News

Microsoft Refreshes Its Machine Learning Security Tool

Microsoft this week released version 1.8 of its Advanced Threat Analytics forensic security solution.

Now ready for use in commercial environments, this latest release of Microsoft's machine-learning forensics tool can handle more than 1 million packets per second, Microsoft noted in its announcement.

Microsoft touts Advanced Threat Analytics as a "user and entity behavioral analytics" tool that gets installed on a customer's infrastructure and is typically used for post-breach analyses. The tool, which tracks attack techniques and the "abnormal behavior of entities," is based on the technology Microsoft acquired when it bought Aorato in 2014.

To improve security, Microsoft added auditing logs for the Center and Gateways used with Advanced Threat Analytics. Microsoft also facilitated user access to the gateways with this release. For instance, IT pros don't have to provide credentials to access them since the gateways will "now use the logged-on user's context."

One of the new detection capabilities with version 1.8 is the ability to report "abnormal" changes in groups having elevated privileges on a network. This release also has a new detection capability for tracking "brute force" attempts to compromise user credentials. It also shows remote code execution attempts via Windows Management Instrumentation (WMI) techniques.

Version 1.8 lets organizations tell Advanced Threat Analytics when some activities are benign, and to stop pushing out alerts for certain activities. It also lets IT pros delete activities that get logged as suspicious.

Users now have access to a summary report with Advanced Threat Analytics. It shows "suspicious activities, health issues and more," which can be generated automatically, and even customized. It includes an improved "sensitive groups report" that shows "all changes" over specific time periods.

Organizations can upgrade to Advanced Threat Analytics version 1.8 (build 1.8.6645) directly from versions 1.7.1 and 1.7.2, according to Microsoft's Advanced Threat Analytics FAQ document. They have to upgrade the Advanced Threat Analytics Center first, followed by "all ATA Gateways in your environment." The software is available from the Microsoft Volume Licensing Service Center.

In other security news, Microsoft this week announced a bug bounty program for its Windows Server products. The company is paying for reports of "critical" and "important" Windows Server software flaws, with payments ranging from $500 to $250,000. Last month, Microsoft also extended its Microsoft Edge bug bounty program for reporting browser flaws.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.

Most   Popular