Microsoft said that its new Advanced Threat Analytics (ATA) solution will be available for general release next month.
Using technology gained from Microsoft’s November 2014 acquisition of Active Directory security startup Aorato, Microsoft Advanced Threat Analytics is an on-premises security product that detects various attacks using “user and entity behavior” analytics.
According to Idan Plotnik, former CEO of Aorato and current principal group manager of the Microsoft Identity and Security Service Division, ATA uses machine learning algorithms to detect abnormal behavior, including unusual working hours, abnormal resource access, and anomalous logins.
In addition to detecting abnormal user behavior, ATA can detect known security configuration issues and risks and advanced attacks. Attacks such as Pass-the-Ticket,Pass-the-Hash, Overpass-the-Hash, Forged PAC (MS14-068), Remote execution, Golden Ticket, Skeleton key malware, Reconnaissance, and Brute Force attacks, can be detected by ATA, the software giant said.