Semperis Directory Services Protector 3.6 monitors for cyber threats in hybrid AD environments
Semperis announced the preview release of Directory Services Protector 3.6, which simplifies managing identity security in hybrid environments that use both on-premises Active Directory and Azure Active Directory.
DSP’s new capabilities for detecting and remediating security risks in hybrid identity environments address the challenge organizations face in combatting the rise in attacks that enter organizations through on-premises AD, then move to the cloud—or vice versa—as in the SolarWinds attack.
“We see a lot of different challenges with protecting hybrid identity environments, starting with the basic fact that from a technical perspective Active Directory and Azure Active Directory—outside of the name—have very few things in common,” said Semperis CEO Mickey Bresman. “Azure AD provides a different stack of protocols, requiring a very different management approach—including protecting the identity system from cyberattacks. With a hybrid scenario, the potential attack surface expands for an adversary. It’s a relatively common scenario to see attacks start on-prem and move to the cloud, or move from cloud to on-prem.”
In hybrid AD environments, DSP displays a single view of security indicators in both AD and Azure AD—empowering IT teams to correlate changes that cross between on-premises and cloud environments and could signal an in-progress attack. In a recent 451 Research report, analyst Garrett Bekker pointed out the challenges of securing hybrid identity systems.
“The vital nature of directories has been further magnified by the ongoing migration of resources to the cloud, since each ‘cloud’—whether IaaS platform or SaaS app—typically has its own identity repository that applications need to work with,” said Bekker. “Maintaining directories in a secure state has therefore become a considerable challenge, in part because most directories are constantly in flux as new users are added or change jobs, and new applications are installed.”
Semperis DSP simplifies protecting hybrid AD environments by:
- Offering a single view of pre-attack and post-attack indicators in both Active Directory and Azure Active Directory
- Providing the ability to track near real-time changes in Azure Active Directory and conduct hybrid searches across both on-premises Active Directory and Azure AD
- Illustrating actions that begin on premises and extend to Azure AD
- Generating a risk profile mapped to the MITRE ATT&CK and other security frameworks
- Continuously assessing and improving hybrid AD security posture to defend against attacks
In conjunction with the Directory Services Protector 3.6 release, Semperis is publishing a new whitepaper that addresses the serious challenges in securing a hybrid Active Directory environment, “Securing Hybrid Active Directory Environments: A Practical Guide to Closing Security Gaps in Active Directory and Azure Active Directory”. Written by Doug Davis, Semperis Senior Product Manager, this resource helps organizations defend the expanded attack surface that comes with a hybrid identity environment.
In addition to providing end-to-end threat protection for hybrid AD environments, Directory Services Protector offers frequent security indicators on a continuous release cycle to address threats uncovered by the Semperis research team or in response to threats that surface externally. Recent releases resulting from the Semperis research team’s proprietary work include indicators for the Windows Print Spooler critical vulnerability (PrintNightmare) and PetitPotam, which can allow an attacker to gain full Domain Admin permissions in an organization.