Semperis and hybrid AD security

Latest release of Semperis’ (www.semperis.com) Directory Services Protector (DSP) provides a complete picture of risk exposure in hybrid environments and monitors for cyber threats in both Active Directory and Azure Active Directory in one view.

The Semperis Director Directory Services Protector 3.6 (www.semperis.com/ds-protector) simplifies managing identity security in hybrid environments that use both on-premises Active Directory and Azure Active Directory.  DSP’s new capabilities for detecting and remediating security risks in hybrid identity environments address the challenge organizations face in combatting the rise in attacks that enter organizations through on-premises AD, then move to the cloud – or vice versa – as in the SolarWinds attack.

“We see a lot of different challenges with protecting hybrid identity environments, starting with the basic fact that from a technical perspective Active Directory and Azure Active Directory – outside of the name – have very few things in common,” says Mickey Bresman, CEO, Semperis.  “Azure AD provides a different stack of protocols, requiring a very different management approach – including protecting the identity system from cyberattacks.  With a hybrid scenario, the potential attack surface expands for an adversary. It's a relatively common scenario to see attacks start on-prem and move to the cloud, or move from cloud to on-prem.”

In hybrid AD environments, DSP displays a single view of security indicators in both AD and Azure AD – empowering IT teams to correlate changes that cross between on-premises and cloud environments and could signal an in-progress attack.  In a recent 451 Research report, analyst Garrett Bekker pointed out the challenges of securing hybrid identity systems.

“The vital nature of directories has been further magnified by the ongoing migration of resources to the cloud, since each ‘cloud’ – whether IaaS platform or SaaS app – typically has its own identity repository that applications need to work with,” says Bekker.  “Maintaining directories in a secure state has therefore become a considerable challenge, in part because most directories are constantly in flux as new users are added or change jobs, and new applications are installed.”  

Previously available in preview only for Semperis customers, Directory Services Protector 3.6 is now available.  More details at www.semperis.com/ds-protector.