top of page

News & Views

Semperis Lightning gets IRP

The pioneer in identity-driven cyber resilience Semperis ( announces the release of Lightning Identity Runtime Protection (IRP), a new identity threat detection and response (ITDR) offering that uses machine learning models developed by identity security experts to detect widespread and successful attack patterns such as password spray, credential stuffing, other brute force attacks, and risky anomalies.

As the first offering in the Semperis Lightning™ platform, IRP brings critical identity context to attack pattern and anomaly detection, helping organizations spot and quickly respond to high-risk events.

“Detecting an anomaly is relatively easy.  Putting it into context is where the challenge is,” explains Mickey Bresman, CEO, Semperis.  “We’ve combined deep machine learning expertise with our first-hand knowledge of how real-life identity system attacks work to provide meaningful context that helps organizations isolate and address high-risk threats.”

“IRP uses a growing threat library of exposures, compromises, and attack patterns in parallel with a continuous stream of identity security data to significantly accelerate an effective response to identity system threats,” adds Dr. Igor Baikalov, Chief Scientist, Semperis.  “Identity Runtime Protection focuses on several use cases, including anomalous logons and service ticket anomalies, that have been problematic for years because they are hard to detect and respond to at scale.”

Using trained algorithms based on Semperis’ real-world experience responding to identity attacks in the wild and supporting the world’s largest enterprises and government agencies, Lightning IRP detects sophisticated identity attacks that traditional ML solutions miss.

Lightning IRP focuses defenders on the most critical identity attack alerts and reduces noise by layering in an identity-risk fabric that draws insights from multiple sources, including: directory change tracking data across hybrid Active Directory and Entra ID environments; hundreds of security indicators of exposure and compromise, regularly updated by Semperis’ identity threat research team; and Tier 0 attack path analysis to map out risky relationships to privileged groups with access to sensitive data.

Additionally, Lightning IRP captures, analyses, and correlates authentication activities with Semperis’ identity threat intelligence to detect known attack patterns or signal malicious behaviour including: password spray attacks, brute force attacks whereby there is repeated and rapid logon attempts against a single user; any logon anomalies that indicate an anomalous logon attack on AD; and anomalous resource access analysing a user’s activity and any interaction with services that indicate an attack on AD services.  

“Lightning IRP builds on our current offerings of pre-attack scanning for indicators of exposure and compromise and our ability to see changes happening across on-premises Active Directory and Entra ID,” comments Darren Mar-Elia, Vice President of Products, Semperis.  “We’re extending our live attack pattern detection capabilities, changing the way the industry applies machine learning to detect cyberattacks.”

bottom of page