Microsoft had recently outlined how the Advanced Threat Analytics v 1.6 release had been monitoring over 5 million users and 10 million devices. As of now, the number has been increased to over 10 million users and 21 million devices. Microsoft has now announced Advanced Threat Analytics v1.7 which comes with new features and improvisations.
Advanced Threat Analytics
The ATA still retains its focus on investigating tactics, techniques and also procedures which tend to be commonly used by the attackers while carrying out their campaign attacks. Moreover, every ATA update comes with an enhanced engine which will eventually result in better detection of threats. The new features include Pass the Hash detection, to which new behavioral models for the authentication patterns of entities. In order to correlate with entity behavior, these models enable ATA and differentiate real pass the hash attacks from the false ones.
In order to detect the Pass-the-ticket advanced attacks, the ATA takes into account the correlation between an IP address and the computer account. However, this becomes challenging especially when IP addresses change rapidly. It was for this very reason that ATA’s network name resolution was significantly improved in order to put a tab on the false positives.
ATA’s abnormal behavior algorithms have been updated to detect suspicious behavior pattern thus eventually helping the algorithms achieve a broader coverage of entity behavior. Furthermore, in this release ATA is well equipped to deal with the additional suspicious protocol patterns that are currently being used in attack campaigns. The detection improvisation has been carried on in Kerberos protocol.
It’s not just the essentials that have been improved and ATA team has also taken care to address the user experience. The user experience has been designed to handle the multiple gateways in a better way and thus has also introduced the Gateway update page for better management of the same.
You can read more on TechNet.