Security Advisor

Microsoft Announces Threat Analysis Preview and Coming Security Update Changes

Ignite event profiles new security tools and patch approaches.

Microsoft announced new security tools this week that will aid IT in spotting and stopping major breaches and threats.

The new tools were part of a wave of new and updated product releases presented during the opening keynote talk on Monday at Microsoft's Ignite conference, currently going on in Chicago. Microsoft announced the preview release of Advance Threat Analytics (ATA), a premises-based platform that leverages Microsoft's cloud to create up-to-the-minute reports that can display suspicious network activity when used in conjunction with Active Directory.

Locating Threats with ATA
Brad Anderson, corporate vice president for Enterprise Client and Mobility, showed off the capabilities of Windows 10 security features, Azure Rights Management Services and ATA, during his keynote portion. He demonstrated how reliable information about end users, as leveraged by ATA, can be used to pinpoint the source device of a breach, allowing IT to act quickly to limit the damage.

Microsoft Advanced Threat Analytics works by building a profile of users to spot aberrations, according to a Microsoft datasheet.

"Microsoft Advanced Threat Analytics leverages deep packet inspection technology, as well as information from additional data sources (Security Information and Event Management and Active Directory) to build an Organizational Security Graph and detect advanced attacks in near real time."

ATA monitors network activity to spot trouble areas. It detects malicious attacks, including pass-the-hash, pass-the-ticket, and reconnaissance threats, among others.

ATA arose out of last November's acquisition of Israeli-based identity and access management security solutions company Aorato, which developed the same "Organizational Security Graph" technology that is being used in ATA. Anderson, during his speech, told attendees that even though the product is still in preview, IT can start using it today to add another level of protection to their networks.

"It is a phenomenal way for you to help secure and protect your environment," Anderson said.

The preview can be downloaded here.

Windows Update for Business
Microsoft Executive Vice President of Operating Systems Terry Myerson also took the stage on Monday to announce that the monthly patch process will be going through a change with the arrival of Windows 10. The company will use a "distribution rings" model. With this model, organizations and individuals can opt to be part of the fast-ring or slow-ring segments.

"We've seen some people want the software right after it finishes our testing," said Myerson. "They don't want to wait a second. And then we have people that are stepping back and saying, 'Hey, work out some of those kinks, I want to make sure there are no app compat issues, I want to make sure there are no functional issues.'"

Choosing which ring to take part in will all be done through Windows Update. Home users likely already get updates automatically through Windows Update. Enterprises rarely use the automated system, though. Organizations need time for internal testing of the security updates, so a new Windows Update for Business (WUB) option will add some IT controls. IT will have the ability to choose which connected devices can and cannot be automatically updated. They also can control when certain updates can be pushed to specific devices. WUB also will have a peer-to-peer update distribution. WUB will be integrated with System Center and "other update management software," Myerson said. This WUB model will deliver operating system features, as well as security updates.

Additionally, for organizations that need a more traditional update model where software features don't change too much, Microsoft will offer "Long Term Servicing Branches" for Windows 10 that only delivers security updates. So-called "functional updates," or updates that change the features of the OS, won't be included when organizations opt for the Long Term Servicing Branches model, unlike the WUB model.

During his portion of the presentation, Myerson couldn't resist taking a jab at Google and its patching process:

Let's take a second and discuss Android, where Google takes no responsibility to update their customers' devices, refuses to take responsibility to update their devices, leaving end users and businesses increasingly exposed every day they use an Android device.

Google just shipped a big pile of [dramatic pause] code. And then leaves your phones with no commitment to update your device.

Myerson apparently was referring to a Google decision not to patch a bug affecting Android 4.3 and lower versions.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube