New machine learning-based tool targets invaders, while Windows Update for Business reworks enterprise patch rollouts
Microsoft has announced machine learning-based security for Azure and enterprise Windows systems, as well as a new update system for Windows 10 that it says will do away with Patch Tuesday, at least for consumers.
The company made the announcements at its first Ignite conference in Chicago, an enterprise-oriented event that takes over from its Exchange, Lync, Project, SharePoint, MMS, and TechEd gatherings.
Advanced Threat Analytics
The new Advanced Threat Analytics (ATA) software, now available in preview, is intended to use heuristics techniques – in other words, analysing the patterns that underly behaviour – to detect suspicious activity on corporate networks or cloud environments.
ATA, based on technology acquired with Israel-based security start-up Aorata last November, uses log file analysis and data from Active Directory to learn a user’s regular pattern of access, and can flag suspicious activity, such as access from unexpected locations or access to an unusual data type, or patterns consistent with an attack.
The software also uses real-time deep-packet inspection (DPI) to detect malicious logins that might otherwise be missed, such as the credential-reuse techniques that are sometimes used by hackers to trick their way into a system.
Microsoft also previewed Windows 10 management features that let administrators restrict data from being copied and pasted outside of corproate applications, for instance onto social-media services or personal email software. Another option allows data to be pasted into personal applications, but logs all such actions.
The company said its iPhone Outlook app will be updated later this quarter to support access restrictions when being managed by Intune, which will bar data from being copied outside the app into unauthorised software.
Microsoft also announced an update to its Azure Rights Management Services (RMS) for documents hosted on its cloud service, bringing in a document-tracking feature. Previously RMS limited access to documents to particular users; the new feature adds the ability to see exactly who accessed a document, when and from where. Unusual activity can be flagged and access revoked if necessary.
Windows Update for Business
With Windows 10 Microsoft said it will introduce changes to its software update mechanism, releasing security updates and other updates to PCs, tablets and smartphones around the clock, in a move away from the current monthly “Patch Tuesday” arrangement.
The monthly cycle option will continue to be available for enterprise customers under a feature called Windows Update for Business, allowing businesses to more easily plan patch rollouts, as is currently the case.
Home users will receive patches first under the rolling update system, which should mean business users will be aware of any possible problems beforehand, Microsoft said.
The update system has been reworked to give enterprises greater control over how branch offices and remote users receive updates, allowing patches to be distributed via peer-to-peer systems, useful for remote workers who may be on low-bandwidth connections. The timing of such updates can also be specified in order to avoid interference with day-to-day activities.
Microsoft said Windows 10 will be supported under System Centre 2012 and System Centre 2012 Configuration Manager with service packs set for release next week, allowing control of deployment, upgrades and management. Microsoft has also updated the cloud-based management tool Intune to support Windows 10 management.
Are you a security pro? Try our quiz!