Hackers are notorious for lurking on corporate networks for months, logging in via stolen user credentials and surreptitiously gathering information and intelligence before making their presence known to the company and the broader world.
It’s one of the scariest parts of corporate security for big companies, with last year’s Sony Pictures Entertainment hack serving as a high-profile example.
Microsoft says it wants to tackle this problem for its corporate customers, announcing this morning that its Advanced Threat Analytics technology will be released generally next month — using machine learning and behavioral analytics to detect malicious activity that might otherwise go unnoticed.
It’s based on technology from Microsoft’s acquisition last year of Aorato, an Israel-based enterprise security firm.
“We’re very unique in our ability to do this because you have to have that telemetry, that data, to be able to reason over it,” said Brad Anderson, Microsoft corporate vice president for Enterprise and Client Mobility, in an interview this week. “I would argue that we have more data and more telemetry on more consumers and businesses than anyone else in the world.”
As one basic example, Advanced Threat Analytics (ATA) uses travel times and geographic data to detect when a login from a single user’s account in multiple locations would be unfeasible without a Star Trek-style transporter. Once a breach is detected, a company can force the hacker out by disabling the account, enabling multi-factor authentication or taking other preventative measures.
Could this type of technology have detected and blocked the attack on Sony? “I very much believe it could have,” Anderson said.
These types of capabilities have been available via Microsoft’s Azure Active Directory in the cloud, but the new release of ATA will bring the technology to ActiveDirectory on companies’ on-premises networks. Microsoft says ATA will be available to purchase on a standalone basis, through the company’s Enterprise Mobility Suite, or with an Enterprise Client Access License.
During Microsoft’s earnings conference call yesterday, CEO Satya Nadella and CFO Amy Hood cited the Enterprise Mobility Suite as an example of how the company is expanding beyond its traditional business into new areas. “It’s taking something that’s very unique, builds off of our core in the server business, and allows us to both grow and add new perspective there,” Hood said.
