Microsoft announced a raft of security and data protection software on the first day of its Ignite conference. The company said that attacks on companies were increasingly using legitimate tools: organizations are being compromised through access made with valid (albeit stolen or otherwise compromised) user credentials, rather than malware, with a Verizon report saying that more than 75 percent of breaches occur this way.
This needs a different approach to network security, Microsoft says, and new software built to sniff out anomalous activity, even if it looks superficially legitimate. In November last year, Microsoft bought enterprise security firm Aorata, and at ignite it announced a product based on this purchase: Microsoft Advanced Threat Analytics (ATA), now available in preview.
ATA uses a combination of log file analysis, deep packet inspection, and data from Active Directory to detect inappropriate access to corporate networks. Log files can reveal, for example, users logging on at unusual times, from unusual machines, or from unexpected locations. Deep Packet inspection (DPI) can show more obviously malicious behavior, such as attempts to use Pass-the-Hash or other credential-reuse attacks.
Read 7 remaining paragraphs | Comments
No comments:
Post a Comment