Eitan Bloch | Semperis Product Manager

The SolarWinds breach in December 2020 signified a shift in the attack path for threat actors. Cyber threats increasingly target organizations’ cloud environments, typically Microsoft Entra ID (formerly Azure AD), then move to on-premises Active Directory (AD)—or vice versa. This begs the question: How secure is your hybrid identity environment and identity protection?

According to Microsoft’s Digital Defense Report 2023, incident response teams found, among other identity system vulnerabilities, “a broken security barrier between on-premises and cloud administration.” As the report points out, these gaps enable various attack tactics ranging from initial access to lateral movement and persistence.

Detecting and responding to hybrid AD threats requires a view across the entire environment—both on-premises and cloud—and automatic remediation to stop attacks that move too fast for human intervention. Semperis Directory Services Protector (DSP) provides unmatched capabilities for AD and Microsoft Entra ID protection, starting with a Hybrid identities view so that you can track changes across the environment.

How does Directory Services Protector improve hybrid Entra ID protection?

DSP provides comprehensive remediation of malicious changes, including the ability to:

  • Create custom rules to address specific Entra ID changes
  • Auto-undo or notify users when a specific change is detected
  • Filter and search for triggered rules

The time it takes to respond to an identity attack is one of the biggest factors in the scope and severity of the incident. Damage from an identity system attack can include many negative impacts, such as:

  • Business slowdowns
  • Revenue loss
  • Customer service disruptions
  • Legal trouble
  • Reputational damage

DSP provides comprehensive identity threat detection and response (ITDR) for hybrid AD and Entra ID environments—saving response time and reducing risk of potentially business-crippling attacks.

Semperis Directory Services Protector rule action success notification
Directory Services Protector lets you create and manage rules for rolling back changes in Entra ID

Scale big with processing power for AD and Microsoft Entra ID protection in any environment

As IT ops teams know, the number of changes that occur daily in a hybrid AD environment—particularly for large, distributed organizations—can be in the thousands or millions. Tracking malicious changes in large environments is a difficult problem.

Directory Services Protector addresses this challenge with processing built to handle a huge volume of changes. Our customers include organizations with some of the largest and most complex AD environments in the world, including:

  • The world’s #1 big-box retailer
  • Two of the top three global consulting firms
  • The top U.S. healthcare system

DSP is proven to seamlessly handle identity security data processing for these massive environments, speeding response time and reducing downtime. The Semperis Identity Analytics Server (IAS)—part of the DSP platform—is the engine behind this fast change process. IAS is an easy-to-deploy infrastructure service that accelerates the processing of notification alerts and response actions.

DSP also speeds attack remediation. Streamlined navigation and granular severity categories for indicators of exposure (IOEs) and indicators of compromise (IOCs) help you prioritize threats in the environment so that you can address the most critical problems first.

Directory Services Protector security overview dashboard
To improve AD and Entra ID protection, the DSP Security overview dashboard provides an overall security score, vulnerability warnings categorized by severity, and scores in categories such as AD delegation and Group Policy security

Improve risk detection, accelerate response, and optimize security data processing

What are the biggest challenges your team faces in detecting and responding to threats to your hybrid identity system? Many of the new AD and Entra ID protection capabilities we’re rolling out in DSP are in direct response to our customers’ needs, including the ability to:

  • Reduce the time it takes to correct AD misconfigurations, including operational errors and potentially malicious changes or leaked credentials
  • Gain visibility into malicious changes across the hybrid cloud environment to guard against the increasing number of attacks that start on-prem and move to the cloud
  • Automatically roll back malicious changes in both on-prem AD and Entra ID
  • Reduce the time needed to process identity system changes, which can slow operations in very large, complex hybrid AD environments

DSP continues to evolve as the most comprehensive ITDR solution available, protecting both AD and Entra ID by putting continuous detection and response on autopilot. To see DSP in action, check out our reach out to our team of Active Directory and Entra ID experts for a demo.

More about AD and Entra ID protection