Microsoft Advanced Threat Analytics (ATA) is an on-premises product to help you detect advanced security attacks with User and Entity Behavioral Analytics (UEBA) technologies. By identifying suspicious user and device activities, ATA provides a simple and fast way to understand what is happening within your network. Once these activities are identified, ATA provides clear and relevant threat information on a simple, convenient feed.
Microsoft Advanced Threat Analytics detects:
Behavioral Analytics leverages Machine Learning to uncover questionable activities and abnormal behavior.
Diagnostic engine detects known attacks almost as instantly as they occur.
Security issues and risks:
Leveraging world-class security researchers’ work, ATA identifies known security issues and risks.
How it works
ATA leverages deep packet inspection technology, as well as information from additional data-sources (Security Information and Event Management systems and Active Directory), to build an organizational security graph and detect advanced attacks in near real time.
The diagnostic engine continuously learns the behavior of organizational entities (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. As the attacker tactics get more sophisticated, Microsoft Advanced Threat Analytics helps you to keep up with continuously-learning behavioral analytics.
After detection, Microsoft Advanced Threat Analytics provides clear and relevant information on a simple attack timeline, so you can reduce the noise and focus on what is important fast. Attack timeline not only gives you the power of perspective on the “who, what, when, and how” of your enterprise, but also recommendations for investigation and remediation.