Directory Services Protector.

The industry’s most comprehensive Active Directory threat detection and response platform. See it live

If Active Directory isn’t secure, nothing is.

As the gatekeeper to sensitive credentials and data, Microsoft Active Directory (AD) is the #1 new target for attackers. Semperis Directory Services Protector (DSP) is the first-of-its-kind to address the entire lifecycle of a directory attack – from monitoring pre-attack indicators of exposure to analyzing post-attack forensics, and everything in between – all integrated into a single console.

  • Stop attackers from gaining access to AD
  • Capture AD changes that bypass security logs
  • Automatically remediate malicious changes

Take back the keys to your kingdom.

Active Directory was not built to stand up against today’s threats. In our mobile-first, cloud-first world, any connected device can expose the heart of your IT infrastructure. In fact, you should assume that attackers are already lurking inside your network and just waiting for the opportune moment to strike. Defenders must anticipate their adversaries’ advances and be able to thwart attacks at every stage of the cyber kill chain. Meet Semperis DSP.

  • Minimize the Attack Surface
  • Detect advanced attacks
  • Automate
    remediation
  • Accelerate Incident Response
  • Minimize the Attack Surface

    Discover vulnerabilities and risky configurations in your AD before attackers do. Get prioritized, action-oriented guidance from a community of security threat researchers. Reduce your attack surface and stay ahead of the ever-evolving threat landscape.

    Learn more
  • Detect advanced attacks

    Shine a spotlight on attackers moving laterally through your network unchecked. Use multiple data sources, including the AD replication stream, to gain uninterrupted visibility into advanced attacks that bypass agent-based or log-based detection. Close backdoors for good.

    Learn more
  • Automate
    remediation

    Secure AD at scale with autonomous rollback of suspicious modifications that are too risky to wait for human intervention. Create custom triggers and alerts for critical system changes. Prevent intruders and rogue administrators from achieving their objectives.

    Learn more
  • Accelerate Incident Response

    Speed up forensic analysis and get to the source of the attack. Translate unstructured AD change data into a human-readable format. Easily search, correlate, and undo changes at object and attribute levels. Drill down to any point in time to isolate compromised accounts and prevent future attacks.

    Learn more

Be in the know and in control.

Active Directory is difficult to secure given its constant flux, sheer number of settings, and the proliferation of powerful hacking and discovery tools. Semperis DSP puts AD security on autopilot with continuous threat monitoring, real-time alerts, and autonomous remediation capabilities. Managing by exception allows you to respond more effectively to security incidents as well as everyday operational mistakes.

Vulnerability Assessment

Continuously monitor for “indicators of exposure” that could result in security compromises to your AD. Leverage built-in threat intelligence from a community of security researchers.

Automated Remediation

Create audit notifications on changes to sensitive AD objects and attributes with the option to automatically undo select changes.

Tamperproof Tracking

Capture changes even if security logging is turned off, logs are deleted, agents are disabled or stop working, or changes are injected directly into AD.

Instant Find and Fix

Use Semperis DSP’s online database to find and fix unwanted AD object and attribute changes in two minutes or less.

Granular Rollback

Revert changes to individual attributes, group members, objects, and containers – and to any point in time, not just to a previous backup.

Forensic Analysis

Identify suspicious changes, isolate changes made by compromised accounts, and more. Use DSP data to support Digital Forensics and Incident Response (DFIR) operations to track down the sources and details of incidents.

SIEM Enrichment

Eliminate blind spots in your security incident and event management (SIEM) system with out-of-the-box integration.

Delegation

Leverage robust Role-Based Access Control (RBAC) and a rich web user interface to give administrators view and restore capabilities for their specific scope of control.

Powerful Reporting

Gain insight into the operational, best practice, compliance, and security aspects of your AD using built-in reports created by AD experts. Create custom reports based on sophisticated LDAP and DSP database queries.

Real-time Notifications

Be alerted through email notifications as operational and security related changes happen in AD.

PowerShell Support

Use the DSP PowerShell module to automate processes and integrate DSP operations and management into existing toolset.

Uncover weaknesses in AD before attackers do.

Learn more

Restore sight to your SIEM.

A growing number of attacks circumvent security auditing.

Unlike tracking tools that solely rely on security logs and agents on every domain controller, Semperis DSP monitors multiple data sources including the AD replication stream. The AD replication stream is the only reliable method of catching every change no matter how an attacker might attempt to cover their tracks. Semperis DSP forwards suspicious changes to your SIEM system with meaningful context, drastically reducing the burden on security analysts.

Out-of-the-box SIEM Integrations

SolarWinds Logo
MicroFocus Logo
Splunk Logo
LogRhythm Logo
IBM Radar Logo
Alien Vault Logo
SumoLogic Logo
RSA NetWitness Logo
McAfee Logo
Azure Sentinel Logo
What can make your million-dollar SIEM go blind?
The ability to search and compare changes in real-time saves us critical downtime.
Rafi Dabush IT Manager at EL AL Airlines
Active Directory is the ‘Achilles’ heel’ for enterprise security programs. Semperis is offering a timely solution considering that AD has been at the center of many widespread and business-crippling attacks in recent years.
Christina Richmond Program Vice President, Security Services at IDC
Semperis is a mission-driven company uniquely positioned to not only help organizations prevent costly downtime, but also to curb the funding of evil. When organizations can say ‘no’ to blackmail and ransom demands, we’re all safer.
Edward Amoroso Founder and CEO at TAG Cyber
Battle Tested 41,348,928 IDENTITIES PROTECTED

Semperis delivers security and business wins.

  • Better by design

    Leverages multiple data sources and a powerful database to overcome the fundamental shortcomings of traditional event-based change tracking and backup-based granular restore.

  • Easy to deploy and operate

    Comprehensive monitoring, vulnerability assessment, and remediation in a single console and from a holistic platform that scales to the very largest AD environments.

  • Non-intrusive

    Specifically architected to “play well” with Active Directory. Uses a unique approach to capture changes without compromising AD stability.

How can Semperis help me?

Hacker

A hacker gains privileged access and disables native security logs. You discover the breach within 15 minutes and disable the hijacked account. You can’t see what was changed or potentially changed, so to be safe you restore Active Directory from backup. As a result, you lose several hours or even a day’s worth of legitimate changes, and users are locked out until those changes are redone.

With Semperis DSP, you can see what was changed during those 15 minutes and immediately undo any suspicious changes – eliminating the downtime and rework associated with a backup restore.

Configuration hardening

You perform an annual risk assessment looking for Active Directory vulnerabilities in hopes of stopping an attack. However, vulnerability assessment must be an ongoing, continuous process since AD is constantly changing and attackers fully understand how to exploit these vulnerabilities.

Semperis DSP continuously scans AD for risky configurations to identify weak links in your AD deployment. Based on this assessment, Semperis DSP provides a prioritized list of vulnerabilities and trends, as well as suggested corrective actions to reduce your AD attack surface.

Unexpected change to critical group

A user is added to a critical application group by something other than your user provisioning account. Semperis DSP allows you to define notification rules to automatically undo unexpected changes to users, groups, computers, containers, and OUs.

Password changed by mistake

A service desk operator resets the wrong user’s password and changes the CEO’s password by mistake.

An operator with delegated restore permissions in Semperis DSP can immediately undo the password reset so the CEO can keep their password (without having to share it with the service desk) and doesn’t have to update their password on all the devices they use to access email, files, dashboards, etc.

Scripting error

A script adds the wrong users to 100+ groups. With Semperis DSP, you can quickly isolate the mistaken additions and immediately undo them all with a few mouse clicks.

Accidental OU deletion

You delete an OU with 1,000 users across 10 sub-OUs. With Semperis DSP, you can restore an individual object or an entire hierarchy of 1,000+ objects with a single right-click operation.

Inadvertent DSN zone deletion

An administrator accidentally deletes a DNS zone, rendering an entire division non-functional. With Semperis DSP, you can undo changes to deleted or modified AD-integrated DNS zones as easily as user and computer objects.

Misconfigured Group Policy Object

A newly deployed Group Policy Object (GPO) or a GPO that was tampered with by an attacker breaks all production servers. With Semperis DSP you can track and compare changes and immediately roll back the GPO to the prior version.

Industry Honors

We help our customers be heroes.

Edison Gold Award 2020
SC Awards 2020
InfoSec 2020
InfoSecurity 2020
CyberSecurity Awards 2020
Unlock cyber resilience. Get a demo