As any organization that has suffered a cyberattack knows, identity recovery and incident response go hand in hand. Independent research has verified time and again that at least 90 percent of attacks involve the identity system in some way—and for virtually all organizations worldwide, that identity system is a hybrid on-premises and cloud environment—most likely Active Directory and Entra ID.
In our experience helping some of the largest global organizations recover from attacks, we’ve observed that even if the recovery team can efficiently restore the identity system, the chaos surrounding the incident management turns what could have been a 3-hour outage into a days-long, headline-generating disaster.
The great philosopher Mike Tyson once said, “Everyone has plans until they get hit for the first time.” (He may have been inspired by the Prussian military strategist Helmuth von Moltke the Elder, who said that “No plan of operations extends with any certainty beyond the first encounter with the main enemy forces.”)
An identity outage is the ultimate organizational punch in the mouth. From that moment, chaos reigns—the business is panicking, the pressure is on, and performance relies on the team’s ability to collaborate and innovate. And that ability relies on coordination and—perhaps most critically—communication.
What does it take to recover identity during a crisis?
During those 90% of cyber incidents that involve the identity system, response teams need to orchestrate the response, communicate with the team and stakeholders, recover the identity system, and conduct post-attack forensics—when all systems are down. Email, conferencing, file shares, contacts, operations, and sometimes even building access rely on identity systems. And without a means to coordinate response in an identity outage, you might as well throw in the towel.
Any identity recovery plan must answer:
- How do you coordinate the response team?
- How do you communicate with them?
- How do you ensure they have the resources they need?
- How do you give status updates to stakeholders—keeping execs, the board, and customers out of the team’s hair so they can get the work done?
- How do you ensure they are generating the audit trail you’ll need to satisfy regulators, auditors, and insurers later?
And how do you do it all while the business, the community it serves—and the identity team responsible for saving the day—are all having their worst day ever?
We believe that any identity recovery solution that doesn’t answer these questions is incomplete. That’s why we are bringing together our market-leading identity recovery solutions—Active Directory Forest Recovery (ADFR) and Disaster Recovery for Entra Tenant (DRET)—with our ground-breaking crisis management platform, Ready1. The new offering, Ready1 for Identity Crisis Management, gives organizations everything they need to streamline IR and recover the identity infrastructure, significantly speeding return to normal business operations.
And we are making it available at no additional cost for customers of ADFR and DRET.
Meet Ready1 for Identity Crisis Management
Here’s a short video we put together featuring the previously undiscovered acting talent among our own product managers and solutions architects. They demonstrate what happens during a real-life crisis that involves the identity system—and how Ready1 for Identity Crisis Management can help.
Here’s how the solution comes together:
- ADFR is Semperis’ flagship solution for fast, malware-free AD recovery, reducing downtime by 90%.
- DRET recovers critical Entra ID resources with flexible restore options and secure, customizable storage.
- Ready1—introduced in spring 2025—is a command-and-control crisis management platform that facilitates seamless crisis response through preparation, collaboration, and enterprise-wide communications.
Ready1 for Identity Crisis Management adds critical crisis response capabilities to ADFR and DRET—capabilities that are fully independent of the identity systems you are trying to recover. Ready1 for Identity Crisis Management includes identity-specific crisis management playbooks, out-of-band communications, crisis task management, team bridge capabilities, recovery and response training, and more to help organizations:
- Orchestrate response with a command-and-control console that streamlines team-building, incident analysis, and status reporting
- Communicate with the team using out-of-band communications during an identity outage
- Recover the identity system with fast, malware-free hybrid AD/Entra ID recovery to a known trusted environment
- Conduct post-attack forensics to remove persistence and close backdoors, preventing follow-on attacks
Ready1 for Crisis Management is available now to current Semperis ADFR and DRET customers
If you’re curious about how this solution works, reach out to our team to start the conversation.
The ability to quickly recover the identity system to a trusted environment is table stakes in a cyberattack. The ability to recover the identity system while effectively managing the surrounding chaos inherent to a cyberattack is what separates a well-managed incident from a full-blown disaster. We are delighted to leverage our deep experience responding to some of the largest identity attacks in the world by providing our customers with a complete, integrated identity crisis management solution.
More resources
