Advanced Threat Protection v

Today Microsoft publicly released Advanced Threat Analytics v1.7. The company labels the update as a “key release” and it comes with several features and improvements.

Advanced Threat Protection is a security solution organizations can deploy on their servers to identify security threats. Utilizing machine learning and behavioral analysis, it finds threats and provides users with actionable reports.

According to ATA director Idan Plotnik, the service now monitors over 10 million devices, and it’s their positive feedback that has motivated the team.

Advanced Threat Analytics v1.7 Release Notes

Given the four-month period, the ATA team has managed to implement an impressive amount of improvements. One of the primary changes is an update to detection.

Advanced-Threat-Protection-v1.7-Microsoft

ATA now supports a number of new detection methods to keep up with evolving security threats. Here are the ones included in this release:

  • Enhancements in behavioral analytics and malicious attack detection
  • Detection of reconnaissance using directory services enumeration
  • Pass-the-hash detection enhancements
  • Behavioral analytics enhancements
  • Unusual protocol implementation enhancements

Infrastructure Changes and User Experience

The update also ships with some key infrastructure changes. The service now supports role-based access control. This help to manage multiple stakeholders who require separate permissions. Current roles include ATA Administrator, ATA Analyst, and ATA Executive.

Additionally, the team has added support for Windows Server 2016 and Windows Server core. Users can now deploy Lightweight Gateways on Domain Controllers running Server Core for Windows Server 2012 and Server Core for Windows Server 2012 R2. The release also supports the Center and Gateway Components on Windows Server 2016.

Advanced Threat Analytic’s user experience upgrade isn’t huge, but should help make things easier to manage. The configuration experience has been redesigned and better supports multiple Gateways.

Advanced-Threat-Protection-v1.7-Update-1-Microsoft

Microsoft has also introduced a new update page. This should result in easier and more efficient management of automatic updates.

To upgrade, you simply have to use Microsoft Update. The download should install ATA v1.7 automatically, and you’ll then be able to configure automatic upgrades in the ATA Center.

You can view the full release notes for this build on the Enterprise Mobility and Security Blog.