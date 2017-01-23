On today’s episode of Microsoft Mechanics we take a look at how Microsoft Advanced Threat Analytics (ATA) detects advanced attacks and insider threats in your environment.

My name is Michael Dubinsky, and I lead the product team for Microsoft ATA. In this video, I will explain real attack techniques used by advanced attackers worldwide, and how ATA detects them in near real-time.

ATA works by combining analysis of network traffic, events, and pulling contextual data about the entities from the directory, such as group memberships, titles, and manager information. Once ATA is deployed it begins monitoring the activity of all the entities in the organization, learning the normal behavior of entities, and detecting abnormal behavior and known techniques used by advanced attackers and insiders.

Read the entire article here, Introducing Microsoft Advanced Threat Analytics for your Datacenter – Enterprise Mobility and Security Blog

via the fine folks at Microsoft.