Microsoft Advanced Threat Analytics

Microsoft Advanced Threat Analytics (ATA) provides a solution to help protect your organization from advanced attacks. Its sofyware, that sits within your network and monitors your users and systems normal usage patterns and alerts you for something that appears to be out of the ordinary.

It can do Behavioral Analytic analysis by learning the normal patterns of users and the devices they use. Patterns outside the normal are flagged such as using different devices than normal or a user working longer hours than typical, or unusual hours implying a change to a pattern of behaviour. It uses a combination of machine learning, deep packet inspection (DPI) and things like AD logon data to build up a historical set of records it can then provide predictions against in the same way Azure Machine learning operates.

Why is this an important step? Well given the upsurge in heuristic learning and the value of predictive data, protecting our environments and the data within them is becoming a much more critical activity.  If you have to learn about Machine Learning as a means of complimenting investment in systems like SharePoint (which you do) then this is a superb example of exploiting this fascinating tech space in a very innovative way.

Conversely, for people planning strategy around the use of collaborative tooling that is inherently becoming more an more hybrid in its architecture and design – if you can gather more data about what is NOT ordinary then it strongly reinforces what actually IS ordinary behaviour and allows us to predict better architecture designs, and be more confident that our designs are well founded on fact.

I for one will be taking a closer look at this new tooling:

http://www.microsoft.com/en-us/server-cloud/products/advanced-threat-analytics/