Semperis has made its Breach Preparedness and Response (BP&R) Services available to a broader set of customers. The BP&R services were released to a select group of customers in 2021. They are now generally available. It is good news for anyone running Active Directory.
The company has also announced the appointment of Simon Hodgkison, former CISO at BP, to its strategic advisory board. His role will be to support the BP&R services.
According to Hodgkinson, “Enterprises too frequently underestimate the importance of Active Directory security and recovery. Enterprises are learning the hard way that if ransomware takes AD down, the entire business goes down with it.
“Semperis came to market with solutions and service offerings that dramatically increase the operational resiliency of organizations everywhere, starting with the core identity system, AD. I’m proud to be part of the mission and join the industry’s most skilled collection of AD security experts.”
What do the Semperis BP&R services provide?
There is a range of services under the BP&R banner from Semperis. Some focus on the pre-breach phase and others on post-breach and recovery. They are a mix of security assessments, threat mitigation, DR, incident investigation, forensics and threat removal.
There are also multiple levels at which some of these services operate. For example, there are standard and extended AD security assessments. These look at everything from security architecture, configuration, attack path analysis, analysis and remediation planning.
The extended assessment involves interviews with key members of staff and a review of operational procedures. It is likely to throw up gaps in training, working practices and understanding of configurations. The results will improve AD deployments along with training and awareness across the operations team.
Threat mitigation and disaster recovery services are more hands-on. They respectively seek to reduce the attack surface and develop a recovery plan. The latter also includes a DR recovery exercise. While this is an annual exercise, organisations should be considering a more regular exercise. One reason for this is to ensure that all staff are involved and aware of any changes in procedure.
Setting the groundwork for an effective response
Resiliency is about dealing with both sides of the cyber equation. Security assessment and DR planning are about prevention. But, when a breach happens, you need to be able to respond.
For Semperis, this is where AD recovery, incident investigation, forensics, and threat removal come in. Its recovery of an AD forest is done without carrying over executable code from domain controllers. This, says Semperis, “eliminates the reintroduction of any host-based persistence or malware.”
Its incident investigation and attack forensics are about learning lessons. It determines if this is really an attack as opposed to a misconfiguration. If the former, it then captures the entire attack chain to see what has and is happening.
Most of these services are only available to Semperis customers that have bought certain products. The exceptions are the two AD Security Assessment services. The remainder requires either the Directory Services Protector (DSP) or AD Forest Recovery (ADFR) solution.
Enterprise Times: What does this mean?
Issues with AD continue to be a fruitful hunting ground for malicious actors. Part of the problem is that AD has evolved with poor controls for most companies. Retrofitting those controls takes visibility, and the tools companies use often lack that insight. This is why Semperis has made its AD Security Assessment services available to non-customers.
Once companies are aware of the risks to their AD, they have little choice to take action. This is where Semperis feels it can add far more value than its competitors. The question is, what level of conversion can it get from non-customers who take the AD Security Assessments?
For existing customers, it is a different equation. The key here is upselling them into the BP&R services. It shouldn’t be a difficult thing for Semperis, given the number of attacks against AD that take place.