Expanding the Sight of a SIEM

The most sophisticated AD-based attacks — such as DCShadow attacks — bypass logs and occur beyond the scope of what your SIEM is designed to track and report on.

Security Incident and Event Monitoring (SIEM) capabilities are core to your cyber resilience and security program. But what happens when a security event or incident occurs outside of the view of your SIEM? And how can you ensure that critical information doesn’t get missed in the flood of log data that the SIEM analyses every day?

When DCShadow was released, its creators warned that it could “make your million dollar SIEM go blind.”

SIEMs are blind to many AD-based attacks

But there is hope. Semperis Directory Services Protector (DSP) proactively monitors AD — including the elusive replication stream — looking for indicators of weakness. Once DSP discovers relevant indicators of exposure (IOEs) or indicator of compromises (IOCs) it parses that data and passes in on to your SIEM with meaningful context. The critical information rises to the top of the SIEM’s data feed and cuts through the clutter presenting relevant IOEs and IOCs in familiar SIEM dashboards mapped to the security frameworks you rely on, such as MITRE.

Now these areas of high risk can be evaluated and mitigated as part of your holistic security program but specifically for your most vulnerable and targeted system – AD. Combining your SIEM with Semperis DSP drastically reduces the burden on security analysts, dramatically improves your visibility, and moves your cyber resilience program to the next level.

Sentinel with more sight

Directory Services Protector Solution for Azure Sentinel

DSP easily integrates with Microsoft Sentinel (formerly Azure Sentinel) — or any SIEM for that matter — as illustrated by the powerful parsing and presentation capabilities available to users of both Sentinel and DSP. Previously invisible information is readily available, easily understood, and highly actionable through DSP’s auditing and analysis of the deepest levels or AD. The Directory Services Protector Solution for Azure Sentinel is available for free from the Azure marketplace.

Unlock cyber resilience. Request a Demo