Microsoft (MSFT) is giving customers and solution providers a preview of new security technology that turns an eye to the cloud to prevent network attacks before they happen.

Microsoft Advanced Threat Analytics, based on the company’s recent acquisition of Aorato, uses behavioral analysis and machine learning to provide visibility into the network to discover potential threats to a system before they do any damage. The technology is for enterprise on-premise resources and focuses especially on threats to identity and user access, which are among the top security problems among enterprises.

The idea behind the software is to detect early intrusion, according to Microsoft, citing research that the average time attackers stay in a network before detection is more than 200 days. If these threats are detected early, they can be thwarted before doing any damage.

Microsoft purchased Israel-based cloud security provider Aorato last November for an undisclosed sum, though the Wall Street Journal put the deal at about $200 million. At the time Microsoft Corporate Vice President Takeshi Numoto said in a blog post the buy was part of the company’s effort to give customers more visibility into identity and access infrastructure to provider a higher level of security against these common threats.

“Unfortunately, compromised passwords, stolen identities and network intrusion are a fact of life,” he wrote in the post. “Companies need new, intelligent solutions to help them adapt and defend themselves inside the network, not just at its edge.”

Aorato’s technology works by using machine learning to detect suspicious activity on a company’s network, whether it be by users or mobile devices connected to the network. The software identifies what it considers normal behavior so it can then identify anomalies, providing enterprises with time to take defensive or protective action.

Key to the technology is what’s called the Organizational Security Graph. This provides a continuously updated view of all of the people and machines accessing an organization’s Windows Server Active Directory, where data about enterprise user identities and administrative access to critical business applications and systems is typically stored.

A technology preview of Advanced Threat Analytics is available online.