On-premise cyber security platform will feature social media-style timeline and use machine learning to outwit the hackers
Microsoft is to make its Advanced Threat Analytics (ATA) cyber security service available to customers from next month.
ATA is an on-premises product the company claims can help identify advanced persistent threats before they can cause damage.
The service has been a popular one at Microsoft, having thousands of trials from customers in the weeks since the ATA preview at Ignite in May.
Brad Anderson, corporate vice president, enterprise client & mobility at Microsoft, outlined the problems that ATA can solve.
“I’ve written before about the source of so many cyber attacks: Compromised user credentials,” said Anderson. “In fact, compromised identity is the #1 cause of the breaches we hear about from organisations all over the world.”
Anderson reckons that the causes for this are effectively the BYOD trend (as employee security is reduced through use of their own devices) and existing security tools being “too cumbersome”.
“They create way too many false positives,” Anderson said. “They take years to fine tune, and the reports they generate are nearly impossible to read and understand quickly.
“The biggest problem of all is, arguably, the question of how traditional IT security solutions operate once a breach occurs. Currently, the traditional infrastructure monitoring and security techniques have become less effective.
“There are also some very sophisticated security products that are ultimately ineffective because getting a massive data set in your inbox or console while trying to identify/isolate an intrusion can take far too long at a time when every second makes or breaks your organization. Who wants to be given a haystack when you’ve asked for a needle?”
Anderson explained how ATA is different. The service uses identity as a control plane, whilst having the visibility and insights that come from machine learning against massive sets of data. There is also protection offered across multiple layers, according to Anderson.
ATA is based on technology from Microsoft’s acquisition of enterprise security firm Aorato in November 2014. The service uses machine learning and behavioural analytics to detect security threats fast, according to Anderson. Other features include allowing the user to adapt to the changing nature of cyber-security threats with a technology that is continuously learning.
Furthermore, ATA allows users to narrow down the most important security factors using a simplified attack timeline, all packaged in a “easy-to-consume, and simple-to-drill-down, social media-like feed”.
“That is a really impressive list of features,” Anderson thinks. “And I can’t wait for you to try ATA for yourself.”