News & Views

Semperis launches report

Pioneer of identity-driven cyber resilience for enterprises, Semperis (www.semperis.com) announces the release of the ‘Active Directory Security Halftime Report’, the first in a periodic series of insights and practical skill-building resources for preventing and mitigating identity-related cyberattacks.  

The report addresses the surge in identity-related attacks and vulnerabilities – from the Colonial Pipeline breach to the Windows Print Spooler vulnerability – with expert advice on hardening identity security postures that have eroded through years of misconfigurations and lagging skillsets.

“Active Directory remains the beating heart of identity management – the core of the identity platform for most organizations – but everything around it has changed rapidly,” says Mickey Bresman, CEO, Semperis.  “AD secure configuration was not as much of a concern 15 years ago, and many recommendations that were provided at the time proved to be insecure and have been completely revised since.  A lot of the mistakes that were made then are the problems organizations now need to address.”

Bresman also calls out lagging skillsets at a time when conversations about protecting the business from cyberattacks are converging for identity and security teams.

“You have people that know AD extremely well, but their thinking is more operationally related,” continues Bresman.  “Or you have people that know red-teaming and security extremely well, but they are not AD experts. It's not that simple to find that combination of skills in a single person.”

Against a backdrop of these escalating identity-related cyberattacks, the Active Directory Security Halftime Report highlights the essential areas of focus for identity and access management (IAM) teams, security teams, and CISOs responsible for guarding organizations’ identity systems.

More than two-thirds of the Halftime Report will provide how-to guidance from highly experienced identity experts (including longtime recognized Microsoft MVPs) for preventing, mitigating, and recovering from identity system cyberattacks.  Identity systems continue to be a prime attack vector for cybercriminals despite well-known vulnerabilities – especially in Active Directory, the core identity store for 90% of businesses worldwide.

The Active Directory Security Halftime Report, available at 
https://pages.semperis.com/2021-ad-security-halftime-report/, will be updated on a periodic basis to serve as a timely, concise index of resources for organizations that have prioritized hardening their Active Directory and Azure Active Directory defenses against escalating cyberattacks.