Directory Services Protector Solution for Azure Sentinel
DSP easily integrates with Microsoft Sentinel (formerly Azure Sentinel) with powerful parsing and presentation capabilities. See, understand, and act on previously invisible but critical security information such as indicators of exposure or compromise. DSP’s deep AD auditing and analysis gives you the visibility you need to detect and respond to in-progress threats. The Directory Services Protector Solution for Microsoft Sentinel is available for free from the Azure marketplace.
Virtually every cyberattack compromises Active Directory (AD) in some form, and the most sophisticated attacks—such as DCShadow attacks—bypass logs and occur beyond the scope of Microsoft Sentinel’s tracking and reporting capabilities. For AD-based attacks, the only unalterable data source is the AD replication stream, which is beyond Sentinel’s view. The AD replication stream is the only reliable method of catching every change (pre-attack and during an attack), no matter how attackers might attempt to cover their tracks.
But there is hope. Semperis Directory Services Protector (DSP) proactively monitors AD —including the elusive replication stream—looking for indicators of weakness. DSP discovers relevant indicators of exposure (IOEs) or indicator of compromises (IOCs), then parses that data and passes it to Microsoft Sentinel with meaningful context. The critical information rises to the top of the Sentinel’s data feed and cuts through the clutter, presenting relevant IOEs and IOCs in familiar Sentinel dashboards mapped to the security frameworks you rely on, including MITRE ATT&CK.
You can evaluate and mitigate these high-risk vulnerabilities as part of your holistic AD security program. Combining Microsoft Sentinel with Semperis DSP drastically reduces the burden on security analysts, dramatically improves visibility into malicious changes, and strengthens your cyber resilience.
“Great product for peace of mind when protecting your Active Directory.”
—Microsoft Systems Engineer, Infrastructure & Operations, $500M+ Services Company
See the full review on Gartner Peer Insights