming to beef up Active Directory security, Microsoft has acquired Aorato, a Herzelia, Israel-based security software company.

Financial terms were not officially disclosed. However, insiders told The Wall Street Journal that Microsoft parted with approximately $200 million to snap up the hybrid-cloud security specialist.

“We are making this acquisition to give customers a new level of protection against threats through better visibility into their identity infrastructure,” Takeshi Numoto, corporate vice president of Microsoft Cloud and Enterprise Marketing, said in a statement. “With Aorato, we will accelerate our ability to give customers powerful identity and access solutions that span on-premises and the cloud, which is central to our overall hybrid cloud strategy.”

In a brief statement posted on its Website, Aorato said, “Microsoft gives us a unique opportunity to pursue this vision, and help customers at the broadest possible scale. With this acquisition, we will cease selling our Directory Services Application Firewall (DAF) product.”

The deal comes after Aorato unearthed an AD vulnerability this summer.

In July, the company found a flaw that could allow an attacker to change user passwords while remaining undetected, potentially placing millions of users at risk. Microsoft downplayed the issue, claiming that the vulnerability was not new and that the company had already supplied best practices to help mitigate the risk.

“When you change the user’s password, it is the holy grail of authentication since the attacker gets full control over the victim’s identity,” Tal Be’ery, vice president of research at Aorato, told eWEEK’s Sean Michael Kerner after the discovery. “This is why the vulnerability that we have discovered that enables an attacker to change the Active Directory password is so important.”

AD is used by most enterprises to manage their user identity and access services, Numoto explained. Compromising AD could potentially yield attackers a trove of sensitive information, hence Microsoft’s intense focus on keeping one of its most critical business software offerings safe.

Aorato employs “machine learning to detect suspicious activity on a company’s network,” stated Numoto. “It understands what normal behavior is and then identifies anomalies, so a company can quickly see suspicious behavior and take appropriate measures to help protect itself.”

This is accomplished with Aorato’s Organizational Security Graph technology, which he described as “a living, continuously updated view of all of the people and machines accessing an organization’s Windows Server Active Directory.” Microsoft’s enterprise customers should find it easy to benefit from the added protection, he said.

Aorato’s technology aligns with Microsoft’s own efforts surrounding its cloud-based AD offering. It will “complement similar capabilities that we have developed for Azure Active Directory, our cloud-based identity and access management solution,” said Numoto. Azure AD, also offered as part of Enterprise Mobility Suite (EMS), supports multifactor authentication in the wake of the PhoneFactor acquisition in 2012.