top of page

News & Views

Semperis and Trellix partner

The latest partnership between identity-driven cyber resilience pioneer, Semperis and Trellix whose XDR platform is used by 40,000 organizations, including 80% of the Fortune 100 will combine AI-driven threat detection and response from the Trellix XDR Platform with hybrid Active Directory and Entra ID ML-based monitoring and change tracking from Semperis Directory Services Protector (DSP) to identify and address attacks that start with device compromise and move laterally through privilege escalation to the identity system – the common target in 90% of cyberattacks.

“When an endpoint such as a workstation is compromised, Trellix’s XDR provides critical information about endpoint attacks, including who was logged in when the incident occurred,” explains Mickey Bresman, CEO, Semperis.  “From that point, Semperis DSP can analyze forensics data of changes made to the identity system, follow the path of activities made by the compromised account, and automatically undo those changes, dramatically reducing response time.”

“By combining Trellix’s AI-powered XDR Platform with Semperis DSP’s continuous monitoring, change tracking, and automated remediation for hybrid AD environments, we’re enabling organizations to stop threat actors in their tracks,” adds Sean Morton, Senior Vice President of Strategy and Services, Trellix. “Our partnership with Semperis furthers our mission to secure customers and enable them to proactively prevent and quickly remediate attacks across the ecosystem – from endpoint to the identity system.”

Semperis DSP adds rich, contextual identity security data to the Trellix XDR platform, providing organizations with actionable recommendations based on identity system forensics to uncover which accounts were compromised, see adversary-made modifications to group and user permissions, and auto-remediate malicious changes.  


The combined capabilities of Semperis and Trellix help organizations deal with the persistent problem of threat actors gaining system access by compromising endpoints, moving laterally through the network, and escalating privileges to take control of, and hold for ransom, the entire identity system – the backbone of the organization’s business operations.

bottom of page