• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

What is Advanced Threat Analytics?

In early August, I happened to be working on some Enterprise Mobility Suite collateral and noticed that the price of it went up about a dollar per user per month. What could account for this change?business hand shows touch screen mobile phone with streaming images Well, Advanced Threat Analytics had been added to the Enterprise Mobility Suite.

Just to recap, EMS is much more than another MDM solution. It keeps your corporate data secure on mobile devices, sure. It also manages cloud identities, provides SSO to SaaS applications, gives users self-service password reset and multi-factor authentication, protects your sensitive information at the document level and does much more.

With Advanced Threat Analytics, Microsoft is helping to protect against zero day vulnerabilities and hacks that tend to go unnoticed for months on end. What exactly does that mean?

With Advanced Threat Analytics, you can combine your IT and security logging through Active Directory and other SIEM systems and have it run through Machine Learning on an on-premises system (this isn’t Azure Machine Learning). As time goes on, it builds an Organization Security Graph that looks for anomalies and known attack patterns in the data.

Upon detection of something wrong, Advanced Threat Analytics can alert you and make recommendations on courses of action. This helps your IT staff figure out quickly what should be done.

Here’s a great analogy. Have you ever traveled, tried to use your credit card and either have it denied or received a call about an unusual charge because you were away from your home town? This is what Advanced Threat Analytics gives your business. The peace of mind to detect strange behavior and take action on it without having to sift through mountains of data.

Basically:

  • What does the user usually do?
  • What does the user not usually do?

This is the behavior analysis component. It may seem simplistic, but this has been a blind spot for a lot of businesses. Most security attacks happen at the identity level via stolen or compromised credentials. These attacks take months to execute. The machine learning in Advanced Threat Analytics can make a real difference and help your business avoid being in the headlines.

Microsoft has put a lot of effort into the alerting to avoid this ‘alert fatigue’. It not only compares a single user’s behavior to itself, but also to other users all to avoid false positives.

Behavior analysis isn’t the only way the Advanced Threat Analytics can help keep you protected. It also will look for known security issues and vulnerabilities and known malicious attacks. For example, it will keep an eye out for machines that have lost their domain trust or someone conducting a specific type of known attack methodology, such as pass-the-hash.

All of this requires no agents, drivers, or escalated privileges. Instead it uses port mirroring, taking traffic directly from the wire. This helps keep it a little more hidden from hackers.

The value of Advanced Threat Analytics is just that. Forget combing through alerts that often are ignored due to the volume. Now, you have the ability to aggregate the logs and let the server do the work. Advanced Threat Analytics saves mountains of time on something that really needs focus, but often doesn’t get it – security.

The Enterprise Mobility Suite is already protected across identities, devices,  and content. With Advanced Threat Analytics, Microsoft is giving IT an easy to manage toolset to keep security front of mind. If you would like to watch a demo of the Enterprise Mobility Suite, you can check it out here. Otherwise, Arraya’s Microsoft Practice stands ready to help! Our team has extensive experience supporting a wide range of Microsoft solutions, including EMS and Advanced Threat Analytics. A partnership with Arraya ensures customers achieve lasting, meaningful results from their technological investments.

If you’d like to learn more about Arraya, our Microsoft Practice or any of the services and solutions we specialize in, visit us at www.ArrayaSolutions.com. Also, follow us on Twitter, @ArrayaSolutions, for insights and special offers from the Arraya team.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}