Microsoft announces Advanced Threat Analytics 1.7 for enhanced enterprise security

Roughly 108 days ago, Microsoft released its Advance Threat Protection service intopreview for its eager enterprise customers looking to an early look at latest productivity, security, and device management capabilities coming to Windows 10.

Now, three months later, Microsoft’s threat analytics team has felt confident enough in the feedback they’ve received to release its Advance Threat Analytics (ATA) v 1.7 for public consumption. Alongside the public release of ATA comes an update to the service that includes:

Enhancements in behavioral analytics and malicious attack detection

Detection of reconnaissance using directory services enumeration

As part of the reconnaissance phase, attackers gather information about the entities in the network using different methods. Directory services enumeration using the SAM-R protocol enables attackers to obtain the list of users and groups in a domain and understand the interaction between the different entities.

Pass-the-hash detection enhancements

To enhance pass-the-hash detection, we added additional behavioral models for the authentication patterns of entities. These models enable ATA to correlate entity behavior with suspicious NTLM authentications, and differentiate real pass-the-hash attacks from the behavior in false positive scenarios.

Pass-the-ticket detection enhancements

To successfully detect advanced attacks and pass-the-ticket attacks in particular, the correlation between an IP address and the computer account must be accurate. This is a challenge in environments where IP addresses change rapidly by design (for example Wi-Fi networks and multiple virtual machines sharing the same host). To overcome this challenge and improve the accuracy of the pass-the-ticket detection, ATA’s network name resolution (NNR) mechanism was improved significantly to reduce false positives.

Behavioral analytics enhancements

As a leader in the UEBA market, we’re constantly improving ATA’s abnormal behavior algorithms to better detect suspicious behavior patterns and insider threats. In this release, NTLM authentication data was added as a data source for the abnormal behavior detections, providing the algorithms broader coverage of entity behavior in the network.

Unusual protocol implementation enhancements

We are non-stop researching new malicious attacks both regionally and globally. We identified additional suspicious protocol patterns that are being used in attack campaigns. In this release, we added detections of unusual protocol implementation in Kerberos protocol, along with additional anomalies in the NTLM protocol. Specifically, these new anomalies for Kerberos are commonly used in over-pass-the-hash attacks.

In addition to the updates, ATA v 1.7 also enables support for Windows Server 2016 and Windows Server core as well as Role-based access control, thanks to the feedback from customers during its preview period.

Microsoft is enabling an automatic download of ATA v 1.7 and the ATA Center through Microsoft Update. Configuration of auto upgrades for ATA Gateways can be done in the ATA Center after upgrading.

For those interested, Microsoft’s Cloud and Enterprise Security Division is encouraging the following of @IdanPlotnik on Twitter or update information at the Enterprise Mobility + Security blog for more details.

[Source:- Winbeta]

Saheli
bento4d toto slot bento4d bandar togel situs toto situs toto slot thailand situs toto syair hk toto slot situs toto situs togel terpercaya situs toto situs toto toto slot https://uninus.ac.id/ pengeluaran hk
slot gacor togel online terpercaya situs slot https://disdukcapil.salatiga.go.id/ngacor/ slot gacor totomacau4d situs toto situs toto situs toto slot gacor slot gacor slot gacor slot gacor slot gacor rtp slot toto slot https://journal.dpkp.ciamiskab.go.id/ rtp slot rtp live slot gacor situs toto slot gacor situs toto situs toto togel https://faculdadediplomata.edu.br/-/ https://www.pilgrimagetour.in/-/ slot gacor situs toto slot gacor slot gacor rtp slot https://ejournal.yahukimokab.go.id/ https://mikrotik.itpln.ac.id/wp-content/uploads/ situs toto slot gacor slot gacor situs toto slot gacor slot gacor slot gacor slot gacor slot gacor slot gacor slot gacor slot gacor situs toto toto slot bento4d bento4d bento4d bento4d bento4d https://cpnsbatola.id/-/ slot777 situs togel bento4d bento4d slot777 bento4d cerutu4d rimbatoto https://smpitbinailmu.sch.id/ bakautoto bakau toto slot https://inspiracionspa.com.mx/-/ bento4d bento4d https://pafikabupatenrejanglebong.org/ https://dinkes.bogorkab.go.id/-/totoslot/ bento4d bento4d bento4d bento4d bento4d https://pafipcbangkabelitung.org/ https://pafipcindonesia.org/ https://pafipclubuklinggau.org/ https://pafipcpagaralam.org/ https://pafipclahat.org/ slot gacor slot gacor slot gacor slot gacor slot gacor
rimbatoto situs togel situs togel rimbatoto rimbatoto toto slot rimbatoto slot gacor