What is Advanced Threat Analytics?

In early August, I happened to be working on some Enterprise Mobility Suite collateral and noticed that the price of it went up about a dollar per user per month. What could account for this change? Well, Advanced Threat Analytics had been added to the Enterprise Mobility Suite.

Just to recap, EMS is much more than another MDM solution. It keeps your corporate data secure on mobile devices, sure. It also manages cloud identities, provides SSO to SaaS applications, gives users self-service password reset and multi-factor authentication, protects your sensitive information at the document level and does much more.

With Advanced Threat Analytics, Microsoft is helping to protect against zero day vulnerabilities and hacks that tend to go unnoticed for months on end. What exactly does that mean?

With Advanced Threat Analytics, you can combine your IT and security logging through Active Directory and other SIEM systems and have it run through Machine Learning on an on-premises system (this isn’t Azure Machine Learning). As time goes on, it builds an Organization Security Graph that looks for anomalies and known attack patterns in the data.

Upon detection of something wrong, Advanced Threat Analytics can alert you and make recommendations on courses of action. This helps your IT staff figure out quickly what should be done.

Here’s a great analogy. Have you ever traveled, tried to use your credit card and either have it denied or received a call about an unusual charge because you were away from your home town? This is what Advanced Threat Analytics gives your business. The peace of mind to detect strange behavior and take action on it without having to sift through mountains of data.

Basically:

• What does the user usually do?
• What does the user not usually do?

This is the behavior analysis component. It may seem simplistic, but this has been a blind spot for a lot of businesses. Most security attacks happen at the identity level via stolen or compromised credentials. These attacks take months to execute. The machine learning in Advanced Threat Analytics can make a real difference and help your business avoid being in the headlines.

Microsoft has put a lot of effort into the alerting to avoid this ‘alert fatigue’. It not only compares a single user’s behavior to itself, but also to other users all to avoid false positives.

Behavior analysis isn’t the only way the Advanced Threat Analytics can help keep you protected. It also will look for known security issues and vulnerabilities and known malicious attacks. For example, it will keep an eye out for machines that have lost their domain trust or someone conducting a specific type of known attack methodology, such as pass-the-hash.

All of this requires no agents, drivers, or escalated privileges. Instead it uses port mirroring, taking traffic directly from the wire. This helps keep it a little more hidden from hackers.

The value of Advanced Threat Analytics is just that. Forget combing through alerts that often are ignored due to the volume. Now, you have the ability to aggregate the logs and let the server do the work. Advanced Threat Analytics saves mountains of time on something that really needs focus, but often doesn’t get it – security.

The Enterprise Mobility Suite is already protected across identities, devices,  and content. With Advanced Threat Analytics, Microsoft is giving IT an easy to manage toolset to keep security front of mind. If you would like to watch a demo of the Enterprise Mobility Suite, you can check it out here. Otherwise, Arraya’s Microsoft Practice stands ready to help! Our team has extensive experience supporting a wide range of Microsoft solutions, including EMS and Advanced Threat Analytics. A partnership with Arraya ensures customers achieve lasting, meaningful results from their technological investments.

If you’d like to learn more about Arraya, our Microsoft Practice or any of the services and solutions we specialize in, visit us at www.ArrayaSolutions.com. Also, follow us on Twitter, @ArrayaSolutions, for insights and special offers from the Arraya team.