Advanced Threat Analytics Detects Anomalous Activity

Advanced Threat Analytics (ATA) technology can help protect customers’ internal IT resources by monitoring certain types of network infrastructure activity and notifying IT staff if anomalies occur. It can watch the normal behavior of users and help to identify threats before a serious breach occurs. The technology relies on machine learning to continuously understand and interpret normal activity patterns for Windows Server Active Directory (AD) access, looking for deviations from that activity. Using ATA will require organizations to implement several Windows Server and AD features, such as mirroring the network traffic to and from domain controllers and forwarding Windows events information from domain controllers to ATA servers.

Learning Normal Behavior

ATA was acquired from Aorato in Nov. 2014 and made available from Microsoft in Aug. 2015. The ATA software runs on servers attached to an organization’s network and automatically analyzes AD activity to learn about normal behaviors and activity patterns. Using machine learning, it can help uncover anomalies such as malicious attacks, identity theft attempts, abnormal resource access or working hours, and other known security issues and risks.