Microsoft Advanced Threat Analytics – Is it enough?

Hole in security

Recently, Microsoft announced their new product, Advanced Threat Analytics (ATA), which aims to help identify threats and provide actionable reports on the attack. This product is meant to provide great insight into where threats are coming from, but it doesn’t immediately stop the attack from happening, and it doesn’t keep sensitive information from leaving your company. It’s a step in the right direction, but it certainly isn’t a catch-all solution, much like Microsoft Office 365 security is not completely adequate for the modern enterprise and must be augmented by other solutions. From a security standpoint, a defense in depth strategy has always been held up as the way to go… and that is still true today. New threats give rise to new solutions, but it doesn’t mean the old threats go away.

Advanced Threat Analytics has the potential to leave a gaping hole in security – sensitive information may be pulled off the network while the security threat profile is being identified, if it is in fact identified at all. Behavioral analysis technologies like those in ATA can be extremely tricky to implement and take a long time to deliver impactful information. Analytics take time to build a baseline to compare data to, and if nefarious activity is happening during the time when the baseline is being conducted, that activity may be considered “normal” moving forward. It’s can also be very difficult to account for anomalies in behavior with analytics technologies, like reporting, that may occur at intervals such as: the end of the month, quarter or year. There is no doubt that things are improving, but they are still far from being reliable. When it comes to protecting critical information, reliability is key.

Security breaches are almost a daily occurrence, and as workforces continue to diversify and cloud storage and collaboration tools become the norm the trend is becoming worse rather than better. This makes data loss prevention a top priority in our evolving workplace. ATA is meant to address the issues presented by increased cloud collaboration with products like Office 365 or Dropbox, the rise of BYOD, and the changing work environment. Unfortunately, without data loss prevention as part of the ATA solution, supplemental products are needed to address the specific threat of data loss. Only when paired with DLP solutions can ATA provide a more complete solution that keeps critical information where it should be, protecting businesses against both inadvertent and malicious data loss. While ATA mainly focuses on external attacks, recent Clearswift research show more than 70 percent of data breaches start from inside the organization.

Our own ARgon for Email with Adaptive Redaction technology is a complimentary solution. Its technology prevents the loss of sensitive information immediately and effectively without disrupting the flow of business. When combined with Microsoft’s ATA or other solutions, the Adaptive Redaction technology in our ARgon for Email product can provide the perfect integrated approach to security. Unlike traditional “stop and block” DLP solutions, Adaptive Redaction doesn’t stop the flow of business, it simply removes the precise information that breaks policy, by stripping it out of emails, and documents, leaving the rest to continue on, allowing you to continue without the hassle of emails stuck in quarantine pending IT approval. It’s simple, effective and powerful in protecting your data.

Advances in security are always welcome. We commend Microsoft for expanding their product to provide added security features, but we caution users and businesses against using ATA on its own. It’s important to make sure companies have all aspects of security covered, and analytics can only go so far. We recommend businesses make sure to do their due diligence in researching security solutions and look for products or combinations of products that can actively safeguard critical data in real time.

For related technology, please see:

By Dr. Guy Bunker @guybunker