Semperis has launched a new solution to accelerate AD Modernisation and reduce customers’ attack surfaces. It describes it as a security-centric solution that combines multiple existing products. It is already in use with Semperis’ strategic partners and is supported by the company’s in-house AD migration services team.
The company has also appointed Michael Masciulli as Managing Director of Migration Products and Services to drive the global rollout of the new product. Mascuilli has previously held roles at Quest, Binary Tree and EMC, leading migration product and global managed services. As such, he brings considerable practical experience to the role.
Darren Mar-Elia, Semperis VP of Products, said, “Years of configuration drift, poor security practices, and multi-forest environments through mergers and acquisitions have introduced risky vulnerabilities into enterprise AD systems, creating a huge market demand for modernisation.
“However, most organisations delay these initiatives because of the time, effort, and security risks involved. Semperis is making life easier by offering a comprehensive AD migration and consolidation solution backed by industry-leading identity security tools and expert support to ensure your project stays on track while prioritising AD security posture throughout the process. With his extensive experience managing large and complex AD migrations, I’m thrilled Michael Masciulli is leading the charge.”
What will the new solution provide?
There are three steps to the new solution. Customers that use them should expect a much higher security level around their AD projects. They will also get greater control over those projects, from the migration of AD to the consolidation of current AD infrastructures.
Semperis describes the three steps as:
Preparation: Pre-migration vulnerability assessments with multiple tools, including Purple Knight (to identify and remediate existing security gaps) and attack-path analysis tool Forest Druid (to close risky access and map privileged accounts), plus easy testing of the migration process by cloning the production environment with Active Directory Forest Recovery (ADFR)
Execution: Monitoring with Directory Services Protector (DSP) to get visibility across all source and destination AD environments, track changes, and quickly roll back unintended changes up to the attribute level; malware-proof backups of the AD forest with ADFR for a safety net; and secured migration with Semperis Migrator for AD, which manages AD object synchronization, password migration and synchronization, and other functions that streamline the migration process without requiring AD trust between environments
Post-migration monitoring: Continuous assessment of the destination AD with DSP to stop configuration drift before it starts and assess the new environment for indicators of exposure (IOEs) and compromise (IOCs)
Enterprise Times: What does this mean?
In too many organisations, AD is a mess. While originally planned and structured, it has often grown out of control and has rarely had a consistent management approach. Introducing new technologies such as IoT has added vast numbers of new objects into AD that organisations have little visibility over. As such, security and management are more hit than miss.
Semperis is seeking to position its tools as a single solution to migrate the current AD to a new, more secure and manageable solution. Many customers will be surprised at the results of the preparation phase. The breadth and complexity of their existing AD will inevitably raise questions about how it got in its current state.
But for many, getting control and the ability to monitor AD post-migration will have the most impact. For IT teams, it will provide them with a better platform to begin to secure access to corporate assets. More importantly, it will also provide the ability to detect problems as they occur and before they become an issue.
It will be interesting to see how many customers take on the solution themselves and how many will look to partners to help deploy it. A significant amount of work will be required to make this happen inside most organisations. Using partners who have done this before on multiple sites and understand the potential pitfalls and outcomes makes more sense than doing it in-house.