Microsoft has revealed its latest security tool, Advanced Threat Analytics (ATA), will be made generally available next month with a mission to alert IT teams in the event of an advanced cyber-attack.
Head of the identity and security services division, Idan Plotnik, is founder of Aorato – the firm
Microsoft bought to help it build out the capabilities for the new ATA product.
He explained in a
blog post that finding advanced attacks by trawling through log files is like “searching for a needle in the haystack” – and often fails to reveal the entire picture because it can miss PTT (Pass-the-Ticket) or Forged PAC attacks.
“We’ve taken a different approach with
Microsoft ATA. Our secret sauce is our combination of network Deep Packet Inspection (DPI), information about the entities from Active Directory, and analysis of specific events,” he explained.
