Microsoft is preparing to release the security system for Advanced Threat Analytics (or ATA) next month. It's a new way to prevent and protect against hacker attacks on corporate networks.
Since the latest preview version, Advanced Threat Analytics chief (ATA) Idan Plotnik reported that the application has 13 new features for enhanced threat detection.
"Once installed, ATA immediately starts analyzing all relevant issues such as network traffic, gathering information about AD entities, and collecting relevant events from events in the Information Security Management System," says Plotnik.
"Based on this analysis, the ATA creates a security chart and starts by identifying security issues, advanced attacks or detecting abnormal behaviors.
"Once an attack is detected, the ATA creates an attack schedule that makes it very easy for security analysts to understand the attack and identify where to focus their research efforts."
The new application will be available as a standalone product or will also be available in Microsoft Enterprise Client Access License and Enterprise Mobility Suite. Additional features in the final version of Advanced Threat Analytics will include:
- Support for Windows Event Forwarding to get events directly from servers / workstations to ATA gateway;
- Pass-The-Hash detection enhancements against corporate resources by combining DPI and logs analysis;
- Enhancements for the support of non-domain joined devices (and non-Windows) for detection and visibility;
- Performance improvements to support more traffic and events with ATA Gateway;
- Performance improvements to support more ATA Gateways per Center;
- Automatic name resolution process to match computer names and IPs to help save investigation time;
- Improving inputs from the user to automatically adjust the detection process;
- Automatic detection for NAT devices;
- Automatic failover in case the Domain Controller is not reachable;
- System health monitoring and notifications providing the overall health status of deployment as well as specific issues related to configuration, connectivity;
- Visibility to sites and locations where entities operate;
- Multi-domain support,
- And support for Single Label Domains.
If you are interested in the new Advanced Threat Analytics product you can read more at Microsoft blog.