New edition of the Active Directory security assessment tool helps cybersecurity service providers conduct critical post-breach forensics as part of incident response engagements

HOBOKEN, N.J.–(BUSINESS WIRE)–Semperis, a pioneer of identity-driven cyber resilience for enterprises, today announced the release of Purple Knight Post-Breach, a channel-only edition of its free Active Directory (AD) security assessment tool, to help service providers conduct attack mitigation and recovery for their customers following an identity-based cyberattack. The exploitation of identity systems—such as AD and Azure AD, used in more than 90% of businesses worldwide—is a primary method that attackers use to get unauthorized privileged access and infiltrate target networks.

Today’s news expands on the community edition of Purple Knight, which has been downloaded by more than 5,000 users since its initial release in March 2021. Purple Knight Post-Breach enables partners to specify an attack window to accelerate attack mitigation, ensure a malware-free recovery, and close security gaps to prevent follow-on attacks.

“In the aftermath of a cyber disaster, finding the source of the attack is a tedious undertaking that requires sifting through masses of data—all while adversaries could be preparing a follow-on assault,” said Dave Evans, VP of Global Channels and Alliances at Semperis. “Purple Knight Post-Breach speeds the post-attack forensics process for our partners so they can help customers mitigate damage and fully recover from AD-related attacks.”

When an organization’s AD environment is breached, every minute counts in stopping the in-progress attack and recovering the AD to a known-secure state. With Purple Knight Post-Breach, organizations can determine whether an attack was in progress when the latest AD backup was taken. During the recovery period following an AD-related attack, Purple Knight Post-Breach helps security and incident response teams find and remediate any additional vulnerabilities before bringing the recovered environment back into production.

“The faster we can accurately assess the current intrusion, the faster we can eradicate the threat and restore system access,” said Marty Momdjian, Healthcare Solutions Advisor at Sirius Healthcare. “What would take us hours or sometimes days, Purple Knight Post-Breach can do in minutes, giving us another crucial tool in our incident response toolbelt.”

Semperis partners with some of the world’s largest cybersecurity service providers to conduct incident response for organizations that have experienced AD-related cyberattacks. In a recent example, Semperis partnered with one of the top five global consulting companies to help a multinational insurance provider recover AD after a cyber disaster. The team used Purple Knight Post-Breach to scan the customer’s environment for open vulnerabilities, saving hours of downtime. Semperis also launched a ransomware task force for healthcare providers, in partnership with Sirius Healthcare, to improve the cybersecurity posture and resiliency of hospitals, pharmaceutical manufacturers, and insurers. By accelerating AD attack forensics, Purple Knight Post-Breach empowers cybersecurity service providers to help customers minimize downtime following an AD breach and quickly recover business operations to a known-secure state.

For more information, see the Purple Knight Post-Breach for Partner overview or contact

About Semperis

For security teams charged with defending hybrid and multi-cloud environments, Semperis ensures the integrity and availability of critical enterprise directory services at every step in the cyber kill chain and cuts recovery time by 90%. Purpose-built for securing hybrid Active Directory environments, Semperis’ patented technology protects over 50 million identities from cyberattacks, data breaches, and operational errors. The world’s leading organizations trust Semperis to spot directory vulnerabilities, intercept cyberattacks in progress, and quickly recover from ransomware and other data integrity emergencies. Semperis is headquartered in Hoboken, New Jersey, and operates internationally, with its research and development team distributed throughout the United States, Canada, and Israel.

Semperis hosts the award-winning Hybrid Identity Protection conference and podcast series ( and built the free Active Directory security assessment tool, Purple Knight ( The company has received the highest level of industry accolades, recently named to Inc. Magazine’s list of best workplaces for 2022 and ranked the fastest-growing cybersecurity company in America by the Financial Times. Semperis is a Microsoft Enterprise Cloud Alliance and Co-Sell partner.



Ashley Crutchfield
fama PR for Semperis