Microsoft Introduces Microsoft Advanced Threat Analytics v1.8!
We are pleased to announce the general availability of Microsoft Advanced Threat Analytics (ATA) v1.8. This is a key release for our customers with several new features and improvements.
Cyberattacks continue to get more sophisticated, and so in turn, we must continue to tune our products and detections. As a leading solution in the user and entity behavioral analytics (UEBA) market, targeting identity-based attacks, we continue to innovate to help our customers identify attackers before they cause damage.
ATA focuses on detecting and investigating tactics, techniques, and procedures (TTPs) that are commonly used by attackers in their campaigns, and on abnormal behavior of entities (users, devices, resources) that indicate insider threats. Additionally, with each ATA release, we continue to enhance our engine to improve detections for known and unknown attacks, as well as discovering net new types of attacks. Finally, we are also making improvements in the product infrastructure, security, and user experience. In v1.8 we are delivering the following:
New & updated detections
Abnormal modification of sensitive groups
As part of the privilege escalation phase of an attack, attackers modify groups with high privileges to gain access to sensitive resources. ATA now detects when there’s an abnormal change in a group with elevated privileges (i.e. a sensitive group).
Suspicious authentication failures (Behavioral brute force)
Read the entire article here, Introducing Microsoft Advanced Threat Analytics v1.8! – Enterprise Mobility and Security Blog
via the fine folks at Microsoft.