Semperis enhances Forest Druid to guard against Microsoft Entra ID attacks

Semperis has expanded Forest Druid, its community-driven attack path management tool, to include support for Microsoft Entra ID (formerly Azure AD), saving time for cybersecurity teams in identifying and closing risky attack paths across hybrid identity systems.

Closely following the recent announcement of support for Okta in Purple Knight, the addition of Entra ID support in Forest Druid underscores the company’s mission to help organizations address emerging threats against on-premises Active Directory (AD) and cloud identity systems.

“Since its introduction in fall 2022, Forest Druid has helped thousands of cybersecurity defenders cut the time it takes to identify attack paths and remove excessive privileges in Active Directory,” said Darren Mar-Elia, Semperis VP of Products.

“By expanding Forest Druid to encompass Entra ID, security teams can now uncover risky access to Tier 0 assets across hybrid identity environments, which have become a favorite target for cyberattackers. These recent enhancements in both Forest Druid and Purple Knight address concerns we’ve heard from our customer community about emerging attacks that target Entra and Okta, in addition to legacy AD environments,” Mar-Elia added.

Unlike conventional AD attack path management tools that require defenders to scrutinize countless possible attack paths, Forest Druid accelerates attack path analysis by focusing on Tier 0 assets—accounts, groups, and other assets that have direct or indirect administrative control of an AD or Entra ID environment. With access to Tier 0 assets, attackers can seize control of the entire network.

“Cyber defenders too often are racing against time to close security gaps before adversaries exploit them,” said Ran Harel, Semperis Associate VP of Security Products.

“As more organizations are embracing cloud identity systems such as Entra ID and Okta—often using them in conjunction with on-prem AD—the attack surface expands, giving malicious actors more opportunities to breach the environment and deploy malware. Forest Druid helps defenders visually map risky access to privileged accounts. By identifying the true Tier 0 perimeter and prioritizing sensitive accounts for remediation, cybersecurity teams save valuable time and resources in safeguarding the identity system,” Harel continued.

Forest Druid enhancements include new settings to control data collection from on-prem and cloud identity systems and new controls to improve the defense perimeter relationship graph, a map of objects with privileged relationships to Tier 0 assets.

More about

Don't miss