Active Directory Security icon

Directory Services Protector

The industry’s most comprehensive identity threat detection and response (ITDR) platform for Active Directory and Azure AD. See it live

Comprehensive hybrid Active Directory security.

Business applications on-premises and in the cloud rely on Active Directory and Azure Active Directory, making it a critical piece of your IT infrastructure. But securing Active Directory is difficult given its constant flux, its sheer number of settings, and the increasingly sophisticated threat landscape. Protecting hybrid AD systems bring additional challenges, as many attacks start on-premises and move to the cloud. Semperis DSP provides the industry’s most comprehensive AD security by continuously monitoring AD and Azure AD for indicators of exposure and compromise and providing a single view of activities, both on-premises and in the cloud.

  • Stop attackers from gaining access to AD and Azure AD
  • Capture AD and Azure AD changes that bypass security logs
  • Automatically remediate malicious changes in AD

Take back the keys to your kingdom.

Active Directory was not built to stand up against today’s threats. And protecting both on-premises AD and Azure AD in a hybrid environment is notoriously difficult. Plus, attackers often move from on-premises to cloud (or vice versa) in the constant pursuit of elevated privileges—as in the SolarWinds attack. In our mobile-first, cloud-first world, any connected device can expose the heart of your IT infrastructure. You should assume that attackers are already lurking inside your AD, just waiting for the opportune moment to strike. Defenders must anticipate their adversaries’ advances and thwart AD attacks at every stage of the cyber kill chain. Meet Semperis DSP—purpose-built for AD security.

  • Minimize the AD Attack Surface
  • Detect advanced AD attacks
  • Auto-undo malicious
    changes in AD
  • Accelerate AD Incident Response
  • Minimize the AD Attack Surface

    Discover AD vulnerabilities and risky configurations in hybrid environments before attackers do. Get prioritized, action-oriented guidance from a community of AD security threat researchers. Reduce your AD attack surface and stay ahead of the ever-evolving threat landscape.

    Learn more
  • Detect advanced AD attacks

    Shine a spotlight on attackers moving laterally through your hybrid AD environment unchecked. Use multiple data sources, including the AD replication stream, to gain uninterrupted visibility into advanced AD attacks that bypass agent- or log-based detection. Close backdoors in AD.

    Learn more
  • Auto-undo malicious
    changes in AD

    Get hybrid AD security at scale with autonomous rollback of suspicious AD changes that are too risky to wait for human intervention. Create custom triggers and alerts for your security operations team. Prevent intruders and rogue admins from achieving their objectives.

    Learn more
  • Accelerate AD Incident Response

    Speed up AD attack forensic analysis. Translate unstructured AD and Azure AD change data into a human-readable format. Easily search, correlate, and undo AD changes at object and attribute levels. Drill down to any point in time to isolate compromised AD accounts and prevent future attacks.

    Learn more

Beef up your Active Directory security.

Hybrid Active Directory security is difficult given its constant flux, sheer number of settings, and the proliferation of powerful hacking and discovery tools. Semperis DSP puts AD and Azure AD security on autopilot with continuous AD threat monitoring, real-time alerts, and autonomous remediation capabilities. DSP empowers you to respond more effectively to AD security incidents as well as everyday operational mistakes.

Vulnerability Assessment

Continuously monitor for indicators of exposure that could result in AD security compromises. Leverage built-in threat intelligence from a community of security researchers.

Automated Remediation

Create audit notifications on changes to sensitive AD objects and attributes, with the option to automatically undo select changes.

Tamperproof Tracking

Capture changes even if security logging is turned off, logs are deleted, agents are disabled or stop working, or changes are injected directly into AD.

Instant Find and Fix

Use Semperis DSP’s online database to find and fix unwanted AD object and attribute changes in two minutes or less.

Granular Rollback

Revert changes to individual attributes, group members, objects, and containers—and to any point in time, not just to a previous backup.

Forensic Analysis

Identify suspicious changes, isolate changes made by compromised accounts, and more. Use DSP data to support Digital Forensics and Incident Response (DFIR) operations to track down the sources and details of incidents.

Add Sight to Your SIEM

Learn More


Leverage robust Role-Based Access Control (RBAC) and a rich web user interface to give administrators view and restore capabilities for their specific scope of control.

Powerful Reporting

Gain insight into the operational, best practice, compliance, and security aspects of your AD using built-in reports created by AD experts. Create custom reports based on sophisticated LDAP and DSP database queries.

Real-time Notifications

Be alerted through email notifications as real-time operational and security-related changes happen in AD.

PowerShell Support

Use the DSP PowerShell module to automate processes and integrate DSP operations and management into your existing toolset.

Uncover weaknesses in AD before attackers do.

Learn more

Track Azure AD Changes

Use near real-time change tracking in the DSP for Azure AD module to monitor changes to role assignments, group memberships, and user attributes.

Visualize Hybrid AD Security

With DSP for Azure AD, easily view changes that originated in Azure AD and use the hybrid view to correlate changes between on-prem AD and Azure AD.

Roll back Azure AD changes

Manually roll back Azure AD changes in users, groups, and roles, as well as restore user or group objects that remain in the Azure AD recycle bin.

Restore sight to your SIEM.

A growing number of AD attacks circumvent security auditing.

Unlike tracking tools that rely solely on security logs and agents on every domain controller, Semperis DSP monitors multiple data sources, including the Active Directory replication stream. The AD replication stream is the only reliable method of catching every change, no matter how attackers attempt to cover their tracks. Semperis DSP forwards suspicious AD changes to your SIEM system with meaningful context, drastically reducing the burden on security analysts. You can use pre-defined alerts for Microsoft Sentinel, Splunk, and other SIEM and SOAR tools, and build custom alerts for SecOps tools and ticketing systems such as ServiceNow.

Out-of-the-box SIEM Integrations

Azure Sentinel Logo
SolarWinds Logo
MicroFocus Logo
Splunk Logo
LogRhythm Logo
IBM Radar Logo
Alien Vault Logo
SumoLogic Logo
RSA NetWitness Logo
McAfee Logo
Semperis Enhances the Industry’s Most Comprehensive Hybrid Active Directory Security Platform with Continuous Security Validation
The ability to search and compare changes in real-time saves us critical downtime.
Rafi Dabush IT Manager at EL AL Airlines
Active Directory is the ‘Achilles’ heel’ for enterprise security programs. Semperis is offering a timely solution considering that AD has been at the center of many widespread and business-crippling attacks in recent years.
Christina Richmond Program Vice President, Security Services at IDC
Semperis is a mission-driven company uniquely positioned to not only help organizations prevent costly downtime, but also to curb the funding of evil. When organizations can say ‘no’ to blackmail and ransom demands, we’re all safer.
Edward Amoroso Founder and CEO at TAG Cyber
Battle Tested 54+ million IDENTITIES PROTECTED

Semperis delivers security and business wins.

  • Better by design

    Leverages multiple data sources and a powerful database to overcome the fundamental shortcomings of traditional event-based change tracking and backup-based granular restore.

  • Easy to deploy and operate

    Comprehensive hybrid AD monitoring, vulnerability assessment, and remediation in one console and from a holistic platform that scales to the largest environments.

  • Non-intrusive

    Specifically architected to “play well” with Active Directory and Azure Active Directory, using a unique approach to capture AD changes without compromising stability.

How can Semperis help me?

Malicious Actor

A malicious actor gains privileged access and disables native security logs. You discover the breach within 15 minutes and disable the hijacked account. You can’t see what was changed or potentially changed, so to be safe, you restore Active Directory from backup. As a result, you lose several hours or even a day’s worth of legitimate changes, and users are locked out until those changes are redone.

With Semperis DSP, you can see what was changed during those 15 minutes and immediately undo any suspicious changes, eliminating the downtime and rework associated with a backup restore.

Configuration hardening

You perform an annual risk assessment, looking for Active Directory vulnerabilities in hopes of stopping an attack. However, vulnerability assessment must be an ongoing, continuous process. AD is constantly changing and attackers fully understand how to exploit these vulnerabilities.

Semperis DSP continuously scans AD for risky configurations, identifying weak links in your AD deployment. Based on this assessment, Semperis DSP provides a prioritized list of vulnerabilities and trends, as well as suggested corrective actions to reduce your AD attack surface.

Unexpected change to critical group

A user is added to a critical application group by something other than your user provisioning account. Semperis DSP enables you to define notification rules to automatically undo unexpected changes to users, groups, computers, containers, and OUs.

Password changed by mistake

A service desk operator resets the wrong user’s password and changes the CEO’s password by mistake.

An operator with delegated restore permissions in Semperis DSP can immediately undo the password reset so that the CEO can keep their password (without needing to share it with the service desk) and doesn’t need to update their password on all the devices they use to access email, files, dashboards, and so on.

Scripting error

A script adds the wrong users to 100+ groups. With Semperis DSP, you can quickly isolate the mistaken additions and immediately undo them all with a few mouse clicks.

Accidental OU deletion

You delete an OU with 1,000 users across 10 sub-OUs. With Semperis DSP, you can restore an individual object or an entire hierarchy of 1,000+ objects with a single right-click operation.

Inadvertent DNS zone deletion

An administrator accidentally deletes a DNS zone, rendering an entire division non-functional. With Semperis DSP, you can undo changes to deleted or modified AD-integrated DNS zones as easily as changes to user and computer objects.

Misconfigured Group Policy Object

A newly deployed Group Policy Object (GPO) or a GPO that was tampered with by an attacker breaks all production servers. With Semperis DSP, you can track and compare changes and immediately roll back the GPO to the prior version.

Visibility into Active Directory and Azure Active Directory Changes

Tracking malicious changes in a hybrid identity system is challenging. Attackers often gain entry to the on-premises Active Directory, then move to Azure Active Directory (or vice versa) before dropping malware. Without a single view of changes across the environment, detecting adversaries is difficult.

Semperis DSP provides a unified dashboard that shows malicious changes in your on-prem AD and Azure AD so that you can close security gaps before attackers strike.

Time-sensitive Forensics

During an in-progress attack, you have no time to waste in finding and closing open security backdoors. Combing through log files is inefficient when attackers are on the move.

Semperis DSP provides powerful search functionality to accelerate forensics during and after an attack.

Mapping to MITRE ATT&CK, MITRE D3FEND, and ANSSI Frameworks

Established security frameworks can ensure good security hygiene but can be cumbersome to work with. DSP maps indicators of exposure and compromise to established MITRE ATT&CK, MITRE D3FEND, and French ANSSI frameworks.

Integration with SIEM, SOAR, and ticketing solutions

DSP provides pre-built alerts for security information and event management (SIEM) solutions Splunk and Microsoft Sentinel, and the ability to build custom alerts for security orchestration automation and response (SOAR) systems and ticketing systems such as ServiceNow.

Semperis Extends Breach Preparedness and Incident Response Services for Identity-Based Cyberattacks to Broader Customer Set

Semperis' Breach Preparedness & Response Services are designed to help customers combat the rapid increase of cyberattacks targeting Active Directory, the identity system used in 90% of organizations worldwide. From preparation to incident response, the services include AD security assessments and threat mitigation, AD disaster recovery planning workshops and fire drills, AD cyberattack recovery, and AD incident investigation and forensics. Organizations benefit from battle-tested AD cybersecurity experts and industry-leading tools, along with 24/7 global incident response support. 

Directory Services Protector

The industry’s most comprehensive Active Directory and Azure Active Directory threat detection and response platform.

DSP Essential

AD change tracking and rollback

DSP Advanced

Autonomous threat protection and response

DSP Intelligence

Security validation and breach protection

Tamperproof Tracking

Detect changes even if an attacker foils security logging

Granular Rollback

Revert changes to individual objects

Instant Find and Fix

Immediately roll back unwanted changes and deletions

RBAC Delegation

Enable delegation of routine administrative tasks

Built-in Reports

Generate operational, best-practice AD and Azure AD security reports

SAML Authentication

Facilitate Single Sign-On (SSO) and Multi-Factor Authentication (MFA) solutions

Real-Time Notifications

Send alert notifications as sensitive changes occur

Automated Remediation

Undo suspicious changes without user intervention

Security Dashboard

Surface alerts, trends, and indicators of compromise

Forensic Analysis

Quickly isolate changes made by a compromised account

Vulnerability Assessment

Proactively address vulnerabilities in your AD and Azure AD configuration

SIEM and SOAR Enrichment

Use pre-defined and custom alerting to connect with SIEM, SOAR, and ticketing solutions such as ServiceNow

Report Authoring Tool

Build customized report templates

Continuous Security Validation

Automate monitoring to combat security posture regression

Advanced Indicators of Exposure and Compromise

Conduct advanced AD and Azure AD security assessments

Azure AD Security Indicators

Track indicators of exposure or compromise in Azure AD

See connections between AD and Azure AD security

Show changes between on-prem AD and Azure AD (available in DSP for Azure AD module)

Industry Honors

We help our customers be heroes.

 2021 Global InfoSec Awards
2021 Globee® Business Awards
CyberSecurity Excellence Awards 2021
Unlock cyber resilience. Get a demo