Microsoft EMS Showcase - Advanced Threat Analytics
EMS Connected
Cloud Services
How to buy? Services Mobility and
Security Webinar
What is Advanced Threat Analytics (ATA)?

ATA is an on-premises platform to help you protect your business from advanced targeted attacks by automatically analysing, learning, and identifying normal and abnormal entity (user, devices, and resources) behaviour.

Why Advanced Threat Analytics?


Advanced Threat Analytics delivers behavioural analysis for advanced security threat detection. Sophisticated, automated behavioural analytics that help you identify suspicious activities and advanced threats in near real time, with simple, actionable reporting.

200+ days. That’s the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. Microsoft Advanced Threat Analytics helps you identify breaches and threats using behavioural analysis and provides a clear, actionable report on a simple attack timeline. (Source: Microsoft)

Key features include:

Behavioural Analytics ATA begins to understand entity behaviors while also automatically adjusting to known and approved changes within the business.

Simple actionable attack timeline to make your job easier, by detailing questionable activities and providing relevant recommendations.

Mobility Support to closely monitor your external assets like devices, as closely as your internal assets.

Email Alerts configured send an email to specific users or groups in your organisation when it detects a suspicious activity.

Seamless deployment. ATA functions as an appliance, either hardware or virtual. It utilises port mirroring to allow seamless deployment alongside Active Directory without affecting existing network topology. It automatically starts analysing immediately after deployment and you don’t have to install any agents on the domain controllers, servers or computers.

Business Benefits

Detect suspicious activities and malicious attacks with behavioural analytics. Using its proprietary algorithm, Microsoft Advanced Threat Analytics works around the clock to help you pinpoint suspicious activities in your systems by profiling and knowing what to look for. No need for creating rules, fine-tuning, or monitoring a flood of security reports, since the intelligence needed is built in. ATA also identifies known advanced attacks and security issues.

Adapt to the changing nature of cyber-security threats. ATA continuously learns the behaviour of organisational entities (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. As attacker tactics get more sophisticated, ATA helps you adapt to the changing nature of cyber-security threats with continuously-learning behavioural analytics.

Focus on what is important with a simple attack timeline. The constant reporting of traditional security tools and sifting through them to locate the important and relevant alerts can get overwhelming. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the who, what, when, and how. ATA also provides recommendations for investigation and remediation for each suspicious activity.

Reduce false positive fatigue. Traditional IT security tools are often not equipped to handle the rising amounts of data, turning up unnecessary red flags and distracting you from the real threats. With ATA, these alerts happen once suspicious activities are contextually aggregated to its own behaviour, as well as to the other entities in its interaction path. The detection engine also automatically guides you through the process, asking you simple questions to adjust the detection process according to your input.

Grey Matter Recommends

A bit like with the Microsoft Office Desktop Suite, with the option to purchase individual products like Word and Excel, you can purchase the EMS products separately, however Grey Matter recommends the complete Enterprise Mobility Suite. Not only does this offer the most comprehensive Enterprise Mobility Management solution, but this proves to be far more cost effective, equating to less than half of the total price compared with purchasing all of the individual products separately.

Grey Matter can offer EMS via Microsoft Licensing and as a Cloud Service. Please view our 'How to Buy' pages for more details.