Microsoft hasn't been known for its security prowess, especially in terms of product offerings. Often late to the...
game or presenting add-ons and products that might not be the best fit for enterprise security, I think it's on to something with its Microsoft Advanced Threat Analytics product.
Having been around for less than a year as a result of the acquisition of Aorato, Advanced Threat Analytics is building on what the original acquisition promised to do: give customers a new level of protection against threats through better visibility into their identity infrastructure.
Why Microsoft Advanced Threat Analytics exists
Microsoft touts user behavior as a big blind spot with such threats often taking months to detect. An on-premises solution, ATA's self-learning detection algorithms determine the who, what, when and how of what's happening on the network -- something many IT staffs struggle with on a regular basis.
The tool aggregates data from network traffic, Windows events, third-party log management and security information and event management (SIEM) products to monitor the Windows domain environment for real-time attacks and compares normal or past user behavior to what's currently going on to detect anomalies. Its big selling point is no rules, baselines or thresholds are needed; just install it and let it do its thing.
Advanced Threat Analytics highlights risks
So, how can ATA benefit Exchange? Simple -- practically all security issues that ATA uncovers can impact your messaging environment. From recently accessed resources to odd user activity, ATA creates a timeline of concerns you can use to monitor or resolve security issues in Exchange user accounts. Specific capabilities of ATA map directly to managing Exchange risks such as:
- Malicious attacks. System reconnaissance, brute force attacks and remote execution.
- Abnormal behavior. Anomalous logins including password sharing and lateral movement.
- Security issues and risks. Weak protocols or known vulnerabilities.
The essence of how ATA works across the enterprise is a four-step process: 1) analyze, 2) learn, 3) detect and 4) alert. Its benefits extend from the internal network environment out to mobile -- essentially anything tied to your Windows domain.
Have you ever stopped to think about how secure Exchange is at any given moment? That's a difficult thing to quantify -- especially without the proper tools. If you're going to minimize the risks to your messaging environment you've got to have the proper visibility. Most people don't but that doesn't make it right.
The indisputable truth about Exchange is that you cannot secure the things that you don't acknowledge or know about. Microsoft Advanced Threat Analytics seems to be a reasonable offering offered at a reasonable price to organizations that wish to take their security to the next level. Whether or not you have an existing SIEM system, ATA seems to be a good complement to any Microsoft-centric shop. You might consider trying it out for 90 days by downloading it from this link.
Establish daily Exchange security habits
Native vs. third-party Exchange security tools