Focus on what's important fast

200+ days. That's the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. Microsoft Advanced Threat Analytics helps you identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline.

Read the datasheetWatch the overview video


Today, the topic of cybersecurity has moved from IT and the datacenter to the highest levels of the boardroom. Attacks and threats have grown substantially more sophisticated in frequency and severity. What’s at stake? Everything from customer privacy to brand identity, executive’s reputations and beyond. Without a strong defense system in place, the identities and bank accounts of individuals can be hacked, businesses stand to lose customers, and companies can lose control of trade secrets, intellectual property, their competitive edge, and even their standing in the stock market.

  • Average time attackers stay in a network before detection is over 140 days
  • Estimated cost of cybercrime to the global economy is $500 billion
  • Over 60% of all network intrusions are traced back to credentials
  • Average cost of a data breach to a company is $3.5 million


Detect threats fast with behavioral analytics

Detect threats fast with behavioral analytics

Using its proprietary algorithm, Microsoft Advanced Threat Analytics works around the clock to help you pinpoint suspicious activities in your systems by profiling and knowing what to look for. Advanced Threat Analytics also identifies known advanced attacks and security issues

Adapt as fast as your enemies

Adapt as fast as your enemies

Advanced Threat Analytics continuously learns from the behavior of organizational entities (users, devices and resources) and adjusts itself to reflect the changes in your rapidly evolving enterprise. As attacker tactics get more sophisticated, Advanced Threat Analytics helps you adapt to the changing nature of cybersecurity attacks with continuously learning behavioral analytics.

Focus on what's important using the simple attack timeline

Focus on what's important using the simple attack timeline

The constant reporting of traditional security tools and sifting through them to locate the important and relevant alerts can get overwhelming. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the who, what, when, and how. Advanced Threat Analytics also provides recommendations for investigation and remediation for each suspicious activity.

Reduce false positive fatigue

Reduce false positive fatigue

Traditional IT security tools are often not equipped to handle the rising amounts of data, turning up unnecessary red flags and distracting you from the real threats. With Advanced Threat Analytics, these alerts happen once suspicious activities are contextually aggregated to its own behavior, as well as to the other entities in its interaction path. The detection engine also automatically guides you through the process, asking you simple questions to adjust the detection process according to your input.



Step one: Analyze

Using deep packet inspection technology, Microsoft Advanced Threat Analytics analyzes all Active Directory traffic. It can also collect relevant events from SIEM and other sources.


Step two: Learn

Advanced Threat Analytics automatically starts learning and profiling behaviors of users, devices, and resources, and then leverages its self-learning technology to build an Organizational Security Graph, a map of entity interactions representing the context and activities of the users, devices and resources.


Step three: Detect

Advanced Threat Analytics looks for any anomalies in the entities behavior and raises red flags. It also leverages security research to detect known attacks and security issues.


Step four: Alert

After detecting suspicious activities, known security issues and malicious attacks in near real-time, Advanced Threat Analytics provides clear, functional, actionable information on a simple attack timeline.

Read how Advanced Threat Analytics works

Get started with Enterprise Mobility

Scroll Top