Advanced Threat Detection: Microsoft Enterprise Mobility Suite (Part 4)

Do you know how many cloud applications are being accessed by your employees?
Are your employees sharing valuable information via emails and attachments?
Is Your Help Desk Inundated with Password Reset Requests Over and Over?
Get Started With A FREE Trial Get Started With A FREE Trial Request a Consultation Request a Consultation Download FREE MOBILE DEVICE SECURITY REPORT

Advanced Threat Detection: Microsoft Enterprise Mobility Suite (Part 4) on

How Microsoft keeps your data protected


Your infrastructure is moving to the cloud. So are concerns about protecting your infrastructure there. You can’t turn your back on the protection you still need on-premises. Don’t worry, Microsoft has got you covered.


The Microsoft Enterprise Mobility Suite was created for the cloud, but it keeps one foot on the ground. Microsoft Advanced Threat Analytics (ATA) operates on-premise within your organization. Here’s what you need to know about its advanced threat detection.

Homeland platform security

ATA was designed by Microsoft to protect your business from advanced targeted attacks. It analyzes, learns, and identifies user activity. Who are they? What devices do they use? What resources do they access?


ATA warns your IT security staff if someone breaks from their regular resource pattern and uses applications or devices at odd times. It might be a sign that an attacker has assumed this user’s identity.


ATA doesn’t wait for an attack. It takes a proactive stance with sophisticated automated behavioral analytics. It helps your organization identify suspicious activities as they are happening.

Real losses

Statistics show that the average time an attacker resides in your network before detection is 200 or more days. That’s a lot of time to be gathering data and information. Plenty of time to set up and strike. Your data and your company’s reputation are at stake. Losses from cybercrime is on target to take a $500 billion bite out of the global economy. The average cost of a data breach to a company is $3.5 million.

Four steps to protection

Once it’s activated, Microsoft ATA gets right to work.

  • It analyzes. ATA uses deep packet inspection technology to scan all Active Directory traffic. It can also collect relevant events from other sources, such as SIEM.
  • It learns. ATA begins to profile user behavior, learning the devices and resources they use. It builds a map of these interactions and then monitors the matrix.
  • It detects. ATA looks for anomalies. Is someone using devices or resources that stray from their usual activity?
  • It alerts. If ATA detects suspicious activity, it prepares the information and lets you know. It’s near real-time monitoring.

Easy deployment

ATA can be either hardware or a virtual appliance. It uses port mirroring to deploy alongside Active Directory. Existing network topology isn’t affected.


ATA doesn’t need any agents on domain controllers, servers, or computers. It goes to work immediately.

ATA’s key features

  • Behavioral analytics. ATA gathers and interprets user behavior. It automatically adjusts to known and approved changes.
  • A simple actionable attack timeline. ATA details what it finds suspicious. It gives you relevant recommendations.
  • Mobility support. ATA is on-premises, but it also monitors external devices.
  • Email alerts. ATA can send emails to users and groups if it detects suspicious activity.

A network watchdog

ATA works round the clock. Built-in intelligent learning capabilities keep you from spending time creating rules and adding information about users to prevent false alerts.


Cyber-attacks constantly change. Your employees change, too. ATA is built to be dynamic. It continuously learns user activity and adjusts itself. ATA applies this same learning method to watch for known cyber-security threats, too.


Traditional security tools rely on constant reporting. It needs to be sorted to find threats. Microsoft’s ATA uses a simple attack timeline. It’s an efficient feed that reduces the flood of reporting down to a simple who, what, when, and how.


You get recommendations for investigations and suggestions for resolution for each suspicious activity.

ATA doesn’t cry wolf

Growing amounts of data are overwhelming IT security methods. It creates red flags that distract you from real threats.


Alerts work differently with ATA. Red flags are raised only when suspicious activities are sufficient, and placed in context by the ATA algorithms. The result is a dramatic reduction in false positives. The detection engine also guides you through its learning process. It asks you simple questions to adjust its detection process.

A new approach

Network log analysis is no longer enough to detect advance cyber-attacks. There’s too much data. It’s like finding a needle in a haystack. If you do find one, it’s likely too late. By the time you spot an anomaly and piece together the threat, a hacker will already have done damage.


That’s why approaching it with behavioral analytics makes more sense. Rather than wait for an attack, Microsoft’s ATA watches and predicts.


To learn more about introducing Microsoft’s Advanced Threat Analytics into your enterprise, contact MessageOps today by calling 877-788-1617.

(Visited 332 times, 1 visits today)