Microsoft Buys Aorato to Boost Active Directory Security

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Microsoft announced this week the acquisition of privately-held security firm Aorato. Financial terms of the deal are not being publicly disclosed at this time. A Microsoft spokesperson told eSecurityPlanet that Microsoft intends to have all members of the Aorato team, including senior leaders, join Microsoft.

"In addition, with the close of this acquisition, Microsoft will cease selling the Aorato DAF product," the spokesperson stated. "We intend to incorporate the Aorato technologies into product and services coming from Microsoft. We will share more on this in the near future."

The Aorato Directory Services Application Firewall (DAF) technology is a security innovation designed to defend Microsoft Active Directory users against multiple forms of attack.

The Microsoft spokesperson noted that Aorato’s technology uses machine learning to identify anomalous activity against a company’s Active Directory, so a company can take appropriate security measures.

"Key to Aorato’s approach is their Organizational Security Graph technology, which is a living, continuously updated view of all of the people and machines accessing an organization’s Active Directory," Microsoft stated.

Beyond just protecting Active Directory with the DAF platform, Aorato has also been active in performing security research that exposes risks with Active Directory. In July, Aorato published a report detailing risks with Active Directory that could enable what is known as a Pass-the-Hash attack.

The attack outlined by Aorato was due to a downgrade capability in Active Directory to use the Windows NT LAN Manager (NTLM) authentication mechanism, instead of the more secure Kerberos system.

Active Directory sits at a critical point in enterprise IT infrastructure and is often deployed as an access and privilege control system. In many common Internet attacks, privilege escalation is a key attack vector that is abused by hackers in data breaches.

Microsoft expects that most of its enterprise customers will be interested in the Aorato technology.

"The technology will complement similar capabilities that we have developed as part of Azure Active Directory Premium, our cloud-based identity and access management service," Microsoft's spokesperson stated. ""We will have more to share in the future about how Aorato will be integrated with Microsoft products and services."

Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist.