Semperis Frequently Asked Questions (FAQ)

Get answers to frequently asked questions about Semperis, hybrid Active Directory (AD) security and AD modernization, identity threat detection and response (ITDR), and more. .

About Semperis

What is Semperis?

For hybrid and multi-cloud environments, Semperis ensures the integrity and availability of critical Active Directory (AD) and Azure AD services at every step in the cyber kill chain. The world’s leading organizations (representing more than 100 million identities) trust Semperis to protect their identity infrastructure from cyberattacks, data breaches, and operational errors. Purpose-built for hybrid AD security, Semperis’ Gartner-recognized, patented identity threat detection and response (ITDR) technology cuts ransomware recovery time by 90 percent.

Learn more about Semperis.

What is Semperis’ mission?

Our mission is to empower organizations to make the right decisions about their cybersecurity strategy without putting themselves at risk of operational disruption, loss of revenue, or complete shut-down. Being able to say “no” to ransom and blackmail demands make us all safer.

Where does Semperis operate?

Semperis is headquartered in New Jersey and operates internationally. Our research and development teams are distributed between San Francisco and Tel Aviv. Other teams are located throughout North America, Europe and the UK, the Middle East, Australia and New Zealand, and Asia.

Learn how to contact us.

How big is Semperis?

Named to the Deloitte Technology Fast 500 for three consecutive years as one of the fastest-growing companies in North America and recognized by Inc. 5000 as one of the Top 5 fastest growing cybersecurity companies, Semperis has 350+ employees as of January 2023.

The expertise of our identity security experts is unmatched in the industry, with 100+ combined years of Microsoft MVP awards, focused cybersecurity penetration testing experience, and years of incident response experience in Active Directory (AD) attack scenarios.

The Semperis threat research team also built and manages Purple Knight, a free cybersecurity assessment tool downloaded by 10,000+ users, and Forest Druid, a first-of-its-kind Tier 0 attack path discovery tool.

Who are Semperis’ customers?

Semperis serves government and Fortune 2000 enterprises, including the largest and most complex identity environments in the world. Semperis protects more than 50 million identities across every vertical market, including top-10 companies in transportation, financial services, manufacturing, technology, IT outsourcing, healthcare, pharmaceutical, insurance, retail, and government.

Thousands of customers worldwide—including the top big-box retailer, two of the top three global consulting services, and the five largest healthcare companies—rely on Semperis solutions.

Why should we choose Semperis?

Semperis is the only provider of solutions purpose-built by identity security experts for Active Directory (AD) security—the #1 infrastructure attack vector in 90 percent of breaches—before, during, and after an attack.

Leading analyst firms (notably, Gartner) have called out the need for AD security solutions to address the increasing attacks on identity systems. Semperis solutions and services are developed and delivered by AD experts with extensive experience in uncovering and addressing AD attack tactics, techniques, and procedures (TTPs). Semperis solutions and services have evolved from our years of experience with Microsoft technologies.

What recognition has Semperis received?

Semperis is recognized by leading analyst firms, including Gartner, for Identity Threat Response and Detection (ITDR) and Active Directory (AD) backup and recovery, as winner of Frost & Sullivan’s 2022 Competitive Strategy Leadership Award for Global Active Directory Security and Recovery Industry Excellence, and 451 Research (S&P Global).

Gartner has called out Semperis as a leading vendor of ITDR solutions, which the analyst firm included in its Top Trends for Cybersecurity in 2022:

  • “Tools from vendors such as … Semperis … offer a more complete backup and recovery platform for Active Directory than those found in the Active Directory backup modules included in most enterprise backup software.”
  • “Organizations should evaluate Active Directory threat detection and response tools for use with enterprise AD and cloud AD implementations … Example vendors include … Semperis.”


Semperis has a 5-star review on Gartner Peer Insights and is a consistent winner for quality, innovation, and market momentum in competitive cybersecurity. See a full list of our awards and recognitions.

Is Semperis Microsoft Certified?

Semperis Active Directory Forest Recovery (ADFR) is available through the Microsoft Commercial Marketplace, enabling customers to find, buy, and deploy partner solutions they can trust, all certified and optimized to run on Azure.

Semperis is a member of the Microsoft Intelligent Security Association (MISA), an alumnus of the Microsoft Accelerator program, and is Microsoft Co-Sell Ready, which enables us to deliver Active Directory (AD) security and recovery solutions to organizations through the Microsoft partner network.

In addition, Semperis is a technology partner in the Google Cloud Partner Advantage Program, which helps Google Cloud customers protect their AD infrastructure from ransomware and cyberattacks. As a Google Cloud partner, Semperis offers customers cyber-first AD recovery and threat protection to eliminate costly service outages and data breaches.

About Semperis products and services

What is Purple Knight?

Purple Knight is a free Active Directory (AD) and Azure AD security assessment tool used by thousands of organizations to quickly identify vulnerabilities in hybrid AD environments and receive prioritized, expert remediation guidance.

For answers to frequently asked questions about Purple Knight, see Purple Knight Frequently Asked Questions.

What is Forest Druid?

Forest Druid is a Tier 0 attack path management tool—natively compatible with Active Directory—that helps defensive teams identify the true Tier 0 perimeter and quickly prioritize high-risk misconfigurations that could lead to an attack.

For answers to frequently asked questions about Forest Druid, see Forest Druid Frequently Asked Questions.

What is Directory Services Protector (DSP)?

Directory Services Protector (DSP) is a Gartner-recognized identity threat detection and response (ITDR) solution. DSP puts hybrid Active Directory (AD) security on autopilot with continuous monitoring and unparalleled visibility across on-premises AD and Azure AD environments, tamperproof tracking, and automatic rollback of malicious changes.

For answers to frequently asked questions about DSP, see DSP Frequently Asked Questions.

What is Active Directory Forest Recovery (ADFR)?

Active Directory Forest Recovery (ADFR) is the only Active Directory (AD) backup and recovery solution purpose-built for recovering AD from cyber disasters. ADFR fully automates the AD forest recovery process, reducing downtime, eliminating risk of malware reinfection, and enabling post-breach forensics.

For answers to frequently asked questions about ADFR, see ADFR Frequently Asked Questions.

What is Semperis Breach Preparedness & Response Services?

Semperis Breach Preparedness & Response Services combine insights from battle-tested identity security and incident response experts with industry-leading solutions for protecting organizations’ hybrid Active Directory before, during, and after a cyberattack. For more information, contact us at

What is Hybrid Identity Protection (HIP)?

The Hybrid Identity Protection (HIP) event series and podcast, sponsored by Semperis, provide expert insights for IT and InfoSec professionals who defend hybrid, multicloud environments from emerging threats.

About ITDR and hybrid AD security

What is ITDR?

Gartner created the Identity Threat Detection and Response (ITDR) category to describe solutions that protect identity systems such as Active Directory (AD) and Azure AD, which provide authentication and access to applications and services. For a comprehensive explanation of ITDR, ITDR solutions, why ITDR is important, and more, see “How to Evaluate Identity Threat Detection & Response (ITDR) Solutions”.

What is an AD security and AD recovery solution and why do we need one?

An Active Directory (AD) security and AD recovery solution is a cybersecurity solution that is designed specifically to assess, monitor, protect, back up, and recover AD, Azure AD, or both.

Cyberattacks that target Active Directory as an entry point are on the rise: 9 out of 10 attacks involve AD in some way, according to Mandiant researchers. Failure to protect AD from malicious intrusion puts your company’s viability at risk. Consider what would it cost your business to be offline for a day, or several days, or weeks?

Semperis was the first to market with an automated, malware-free AD recovery solution and is the only company that helps organizations prevent, mitigate, and recover from AD cyberattacks—reducing the risk of a cyber disaster bringing your business to a halt while you race to restore access to your information systems.

Are AD cyberattacks more frequent or severe than Azure AD cyberattacks?

Generally, Active Directory (AD) is an easier target for attackers because of legacy environments with misconfigurations that have crept in over time. The on-premises nature of AD also makes it more susceptible to significant damage than Azure AD. AD typically offers more privilege escalation paths than Azure AD does. However, in hybrid environments, cyberattackers can and do use AD to breach Azure AD, and vice versa.

How long can ransomware lie dormant?

Ransomware can lie dormant for months before being activated. Attackers typically begin by finding an entry point into your environment, then begin moving laterally to gain elevated privileges with the intent of accessing Active Directory (AD) or Azure AD. Attackers then plant ransomware or malware and wait to activate it. By the time a full attack is launched, malicious code has often infected backups, creating the risk of reinfection after a bare-metal or system state recovery.

Why is a layered security strategy and defense in depth important in protecting AD from cyberattacks?

In response to today’s evolving threat landscape, many security experts advise a layered security approach. Organizations that implement effective strategies and tools to prevent, detect, and respond to cyberattacks are well positioned to survive ransomware and malware attacks.

While preventing AD attacks is ideal, the fact is that many attacks on Active Directory (AD) succeed. In a survey report from Enterprise Management Associates, 50% of organizations reported an AD attack within the past 1-2 years, and 40% of those attacks were successful. Gartner analyst Nik Simpson said in a report about protecting backup systems from ransomware attacks that “ … attackers are penetrating critical systems such as backup and Active Directory, dropping malware on any server they breach. …. Organizations without a useful backup system will be left with few options but to pay the ransom.”

Deploying defense in depth—applying multiple types of protection at multiple points of the environment—provides additional protection. Protecting endpoints and other entry points into your environment is an important step in any effective cybersecurity plan. But increasingly savvy attackers continue to find new ways to sidestep such efforts.

Attackers who gain access to Active Directory (AD) and Azure AD hold the keys to your kingdom, so solutions built specifically to protect and quickly recover AD are vital.

Why isn’t system state recovery or bare-metal recovery a good AD recovery option?

Rootkits, ransomware, and other malware can and often does infect backups, introducing the risk of reinfection during bare-metal or system state recovery. Because malware often lies dormant for months, finding a clean backup can be difficult, resulting in large data losses and prolonging the recovery process—and the damage to your organization. Therefore, it’s important to implement solutions that ensure a clean, malware-free, and fast Active Directory (AD) recovery.

How much does ITDR and AD security cost?

Although pricing varies according to the needs of your organization, several factors determine the ROI of identity threat detection and response (ITDR) and Active Directory (AD) security solutions:

  • Initial investment. Is license count based on users or user objects? How many products do you need to purchase to provide effective AD security before, during, and after an attack? Does the purchase price include incident response services or other support?
  • Ongoing deployment and maintenance. How easy is the solution to deploy, maintain, and use? Do you need to develop your own scripts? Do you need to manually update configuration information? Does the solution integrate with other cybersecurity and digital solutions? How scalable is the solution?
  • Disaster- or cyberattack-related downtime and associated costs, including fines and reputational damage. Does the solution reduce AD recovery time? Does it automate recovery steps to simplify and speed the process? Does the vendor offer incident response support?