An organization’s data is one of its most valuable assets—and a prime target for cyberattackers, who prove time and again that their victims will pay large ransom sums to get exfiltrated data back.
According to Semperis’ 2024 Ransomware Risk Report, 78% of organizations that were hit by a ransomware attack paid the ransom. Sadly, 35% of those victims that paid ransom failed to receive decryption keys or were unable to recover their files and assets. According to IBM, the average cost of a single data breach in 2023 was $4.45 million.
It’s no wonder that data-focused cyberattacks typically end in business disruption, loss of revenue, damage to customer trust, and other unfortunate consequences.
So, what can organizations do to better protect their precious assets? The key is a layered defense strategy that provides cyber resilience through cyber-aware backup, recovery, and attack path management for the identity system—the avenue by which attackers most often gain access to data stores. IBM reported that 74% of data breaches start with privileged credential abuse. A disabled or compromised Active Directory (AD) leads to significant security risks and potential business outages.
Why prioritize cyber resilience?
Darren Mar-Elia, Semperis VP of Products, explains the connection between identity-based attacks and data breaches: “Threat actors can exploit vulnerabilities to move laterally throughout the identity system, escalating privileges until they’re capable of a device or network takeover. At that point, the organization’s critical data—likely including customer data—is at stake, and the attackers have the upper hand.”
To help organizations combat identity-related cyberattacks that target data stores, Semperis has partnered with Cohesity, a leader in AI-powered data security and management. This partnership provides comprehensive cyber resilience through seamless Active Directory backup and recovery and innovative attack path management to detect and remediate risky access to sensitive data.
Threat actors can exploit vulnerabilities to move laterally throughout the identity system, escalating privileges until they’re capable of a device or network takeover. At that point, the organization’s critical data—likely including customer data—is at stake, and the attackers have the upper hand.
Darren Mar-Elia, Semperis VP of Products
Cyber-first AD recovery
Given the number of successful cyberattacks that target Active Directory, every organization needs to plan for the worst-case scenario. In the event of an attack that wipes out AD, the ability to recover entire Active Directory forests to a malware-free environment in minutes or hours is critical. When AD is down, no one can access the applications and services that keep the business running.
The Semperis-Cohesity partnership provides unmatched cyber resilience, combining Semperis’ automated, malware-free AD backup and recovery with Cohesity’s AI-powered, multicloud data storage and management. This powerful solution addresses the primary challenges organizations face when a cyberattack hits their AD environment:
- Traditional AD backups can contain malware, increasing the risk that the environment will be reinfected post-recovery.
- Manual AD recovery (even with a clean backup) is time-consuming and error-prone, prolonging recovery.
- Cumbersome data transfer processes can delay AD recovery.
Here’s what the Semperis-Cohesity solution brings to the table:
- Secure data: AD backups are securely transferred to Semperis Active Directory Forest Recovery (ADFR), which provides automated, malware-free recovery and additional protection via the Cohesity infrastructure.
- Fast data transfer: The backup process optimizes network bandwidth use to ensure rapid data transfers.
- Data integrity: Verification checks ensure the validity of backup data.
- Redundancy and manageability: Backup data is copied to the Cohesity platform, providing robust and redundant backup file protection, immutable storage options, and AI-powered multicloud data security management.
Protect against unauthorized access to business-critical data
Although the ability to recover your Active Directory system and your data is paramount, preventing attackers from breaching your sensitive business data in the first place is the ultimate goal. But attackers have become adept at uncovering AD vulnerabilities that enable them to elevate privileges, eventually gaining access to data storage devices.
Legacy Active Directory environments are often rife with risky misconfigurations that have accumulated over time, creating countless attack paths that lead to business-critical assets, including data storage devices. By gaining access to one account with a weak password or disabled MFA, a threat actor can move laterally throughout the network, elevating privileges until they reach the top prize: your organization’s primary data store.
Built on the foundation of Semperis’ innovative attack path discovery technology, the Semperis-Cohesity Attack Path Management solution provides a visual map of dangerous routes leading to Cohesity storage clusters. This insight enables security and IT teams to quickly remediate vulnerabilities and close attack paths.
With the Semperis-Cohesity solution, you can:
- Scan the environment to create a visual map of accounts with privileged access leading to Cohesity storage clusters
- Define security zones for designated privileged accounts
- Remove excessive privileges from other accounts
- With the addition of Semperis’ Directory Services Protector (DSP), receive real-time alerts on unauthorized attempts to join privileged groups and automatically roll back unwanted changes
Layered defense for the identity system and your business-critical data
The Semperis-Cohesity partnership underscores our mission to be a force for good by helping organizations build cyber resilience and successfully defend against threat actors that target their sensitive data through identity-based cyberattacks.
Semperis CEO Mickey Bresman explains the connection between protecting Cohesity data stores from attackers and the ability to defend against ransomware attacks: “By helping our joint customers identify and close off attack paths leading to the organizational backup and recovery system, we can prevent data exfiltration and preserve the recovery option, removing one of the primary negotiating tactics threat actors have.”
Curious about how you can protect your business data with a layered defense strategy? Contact our expert identity security team for more information about cyber-first AD backup and recovery and attack path management.
By helping our joint customers identify and close off attack paths leading to the organizational backup and recovery system, we can prevent data exfiltration and preserve the recovery option, removing one of the primary negotiating tactics threat actors have.
Mickey Bresman, Semperis CEO