Compliance with the EU’s NIS2 directive requires a focus on securing identity systems, which have become a key battleground for cyber defenders and attackers.
Saudi Arabia’s ECC-2 controls provide comprehensive, standards-driven cybersecurity practices for public and private organizations. Much of their guidance applies particularly to identity systems—the source of access and authentication across most critical business systems.
Cybersecurity agencies from the Five Eyes alliance, including the Cybersecurity Infrastructure and Security Agencies (CISA) and the National Security Agency (NSA), have urged organizations to strengthen security controls for Active Directory (AD), a prime target for cyber attackers. In “Detecting and Mitigating Active Directory Compromises,” the agencies highlighted more than…
Active Directory, the central directory service and core of the on-prem identity infrastructure in Microsoft environments, recently turned 25 years old. The service's staying power is undeniable. Unfortunately, so is its status as a primary cyberattack target. Michael Novinson (Information Security Media) met with Semperis' CEO Mickey Bresman to talk…
Cyber threats strike like an unpredictable storm—fast, relentless, and destructive. Cyber-nado: Preparing for the storm is a practical guide designed to help organizations prepare for the chaos of a cyber incident through Incident Response Tabletop Exercises (TTX). This eBook walks security leaders, IT teams, and executives through the essentials of…
Understanding the implications of the Digital Operational Resilience Act (DORA) is crucial, both to meet regulatory demands and to safeguard your identity infrastructure. This white paper provides comprehensive insights into DORA's requirements and practical strategies to enhance your compliance—and your organization's resilience. What's inside: Emerging threat landscape: Explore the latest…
You know that Microsoft provides a 29-step guide to manual AD Forest recovery, but do you actually understand all that is involved?
As the primary identity service for 90% of organizations worldwide, “Active Directory is at the very core of your ability to operate and deliver business outcomes,” according to Simon Hodgkinson, former CISO at BP and Strategic Advisor for Semperis. “It needs to be part of your operational resilience strategy instead…
The acronym ITDR throws a lot of us for a loop because we immediately think of IT and disaster recovery, but it’s not that.
This paper emphasizes the significance of default read permissions in Active Directory (AD) security, which is often neglected. The AD forest is not just a security boundary, but it should also be regarded as the range of an intruder's access and security assessment of AD objects after gaining entry into…