Posted by: kurtsh | May 11, 2016

RELEASE: Microsoft Advanced Threat Analytics 1.6

imageA few days ago, the Microsoft Advanced Threat Analytics team release v1.6.

Today, we are proud to announce that ATA’s new version (1.6) is publicly available. With this blogpost, I would like to share detailed information about this update and explain the exciting new enhancements our team developed.

As pioneers of the UEBA market, we set the bar very high and we are introducing exciting new capabilities and innovation:

  • New detections such as
    • Pass-The-Hash and Bruteforce based on unusual protocol behavior
    • Elevation of privileges
    • Reconnaissance via Net Session enumeration
    • Compromised credentials via malicious DPAPI Request
    • Compromised credentials via malicious Replication Requests
  • New deployment option with the ATA Lightweight Gateway helping with branch sites and IaaS deployments
  • New and improved detection engine that significantly improves our performance and scale
  • Support for automatic updates and upgrades using Microsoft Updates
  • Improvements in third party integration to enrich detection

Additionally, they’ve posted online documentation for migrating from previous versions to 1.6 step-by-step:
https://docs.microsoft.com/en-us/advanced-threat-analytics/understand-explore/ata-update-1.6-migration-guide

Read the announcement below:


Categories

%d bloggers like this: