White Papers

Five Eyes Alliance Identity Security Requirements: What Federal Agencies Need to Know

Five Eyes Alliance Identity Security Requirements: What Federal Agencies Need to Know

Cybersecurity agencies from the Five Eyes alliance, including the Cybersecurity Infrastructure and Security Agencies (CISA) and the National Security Agency (NSA), have urged organizations to strengthen security controls for Active Directory (AD), a prime target for cyber attackers. In “Detecting and Mitigating Active Directory Compromises,” the agencies highlighted more than…

Why Active Directory’s 25-Year Legacy Is a Security Issue

Why Active Directory’s 25-Year Legacy Is a Security Issue

  • Semperis
  • May 28, 2025

Active Directory, the central directory service and core of the on-prem identity infrastructure in Microsoft environments, recently turned 25 years old. The service's staying power is undeniable. Unfortunately, so is its status as a primary cyberattack target. Michael Novinson (Information Security Media) met with Semperis' CEO Mickey Bresman to talk…

Cyber-NADO: Preparing for the Storm — A Guide to Incident Response Tabletop Exercises

Cyber-NADO: Preparing for the Storm — A Guide to Incident Response Tabletop Exercises

Cyber threats strike like an unpredictable storm—fast, relentless, and destructive. Cyber-nado: Preparing for the storm is a practical guide designed to help organizations prepare for the chaos of a cyber incident through Incident Response Tabletop Exercises (TTX). This eBook walks security leaders, IT teams, and executives through the essentials of…

DORA and Your Identity Infrastructure

DORA and Your Identity Infrastructure

Understanding the implications of the Digital Operational Resilience Act (DORA) is crucial, both to meet regulatory demands and to safeguard your identity infrastructure. This white paper provides comprehensive insights into DORA's requirements and practical strategies to enhance your compliance—and your organization's resilience. What's inside: Emerging threat landscape: Explore the latest…

The Guide to the Microsoft Active Directory Forest Recovery Guide

The Guide to the Microsoft Active Directory Forest Recovery Guide

You know that Microsoft provides a 29-step guide to manual AD Forest recovery, but do you actually understand all that is involved?

How Active Directory Security Drives Operational Resilience

How Active Directory Security Drives Operational Resilience

  • Dec 09, 2024

As the primary identity service for 90% of organizations worldwide, “Active Directory is at the very core of your ability to operate and deliver business outcomes,” according to Simon Hodgkinson, former CISO at BP and Strategic Advisor for Semperis. “It needs to be part of your operational resilience strategy instead…

What Does ITDR Mean?

What Does ITDR Mean?

The acronym ITDR throws a lot of us for a loop because we immediately think of IT and disaster recovery, but it’s not that.

Improving Your Active Directory Security Posture: AdminSDHolder to the Rescue

Improving Your Active Directory Security Posture: AdminSDHolder to the Rescue

This paper emphasizes the significance of default read permissions in Active Directory (AD) security, which is often neglected. The AD forest is not just a security boundary, but it should also be regarded as the range of an intruder's access and security assessment of AD objects after gaining entry into…

Top 10 AD Threats

Top 10 AD Threats

Most Fortune 1000 companies use Active Directory or Azure AD—and AD is involved in ~90% of cyberattacks. Did you know that there are some relatively simple actions you can take that will significantly increase your chances of fighting off attackers and building your resilience? How can you protect your organization?…

Does Your Active Directory Disaster Recovery Plan Cover Cyberattacks?

Does Your Active Directory Disaster Recovery Plan Cover Cyberattacks?

The ability to recover your Active Directory (AD) environment entirely from backup is no longer a nice-to-have response to a highly unlikely event. Given the onslaught of cyberattacks that target AD, the ability to recover AD to a known-secure state following a cyber disaster is a requirement. In this whitepaper,…