The Dürr Group is one of the world’s leading mechanical and plant engineering firms, with deep expertise in automation, digitalization, and energy efficiency and a presence across 124 business locations in 32 countries. For an organization with that kind of scale and complexity, maintaining visibility across identity systems is not just an IT priority. It is a business requirement.
That reality came into sharper focus for Jan Skowron, Application Specialist for Active Directory at the Dürr Group, after a breach at one of the company’s subsidiaries. As the team supported recovery efforts, one issue stood out: the environment had already been fully compromised, and the lack of monitoring meant the extent of that compromise had gone unnoticed.
The Group already had SIEM-based monitoring in place. But when it came to tracking changes and conducting meaningful forensics, the team realized they needed more than log analysis alone. They needed a clearer picture of what was happening across both Active Directory and Entra ID—without the blind spots that can emerge when connectors fail or critical data is missed.
“We already had monitoring in place via a SIEM. However, we decided we wanted more because the SIEM had detected the incident but—especially when it comes to tracking changes or doing forensics—Semperis helps us significantly more.”
Jan Skowron, Application Specialist for Active Directory, the Dürr Group
Advancing hybrid identity security
When it came to selecting an identity threat detection and response solution, the need for enhanced visibility shaped the evaluation process. After narrowing the field to solutions from two vendors: Semperis and Quest. The Dürr Group chose Semperis based on factors that were both practical and strategic: Semperis offered more advanced capabilities, and it enabled the team to monitor AD and Entra ID without managing separate environments.
Today, that decision is paying off in day-to-day operations. With Semperis Directory Services Protector (DSP), the Dürr Group has a comprehensive view of changes in the environment. Even when a domain controller does not log an event properly, the team can still see that change through replication data. What was once a black box is now far easier to investigate.
“Semperis, particularly DSP, works with the replication logs, which was not necessarily the case before. If the Splunk connector failed to deliver some data, it was simply a black box and we had no idea what happened during that time. That is definitely no longer the case.”
Jan Skowron
That added visibility is especially valuable in hybrid identity security, where gaps in monitoring can create risk long before anyone realizes it.
The Group also sees benefits from Semperis’ community security assessment tool, Purple Knight. In penetration tests, vulnerabilities that might otherwise be exploited are typically already visible in advance through Purple Knight reporting.
Expert support matters in hybrid identity environments
Just as important, the Dürr Group has confidence in the support behind the technology. After an incident at another subsidiary already using Semperis, Jan saw firsthand how quickly and clearly the Semperis team responded.
“The colleague supporting us was highly qualified, explained everything clearly, and resolved the issue in a very short time. I would feel very confident that if we were to experience a breach now, Semperis would provide strong support. The collaboration so far has been exemplary, and that’s why we can confidently recommend you.”
Jan Skowron
For the Dürr Group, that experience reinforced something essential: stronger visibility matters most when it helps teams act faster, respond with confidence, and move forward with greater resilience.
Learn more about identity security posture management in our blog.
Ready to secure your hybrid identity infrastructure? Schedule a personalized demo.
Watch: Advanced Visibility into Hybrid Identity Security
