Aorato Acquisition Can Bolster Internal Security

Aorato, an Israeli security company, was acquired by Microsoft in Nov. 2014. The Aorato technology can help protect customers’ internal IT resources by monitoring user activity on the network and notifying IT staff if anomalies occur. It can watch the normal behavior of users and identify threats before a serious breach occurs. The technology relies on machine learning to continuously understand and interpret normal activity patterns for Windows Server Active Directory (AD) access, looking for deviations from that activity. No details of availability were provided, and terms of the acquisition were not announced.

Watching and Learning

The technology developed by Aorato can help organizations defend against threats that occur inside their networks rather than threats from outside. Security incidents often involve employees or others with access to the corporate network, either through mistakes (for example, by accidentally loosening access restrictions) or through intentional attack (for example, by a disgruntled employee or attackers stealing an employee’s credentials). Protection against such threats takes many forms, including deployment of antimalware, strict restrictions on access to resources, and enforcement of training and policies. But solutions that track only privileged accounts are not enough, as today’s attackers also compromise nonprivileged accounts which may have important, though restricted, access permissions.