Identity Runtime Protection (IRP), the first offering in the Semperis Lightning™ platform, merges deep machine learning with unmatched identity security expertise to detect and stop the most successful attack techniques

HOBOKEN, N.J. – Semperis, a pioneer in identity-driven cyber resilience, today announced the release of Lightning Identity Runtime Protection (IRP), a new identity threat detection and response (ITDR) offering that uses machine learning models developed by identity security experts to detect widespread and successful attack patterns such as password spray, credential stuffing, other brute force attacks, and risky anomalies. The first offering in the Semperis Lightning platform, IRP brings critical identity context to attack pattern and anomaly detection, helping organizations spot and quickly respond to high-risk events.

Lightning IRP addresses a persistent problem for cyber defenders: Known identity attack patterns like password spraying continue to be extremely successful because of the difficulty in detecting and responding to the sheer signal volume and noise.

Using trained algorithms based on Semperis’ real-world experience responding to identity attacks in the wild and supporting the world’s largest enterprises and government agencies, Lightning IRP detects sophisticated identity attacks that traditional ML solutions miss. Lightning IRP focuses defenders on the most critical identity attack alerts and reduces noise by layering in an identity-risk fabric that draws insights from multiple sources:

  1. Directory change tracking data across hybrid Active Directory and Entra ID environments
  2. Hundreds of security indicators of exposure and compromise, regularly updated by Semperis’ identity threat research team
  3. Tier 0 attack path analysis to map out risky relationships to privileged groups with access to sensitive data

“Detecting an anomaly is relatively easy,” said Semperis CEO Mickey Bresman. “Putting it into context is where the challenge is. We’ve combined deep machine learning expertise with our first-hand knowledge of how real-life identity system attacks work to provide meaningful context that helps organizations isolate and address high-risk threats.”

“IRP uses a growing threat library of exposures, compromises, and attack patterns in parallel with a continuous stream of identity security data to significantly accelerate an effective response to identity system threats,” said Semperis Chief Scientist Dr. Igor Baikalov, who before joining Semperis led the development of security intelligence and risk analytics solutions at Bank of America.

“Identity Runtime Protection focuses on several use cases, including anomalous logons and service ticket anomalies, that have been problematic for years because they are hard to detect and respond to at scale,” said Dr. Baikalov.

Lightning IRP captures, analyzes, and correlates authentication activities with Semperis’ identity threat intelligence to detect known attack patterns and signal malicious behavior, including:

  • Password spray attacks: Monitors logon attempts to detect patterns indicative of a password spray attack.
  • Brute force attacks: Monitors repeated and rapid logon attempts against a single user to detect potential brute force attacks.
  • Anomalous logons: Looks for user logon anomalies that indicate an anomalous AD logon
  • Anomalous resource access: Monitors a user’s activity and any interaction with services that indicate an attack on AD services.
  • Service ticket anomalies: Looks for suspicious service ticket requirements that indicate a Kerberoasting attack on AD.

“Lightning IRP builds on our current offerings of pre-attack scanning for indicators of exposure and compromise and our ability to see changes happening across on-premises Active Directory and Entra ID,” said Semperis VP of Products Darren Mar-Elia. “We’re extending our live attack pattern detection capabilities, changing the way the industry applies machine learning to detect cyberattacks.”

For more information about Lightning IRP and to request a demo, visit  https://www.semperis.com/blog/ml-powered-attack-pattern-detection.

About Semperis

For security teams charged with defending hybrid and multi-cloud environments, Semperis ensures the integrity and availability of critical enterprise directory services at every step in the cyber kill chain and cuts recovery time by 90%. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis’ patented technology protects over 100 million identities from cyberattacks, data breaches, and operational errors. The world’s leading organizations trust Semperis to spot directory vulnerabilities, intercept cyberattacks in progress, and quickly recover from ransomware and other data integrity emergencies. Semperis is headquartered in Hoboken, New Jersey, and operates internationally, with its research and development team distributed throughout the United States, Canada, and Israel.

Semperis hosts the award-winning Hybrid Identity Protection conference and podcast series (www.hipconf.com) and built the community hybrid Active Directory cyber defender tools, Purple Knight (www.purple-knight.com) and Forest Druid. The company has received the highest level of industry accolades, recently named to Inc. Magazine’s list of best workplaces for 2023 and ranked the fastest-growing cybersecurity company in America by the Financial Times. Semperis is a Microsoft Enterprise Cloud Alliance and Co-Sell partner and is a member of the Microsoft Intelligent Security Association (MISA).

Learn more: https://www.semperis.com 

Follow us: Blog / LinkedIn / X / Facebook / YouTube

Media Contact:

Bill Keeler

Senior Director, PR & Comms

billk@semperis.com