If AD ISN’T SECURE, NOTHING IS!
If Active Directory goes down, your entire business goes down. AD is the primary gateway to your critical information systems—and an easy target for cyber-attackers looking for a way to steal sensitive information, deploy ransomware, or even bring down your business operations completely. Why is AD so easy to exploit? Because of its constant flux, sheer number of settings, and increasingly sophisticated threat landscape.
In a single view, track overall security posture as well as status of:
- Kerberos security
- AD delegation
- Group policy
- Account security
- AD infrastructure security
VULNERABILITY ASSESSMENT:
Continuously monitor for “indicators of exposure” that could result in security compromises to your AD. Leverage built-in threat intelligence from a community of security researchers.
AUTOMATED REMEDIATION:
Create audit notifications on changes to sensitive AD objects and attributes with the option to automatically undo select changes.
TAMPERPROOF TRACKING:
Capture changes even if security logging is turned off, logs are deleted, agents are disabled or stop working, or changes are injected directly into AD.
INSTANT FIND AND FIX:
Use Semperis DSP’s online database to find and fix unwanted AD object and attribute changes in two minutes or less.
GRANULAR ROLLBACK:
Revert changes to individual attributes, group members, objects, and containers – and to any point in time, not just to a previous backup.
FORENSIC ANALYSIS:
Identify suspicious changes, isolate changes made by compromised accounts, and more. Use DSP data to support Digital Forensics and Incident Response (DFIR) operations to track down the sources and details of incidents.
SIEM ENRICHMENT:
Eliminate blind spots in your security incident and event management (SIEM) system with out-of-the-box integration.
DELEGATION:
Leverage robust Role-Based Access Control (RBAC) and a rich web user interface to give administrators view and restore capabilities for their specific scope of control.
POWERFUL REPORTING:
Gain insight into the operational, best practice, compliance, and security aspects of your AD using built-in reports created by AD experts. Create custom reports based on sophisticated LDAP and DSP database queries.
REAL-TIME NOTIFICATIONS:
Be alerted through email notifications as operational and security related changes happen in AD.
POWERSHELL SUPPORT:
Use the DSP PowerShell module to automate processes and integrate DSP operations and management into existing toolset.
SUPPORT REGULATORY COMPLIANCE:
Semperis DSP provides preconfigured compliance modules for major regulations and frameworks to automate reporting.
- PCI
- HIPAA
- SOX
- GDPR
Quickly evaluate the security of your AD
Active Directory holds the “keys to the kingdom,” and if not safeguarded properly, it will compromise your entire security infrastructure. Purple Knight is a free Active Directory security assessment tool built and managed by an elite group of Microsoft identity experts. Initial scores from Purple Knight, revealed that organizations are failing at an alarming rate—61% score on average—extending the risk of systemic cyberattacks. Large organizations with legacy AD deployments at highest risk of falling victim to widespread attacks—like SolarWinds—that target inherent Windows vulnerabilities. It is a free of charge assessment tool, developed by Semperis, and you can download it here to run an assessment of your AD infrastructure:
Disaster Recovery for Active Directory
When a ransomware or wiper attack takes out the domain controllers, traditional recovery processes can drag on for days or even weeks. Semperis orchestrates a fully automated forest recovery process—avoiding human errors, reducing downtime from days and weeks to minutes, and eliminating the risk of malware reinfection.
Shorten recovery time of the entire Active Directory forest by 90%
ANYWHERE RECOVERY
To prevent re-introduction of rootkits and other malware, ADFR starts with a clean Windows operating system and only restores what’s needed for the server’s role as a DC, DNS server, etc.
CLEAN RESTORE:
Automates the entire recovery process, including restoring DCs, rebuilding the Global Catalog, cleaning up metadata and the DNS namespace, restructuring the site topology, re-promoting DCs, and more.
ADVANCED AUTOMATION
Spin up an exact replica of the production AD forest, using available servers, in an isolated lab to effortlessly test recovery procedures and document results for compliance with internal and external regulations.
EASY DR TESTING
Backs up only the AD components. This results in smaller backups, which means less data to retrieve, process, and transfer – and less time to perform these operations during restore.
LIGHTWEIGHT AD BACKUPS
Manage backup and recovery of multiple AD forests using a single management server and web portal, simplifying setup and ongoing administration.
MULTI-FOREST SUPPO
Eliminates the need to develop and maintain scripts or manually update configuration information – and the recovery failures that occur when these things don’t get done.
ZERO MAINTENANCE
Checks each backup set to verify that it contains all the data necessary to successfully recover your forest, and that this data was successfully written to one or more locations. Also notifies you of any gaps in backup jobs.
BACKUP INTEGRITY
Runs independent of AD – with no reliance on Windows authentication, DNS, or other AD services – so you can recover immediately even if AD is completely down.
SHARE NOTHING ARCHITECTURE
Includes PowerShell commands for automating Semperis ADFR management, providing easier management of backup groups, backup rules, agents, and distribution points.
POWERSHELL SUPPORT
Semperis AD Forest Recovery also makes it easy to spin up a copy of production DCs in the lab, significantly reducing the time to maintain dev/test, staging, training, and support environments.
LAB SETUP
Leverages distribution point servers to store backups close to domain controllers, reducing network traffic as well as backup and recovery times.
DISTRIBUTED BACKUP FAILOVER
Generates a unique, one-time encryption key for each DC in a backup set—preventing an attacker from decrypting all backups using a single key. Also displays which backup rules have encryption enabled.
SAML AUTHENTICATION:
Supports single sign-in (SSO) using SAML to minimize user login frequency—users can log in to the Administration portal using their chosen IdP credentials.
Simplifies operation log record retrieval with advanced search functionality that helps you filter by attributes such as components for a specified date range.