Semperis released Purple Knight Post-Breach, a channel-only edition of its free Active Directory (AD) security assessment tool, to help service providers conduct attack mitigation and recovery for their customers following an AD-related cyber disaster.
The exploitation of identity systems like AD and Azure AD, used in more than 90% of businesses worldwide, is a primary method that attackers use to get privileged access and infiltrate target networks.
Expanding on the community edition of Purple Knight—which has been downloaded by more than 5,000 users since its initial release in March 2021—Purple Knight Post-Breach enables partners to specify an attack window to accelerate attack mitigation, ensure a malware-free recovery, and close security gaps to prevent follow-on attacks.
“In the aftermath of a cyber disaster, finding the source of the attack is a tedious undertaking that requires sifting through masses of data—all while adversaries could be preparing a follow-on assault,” said Dave Evans, VP of Global Channels and Alliances. “Purple Knight Post-Breach speeds the post-attack forensics process for our partners so they can help customers mitigate damage and fully recover from AD-related attacks.”
When an organization’s AD environment is breached, every minute counts in stopping the in-progress attack and recovering the AD to a known-secure state. Purple Knight Post-Breach helps organizations determine whether an attack was in progress when an AD backup was taken. Following an AD recovery, Purple Knight Post-Breach helps response teams find and remediate vulnerabilities before bringing the recovered environment back into production.
“The faster we can accurately assess the current intrusion, the faster we can eradicate the threat and restore system access,” said Marty Momdjian, Healthcare Solutions Advisor at Sirius Healthcare. “What would take us hours or sometimes days, Purple Knight Post-Breach can do in minutes, giving us another crucial tool in our incident response toolbelt by Semperis.”
Semperis partners with some of the world’s largest cybersecurity service providers to conduct incident response for organizations that have experienced AD-based cyberattacks. Recently, Semperis launched a ransomware task force in partnership with Sirius Healthcare to improve the cybersecurity posture and resiliency of hospitals, pharmaceutical manufacturers, insurers, and other healthcare companies.
Semperis also partnered with one of top three global consulting firms to help a large multinational insurance company recover from a cyberattack. By accelerating AD attack forensics, Purple Knight Post-Breach helps cybersecurity service providers minimize downtime for their customers and quickly recover business operations to a known-secure state, preventing follow-on attacks.