Recognizing the critical importance of operational resilience, the IT team at American Airlines sought a solution to protect their Active Directory (AD) environment and ensure uninterrupted business performance in case of an attack that targeted the identity system.
“Resilience is very high on our agenda,” said Jonathan Elledge, Senior IAM Engineer at American Airlines. “We have to monitor our applications and services, automate recovery wherever possible, and catch problems before clients or end users even notice.”
Traditional backup solutions had pitfalls—particularly if the backup services themselves were affected—so Elledge said the team turned to Semperis Active Directory Forest Recovery (ADFR) to close those gaps.
With ADFR, I can just hit a button and it goes. If I were using standard Windows backup and restore, there would be so much to do manually. ADFR makes recovery easy and reliable.
Jonathan Elledge, Senior Engineer, Identity & Access Management, American Airlines
He also noted a major improvement in security monitoring with Semperis Directory Services Protector (DSP).
“Instead of running manual scans or relying on separate tools, I set up all my exposure indicators in DSP,” Elledge said. “But even more important are the notification rules. If someone gains access to a sensitive group, I get paged immediately—even in the middle of the night. DSP will roll that person right back out before they can do harm.”
This proactive approach allows Elledge and the SOC team to respond within minutes, often before attackers can entrench themselves.
“It’s all about speed,” he said. “If you don’t catch an incident early, you risk persistent threats lurking for months—by then, it’s too late. With Semperis, we can catch and contain issues fast, which is now a business requirement for us.”
Ensuring business resilience with comprehensive identity protection
American Airlines uses Directory Services Protector and Active Directory Forest Recovery to:
- Receive real-time alerts on unwanted changes to Active Directory or Entra ID
- Ensure the ability to meet AD recovery time objectives (RTOs)
- Accelerate response to incidents