Microsoft Advanced Threat Analytics (ATA) is new Azure AD security monitoring tool for cloud based applications, that has been ported for on-premises monitoring. The preview version is now available for evaluation and testing, as shared below 

http://blogs.technet.com/b/ad/archive/2015/05/04/microsoft-advanced-threat-analytics-public-preview-release-is-now-available.aspx

http://blogs.microsoft.com/blog/2014/11/13/microsoft-acquires-aorato-give-enterprise-customers-better-defense-digital-intruders-hybrid-cloud-world/

We’ve just released the preview of Microsoft Advanced Threat Analytics (ATA). Microsoft ATA is a new on-premises product that brings Azure AD style security monitoring and anomaly detection on-premises. Microsoft ATA is based on the innovative work done by Aorato, a startup company we acquired in November. Today in the cloud we can detect and help protect your organization against a host of attacks, including brute force attacks, attacks from anonymizers, anomalous attacks from atypical locations and many other types of attacks.  Customers have told us that they LOVE the level of monitoring and security we provides them. In many cases it’s richer than what they get on-premises.

And customers are constantly asking “Could you give me something that provides me the same level of monitoring and security for my on-premises Active Directory that you give me for Azure AD in the cloud?” Today I’m happy to be able to answer “Why yes, we can!”  We’ve just released the preview of Microsoft Advanced Threat Analytics (ATA). Microsoft ATA is a new on-premises product that brings Azure AD style security monitoring and anomaly detection on-premises. Microsoft ATA is based on the innovative work done by Aorato, a startup company we acquired in November.

How does it work? — After a simple deployment wizard, a non-intrusive port mirroring configuration copies all Active Directory-related traffic to Microsoft ATA while remaining invisible to attackers. Microsoft Advanced Threat Analytics then analyzes all Active Directory related traffic and receive relevant events from your corporate SIEM to enrich the attack story. It’s important to mention that ATA stores all the information locally on-premises, so your data will not leave the organization.  The detection engine automatically starts learning and profiling behaviors of users, machines, and resources, and then leverages Machine Learning technology to paint a picture of normal, everyday activity.  After becoming familiar with normal user behavior, ATA looks for anomalies to raise red flags and build the attack story that alerts security teams once those abnormal activities have been contextually aggregated with the near real-time detection of advanced attacks and security risks to create a complete and easy to comprehend attack timeline.

Designed for simplicity — We love to keep it simple! Microsoft Advanced Threat Analytics is a non-intrusive solution, our deployment is very simple, you don’t need any rules, policies or agents, just configure port-mirroring and within a few hours you will see results!  Many security analysts have told us that they are overwhelmed with the constant reporting of traditional security tools and the task of sifting through them to locate anomalies. The ATA attack timeline is a clear, efficient, and convenient feed that surfaces the right things at the right time, giving you the power of perspective on the who, what, when, why, and how. ATA provides visibility like in a social network, you can search for any users, devices or resources and see their behavioral profile.