AD Disaster Recovery and Security Posture

Foulston Siefkin LLP, the largest Kansas-based law firm, transitioned from a fully on-premises Active Directory (AD) environment to a hybrid AD/Entra ID cloud identity environment in 2018. While working through the process of securing the hybrid environment, the company reviewed its business continuity practices and looked for a solution that would help the firm meet its identity system recovery and security posture goals.

Implementing Semperis Active Directory Forest Recovery (ADFR) and Directory Services Protector (DSP) were key to the firm’s cyber resilience strategy, said Matt Spurlock, Foulston Siefkin CTO.

“We see increased phishing attacks,” he said. “Every day there’s billions of threats, and we’re just trying to find ways to circumvent that.”

“I’m just really glad ADFR is … there for us. … We have the right tools and the right partners and people that … if we ever had to recover [AD], we would be able to in a timely manner and meet those objectives for recovery times.
Matt Spurlock, CTO, Foulston Siefkin LLP

Spurlock knew that the identity system was a prime target for attackers, who could enter the system through an endpoint and move laterally to the identity system.

“If you’re down from a full-on ransomware attack, how are you going to recover from that?” he said. “Your domain controllers and AD are going to be first.”

Improved security posture and disaster recovery planning

Foulston Siefkin chose ADFR and DSP to help meet their security and recovery objectives, including:

Guard against industry-wide increases in phishing attacks and other compromises that start at the endpoint and move laterally to the identity system
Automate security posture reports to ensure the team can continuously assess and remediate vulnerabilities
Streamline AD disaster recovery testing to meet recovery time objectives

DSP has streamlined identifying and remediating identity system vulnerabilities as they arise, Spurlock said. He receives automated DSP security reports daily.

“It helps my team stay on top of keeping our environment clean,” he said. “I definitely feel good about where we’re at.”

ADFR is a core component of Foulston Siefkin’s systematic AD disaster recovery testing. Although they haven’t had a scenario in which they had to recover AD, having ADFR in place gives Spurlock confidence that they can recover quickly.

“I’m just really glad [ADFR] is … there for us,” he said. “I think we have the right tools and the right partners and people in place that, God forbid, if we ever had to recover from something like that, we would be able to in a timely manner and meet those objectives for recovery times. I can’t say enough about the product.”.

New Forrester TEI Report: Semperis Slashes Downtime by 90%, Saving Customers Millions

Semperis Extends ML-Based Attack Detection with Specialized Identity Risk Focus

Semperis Wins CRN’s Prestigious Partner Program Guide Three Consecutive Years

Semperis Study on Cyberattacks Against Water and Electricity Utilities Underscore the Vulnerability of Critical Infrastructure

Semperis Named to Inc. Magazine’s Annual List of Best Workplaces for Third Consecutive Year

Improving Disaster Recovery Planning and Security Posture at Legal Firm Foulston Siefkin

Improved security posture and disaster recovery planning

New Forrester TEI Report: Semperis Slashes Downtime by 90%, Saving Customers Millions

Semperis Extends ML-Based Attack Detection with Specialized Identity Risk Focus

Semperis Wins CRN’s Prestigious Partner Program Guide Three Consecutive Years

Semperis Study on Cyberattacks Against Water and Electricity Utilities Underscore the Vulnerability of Critical Infrastructure

Semperis Named to Inc. Magazine’s Annual List of Best Workplaces for Third Consecutive Year

Improving Disaster Recovery Planning and Security Posture at Legal Firm Foulston Siefkin

Improved security posture and disaster recovery planning

Sign Up for the Latest Semperis News