I’m a long‐time, big curmudgeon about almost all computer security products. It’s hard to be anything else after seeing malware and exploitation seemingly get easier over two decades, especially with almost every new security product failing to meet its initial hype. I get paid to review computer security products for a living, and I often get pitched as many as twenty new products a day. If I see one product a year that seems like it might actually do what it says it can do and might have a significant impact on reducing risk, I get ecstatic. I often go years without seeing a capable, interesting product. My criticism often applies to my employer’s products as well.
With that said, I’ve truly been blown away by Microsoft’s new Advanced Threat Analytics (ATA) product. I would love it no matter who makes it. ATA uses truly advanced event and network traffic analytics to recognize active threats, including those that many security experts thought would be difficult to detect, like pass‐the‐hash (
https://en.wikipedia.org/wiki/Pass_the_hash) or golden ticket (
http://www.infoworld.com/article/2608877/security/fear‐the‐golden‐ticket‐attack‐.html) attacks. After watching it in action and seeing it mature over time, it’s so good that I want to quit what I do for a living and solely work to promote ATA. That’s not hyperbole. I would change jobs if they offered the opportunity. It’s that good.
Microsoft’s ATA came from an acquisition of a product from an Israeli ...