Latest Release Empowers Organizations to Continuously Monitor Active Directory for Pre- and Post-Attack Security Indicators that Map to Popular Security Frameworks Such as the MITRE ATT&CK
Semperis, the pioneer of identity-driven cyber resilience for enterprises, today announced the general availability of Directory Services Protector (DSP) v3.5, which includes DSP Intelligence, a new module that provides automated security assessments of Microsoft Active Directory (AD). DSP Intelligence proactively uncovers dangerous vulnerabilities that arise from external threat actors, systemic weaknesses in default identity and access settings, and even internal configuration drift that leads to security regression.
The company also announced enhancements to Active Directory Forest Recovery (ADFR), the only disaster recovery product for AD purpose-built to combat cyberattacks. New ADFR capabilities include unique backup set encryption keys, advanced forensics search, and extended support for SAML and MFA authentication.
The continuous security assessment capabilities now available in DSP Intelligence address the skyrocketing proliferation of cyberattacks—including the infamous SolarWinds supply-chain attack and the Hafnium attack on Microsoft Exchange—that target identity systems, especially AD. As the gatekeeper to critical applications and data in 90% of organizations worldwide, AD is a common access vector for attackers and extremely complex to secure given its constant flux, sheer number of settings, and the increasingly sophisticated threat landscape. Findings from companies using Semperis’ free Purple Knight security assessment tool revealed that even large organizations with significant investments in security resources are failing to close critical gaps in AD, scoring an average of 61%, with Kerberos authentication being the top risk area.
“Active Directory is a critical piece of most enterprises’ IT infrastructure but is notoriously difficult to keep secure,” said Darren Mar-Elia, Vice President of Products at Semperis. “Not only are its settings complex, but both AD itself and attack paths are constantly evolving. Organizations must be able to ensure their directory services are secure on a continual basis—not just at a point in time—while actively testing against the latest indicators for new attacks and threats. DSP Intelligence is designed to provide a larger range of security indicators and advance pre-attack tests to harden AD against new adversary TTPs and spot your weaknesses before attackers do. The threat hunting capabilities have also proven to be extremely helpful for organizations in post-breach scenarios to understand how attackers broke in and how to close backdoors for good.”
A growing number of breaches involve the exploitation of suboptimal AD configurations to allow attackers to gain a foothold within target networks, access sensitive resources, and deploy malware. To get ahead of attackers, DSP Intelligence continuously queries an organization’s AD environment and performs a comprehensive set of tests against the most common and effective attack vectors that correlate to known security frameworks such as the MITRE ATT&CK.
With the addition of DSP Intelligence, Semperis further establishes DSP as the industry’s most comprehensive AD threat detection and response platform. Semperis also updated the complementary modules, DSP Essential and DSP Advanced, which address foundational directory security and operational use cases:
- DSP Essential– AD change tracking and rollback
- DSP Advanced– Autonomous threat protection and response
- DSP Intelligence – Security validation and breach prevention
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybsercurity, go to AI-Techpark.com.