Microsoft is preparing to release the security system for Advanced Threat Analytics (or ATA) next month. It's a new way to prevent and protect against hacker attacks on corporate networks.
Since the latest preview version, Advanced Threat Analytics chief (ATA) Idan Plotnik reported that the application has 13 new features for enhanced threat detection.
"Once installed, ATA immediately starts analyzing all relevant issues such as network traffic, gathering information about AD entities, and collecting relevant events from events in the Information Security Management System," says Plotnik.
"Based on this analysis, the ATA creates a security chart and starts by identifying security issues, advanced attacks or detecting abnormal behaviors.
When an attack is detected, ATA creates a timeline of the attack that makes it very easy for security analysts to understand the attack and identify where to focus their efforts researchthem."
Η νέα εφαρμογή θα είναι διαθέσιμη σαν αυτόνομο προϊόν ή θα υπάρχει και μέσα στο Enterprise Client Access License and Enterprise Mobility Suite της Microsoft. Τα πρόσθετα χαρακτηριστικά στην τελική έκδοση του Advanced Threat Analytics θα συμπεριλαμβάνουν:
- Support for Windows Event Forwarding to get events directly from servers/workstations to the ATA gateway;
- Pass-The-Hash detection enhancements against corporate resources by combining DPI and logs analysis;
- Enhancements for the support of non-domain joined devices (and non-Windows) for detection and visibility;
- Performance improvements to support more traffic and events with ATA Gateway;
- Performance improvements to support more ATA Gateways per Center;
- automatically name resolution process to match between computer names and IPs to help save investigation time;
- Improving inputs from the user to automatically adjust the detection process;
- Automatic detection for NAT devices;
- Automatic failover in case the Domain Controller is not reachable;
- System health monitoring and notifications providing the overall health state of the deployment as well as specific issues related to configuration, connectivity;
- Visibility to sites and locations where entities operate;
- Multi-domain support,
- And support for Single Label Domains.
If you are interested in the new Advanced Threat Analytics product you can read more at Microsoft blog.