Back
Active Directory Defense and Recovery: Identity-First Security from Semperis
One of the most significant cybersecurity risks for enterprises running Windows domain
networks is potential vulnerabilities around Active Directory (AD). It’s what attackers often go
after first because compromising identities in AD opens other doors and gives bad actors access
to valuable targets. Once an intruder has users’ credentials, they can pursue privilege escalation
and get access to other areas of the network. Moving east to west throughout the data center,
cybercriminals can look for systems to action on. They may also continue to gain privileged
access to do additional damage or exfiltrate data. With both onsite and mobile workers relying
more heavily on a blend of cloud services and various devices to connect, identity is both a
primary attack surface and the core control plane to keep attackers out.
At CyberNorth, we understand the value of identity-first security. We’re thrilled to add
Semperis to our suite of solutions because it can recover that critical business asset—Active
Directory—reliably and at speed, with AI-powered defense for AD in the cloud and on-prem.
Other products claim AD recovery, but their performance is dependent on a baseline that’s
often unrealistic: the existence of Active Directory itself! Unfortunately, ransomware and other
attacks frequently obliterate AD, leaving no usable AD to leverage as a starting point for
recovery.
How does Semperis make it all happen?
Active Directory is the first thing that’s attacked and also the first thing that needs to be
recovered. Adding Semperis to the technology stack means that recovery is no longer
predicated on Active Directory being up—the platform will create everything required; you just
need somewhere to instantiate it. Semperis does the work for you, allowing you to recover in a
clean room without assumptions of capability. You can rebuild, remediate, and recover Active
Directory or Entra ID faster than with any other product. Regardless of your backup provider,
Semperis performs just as well standing independently.
For organizations that leverage Cohesity, the two platforms deliver complementary
functionalities. Semperis takes secure backups of the Active Directory environment,
independent of any other products in the data center, while Cohesity takes backups of things
like data center assets, virtual servers, databases, physical servers, etc. But anywhere an
intersecting line of capability exists between two solutions, we typically see them crash
together like a disruptive wave. CyberNorth’s engineering team worked hard to bolster the
Semperis-Cohesity integration framework. Instead of clashing at that intersection, the solutions sync. We coordinate Semperis backups and Cohesity immutability to provide customers with secure, automated backups of their Active Directory environment.
Automating AD protection
Semperis helps businesses quickly detect and address changes within AD. The platform can
even roll back malicious changes automatically to reduce impacts and keep your operations
running. Historically, people have resisted relying on tools to take independent action. But
modern cybercriminals are sneaky and persistent, and software that can implement swift and
effective actions to repel an attack is increasingly valuable. This advanced behavior, which is
core to successfully defending AD, is missing from most automated response solutions.
Automated monitoring and remediation are particularly critical when thwarting an AD attack. IT
teams can’t be everywhere simultaneously. Even large, high-functioning organizations have
weak points that criminals will happily exploit.
A study from Semperis found that 86% of respondents who were victims of a ransomware attack were targeted on a weekend or holiday, when in-house technology expertise is less likely to be quickly available. And though 96% of organizations reported maintaining a SOC, 85% of them reduced staffing by up to half on holidays and weekends.
Attackers know when organizations are least able to defend themselves, and automated tools
are necessary to fill those gaps.
With Semperis, you retain control over how the platform augments your other resources and
get to define the rules the product uses. Rules-based actions can be enabled and enacted to
allow your enterprise to detect and automatically revert any defined change. That’s a big
benefit because you no longer need to babysit your Active Directory environment to enjoy
comprehensive protection. Semperis keeps watch, you keep control.
Cohesity users can leverage integration with Semperis, and CyberNorth customers get access to
an even more powerful integration. We took the original Cohesity-Semperis integration
framework, rounded it out, and built our own customizations into it, automating it and
providing a deep level of recovery capabilities for our customers. The CyberNorth team doesn’t
take partnerships lightly, and the full scope of functionality available with Semperis is a perfect
fit for the carefully curated and tightly integrated portfolio of products we sell.
If you’d like to learn more about Semperis and how it can bolster your AD or Entra ID defense
and recovery strategy, connect with a CyberNorth expert now.
From the series
