Advanced Threat Analytics Now Included in EMS

ZDNet ran a story on this yesterday with an update today.  But this looks like it is confirmed at this point.  No additional cost to the EMS license for this, which is interested and not sure if I believe that part.

http://www.zdnet.com/article/microsoft-adds-advanced-threat-analytics-to-its-enterprise-mobility-suite/

“Update (June 23): Microsoft has removed the blog post about EMS getting Advanced Threat Analytics, and also has removed the webinar registration post. (My guess is they weren’t yet ready to announce this.)”

From Brad Anderson’s Ignite summary post on ATA

The problems caused by compromised user credentials is the #1 issue we hear reported by organizations all over the world.

The reason for this problem is twofold:

  • First, many end users are still getting up to speed when it comes to understanding the importance of credential security.
  • Second, the existing security tools are just too cumbersome – they create way too many false positives, they take years to fine tune, and the reports they generate are nearly impossible to read and understand quickly.

Perhaps the most problematic issue of all is how traditional IT security solutions operate once a breach occurs. Getting a massive data dump when you’re trying to identify and isolate the intrusion can take far too long at a time when every second can make or break your organization. It’s counterproductive to have your security software hand you a haystack when you really need a needle.

  • You can detect advanced security threats fast via behavioral analytics that leverage Machine Learning.
  • Now you can adapt to the changing nature of cyber-security threats with a technology that is continuously learning.
  • You can narrow down the most important factors using the simple attack timeline.
  • ATA’s innovative technology reduces false positive fatigue and raises red flags only when needed.

More info on ATA here.

Recovering Your Files from CryptoLocker Free Tool from FireEye

Your Locker of Information for CryptoLocker Decryption | FireEye Blog.

Kudo’s to FireEye for not only building and hosting this tool so consumers can get their files back but also for their effort to acquire a large number of the private keys that made this possible.  FireEye does some very great work and always acts honorably.

To help solve the problem of victims’ files still being encrypted, we leveraged our close partnership with Fox-IT. We developed a decryption assistance website and corresponding tool designed to help those afflicted with the original CryptoLocker malware.”

https://www.decryptcryptolocker.com/