Expanding the Sight of a SIEM
Security Incident and Event Monitoring (SIEM) capabilities are core to your cyber resilience and security program. But what happens when a security event or incident occurs outside of the view of your SIEM? And how can you ensure that critical information doesn’t get missed in the flood of log data that the SIEM analyses every day?
When DCShadow was released, its creators warned that it could “make your million dollar SIEM go blind.”
SIEMs are blind to many AD-based attacks
But there is hope. Semperis Directory Services Protector (DSP) proactively monitors AD — including the elusive replication stream — looking for indicators of weakness. Once DSP discovers relevant indicators of exposure (IOEs) or indicator of compromises (IOCs) it parses that data and passes in on to your SIEM with meaningful context. The critical information rises to the top of the SIEM’s data feed and cuts through the clutter presenting relevant IOEs and IOCs in familiar SIEM dashboards mapped to the security frameworks you rely on, such as MITRE.
Now these areas of high risk can be evaluated and mitigated as part of your holistic security program but specifically for your most vulnerable and targeted system – AD. Combining your SIEM with Semperis DSP drastically reduces the burden on security analysts, dramatically improves your visibility, and moves your cyber resilience program to the next level.
Sentinel with more sight
Directory Services Protector Solution for Azure Sentinel
DSP easily integrates with Microsoft Sentinel (formerly Azure Sentinel) — or any SIEM for that matter — as illustrated by the powerful parsing and presentation capabilities available to users of both Sentinel and DSP. Previously invisible information is readily available, easily understood, and highly actionable through DSP’s auditing and analysis of the deepest levels or AD. The Directory Services Protector Solution for Azure Sentinel is available for free from the Azure marketplace.
Learn More
Unlock cyber resilience.
Request a Demo