At Semperis, we always counsel our customers to prepare for the worst and assume that their identity systems will be breached at some point: A solid cyber-resilient AD recovery plan is critical. But the ideal scenario, of course, is to prevent an attack on the identity system (which is Active Directory for 90% of organizations worldwide) in the first place.
In the Forrester Total Economic Impact of Semperis report, one of the benefits that all Semperis customers who were study participants mentioned was a 25% reduction (Forrester’s conservative estimate) in the likelihood of a successful hybrid AD ransomware-related attack, by using Directory Services Protector (DSP).
Download the report: Forrester Total Economic Impact of Semperis
Lack of visibility across the hybrid identity system was a key challenge that the participants struggled with. Their fragmented view of the AD and Entra ID environment left them vulnerable to undetected security threats and unauthorized access. Lack of awareness about potential threats delayed their response and was especially problematic in hybrid AD environments, where attacks can start in Entra ID and move to on-premises AD, or vice versa.
One interviewee, the technical architect of AD in a professional services company, said that his company was “unaware of what was going on in our AD environment before Semperis. It was difficult to track all of the changes that were being made across the organization on a daily basis and make sure that nothing suspicious was happening.”
Before DSP, we had zero visibility into our hybrid AD environment. Today, we have a tool that generates alerts that we’re able to actively validate whether or not we have a threat in the system rather than finding out after an attack happens. It’s an intrusion prevention system for us. That’s worth its weight in gold.
Healthcare CISO, Forrester Total Economic Impact of Semperis report
By providing full visibility of the hybrid AD environments—including Entra ID—DSP helps organizations close existing security gaps and continuously monitor for emerging threats to accelerate remediation, potentially forestalling a full-blown attack. Some of the hybrid indicators DSP offers include:
- Entra ID privileged users who are also privileged in AD
- AD privileged users who are synched to Entra ID
- Resource Based Constrained Delegation (RBCD) applied to the Entra ID SSO account
These are the types of misconfigurations that can be difficult to catch and can pave the way to a cyberattack that uses privilege escalation and lateral movement to breach the system. Not only does DSP flag those risky misconfigurations, but it also automatically rolls back unwanted changes so your IT and security teams spend less time mitigating threats. As one of our customers, a network system analyst for a healthcare company, said, “DSP helps us mitigate issues before they become issues. With Semperis, we’re able to identify user accounts that have possibly been tampered with and notify those users before a larger problem arises.”
A CISO in healthcare said that DSP also ensured that their identity system didn’t have dormant threats that might cause problems in the future: “Before DSP, we had zero visibility into our hybrid AD environment. Today, we have a tool that generates alerts that we’re able to actively validate whether or not we have a threat in the system rather than finding out after an attack happens. It’s an intrusion prevention system for us. That’s worth its weight in gold.”
Forrester’s estimate that DSP delivers a 25% reduction in the likelihood of a successful AD attack is an “extremely conservative assumption,” according to the analysts. As they point out, the probability of experiencing a ransomware attack that targets the identity system varies across organizations. But their analysis showed that through continuous monitoring of the hybrid AD environment with DSP, the composite organization reduces the likelihood of a successful hybrid AD attack from 2.0% to 1.5%—a 25% reduction. That’s a significant improvement in overall security posture.
If you’re concerned about your organization’s ability to catch cyber threats that target the identity system, check out the Forrester report for a fresh perspective on the challenges of effectively monitoring a hybrid AD system—and how Semperis DSP can help.
More resources
