In my opinion, one of the coolest security features to come out of Microsoft this past year is Advanced Threat Analytics (ATA). It's not a feature or function built into the Windows Server operating system, not yet anyway, but is a software that rides on top of Windows to produce some amazing functionality. Essentially what ATA does is monitor all of your Active Directory traffic, and warns you of danger or unusual behavior in real time, immediately as it is happening.

The idea of ATA is pretty simple to understand and makes so much common sense that it's something we are all going to wonder why it took so long to put into place. The reason for that, though, is because under the hood the processing and learning that ATA is doing is very advanced. Yes, I said learning. This is the coolest part of ATA. What you do is set up port mirroring on your switches so that all of the packets moving in or out of your Domain Controllers get mirrored over to the first piece of...