Expand SIEM Visibility

The most sophisticated AD-based attacks—including DCShadow attacks—bypass logs and occur beyond the scope of what your SIEM can track and report.

Security Incident and Event Monitoring (SIEM) capabilities are core to your cyber resilience and security program. But what happens when a security event or incident occurs outside of the view of your SIEM? And how can you ensure that critical information isn’t missed in the flood of log data that the SIEM analyses every day?

When DCShadow was released, its creators warned that it could “make your million dollar SIEM go blind.”

SIEMs are blind to many AD-based attacks

Semperis Directory Services Protector (DSP) proactively monitors Active Directory—including the elusive replication stream—looking for indicators of weakness. When DSP discovers relevant indicators of exposure (IOEs) or indicator of compromises (IOCs), the solution parses that data and passes it on to your SIEM with meaningful context. This critical information rises to the top of the SIEM’s data feed, cutting through the clutter and presenting relevant IOEs and IOCs in familiar SIEM dashboards, mapped to the security frameworks you rely on, such as MITRE.

Now, you can evaluate and mitigate areas of high risk to your most vulnerable and targeted system—Active Directory—as part of your holistic security program. Combining your SIEM with Semperis DSP drastically reduces the burden on security analysts, dramatically improves your visibility, and modernizes your cyber-resilience program.

Give Sentinel greater insight

Directory Services Protector solution for Microsoft Sentinel

DSP easily integrates with Microsoft Sentinel (formerly Azure Sentinel)—or any SIEM—providing powerful parsing and presentation capabilities to users of both Sentinel and DSP. Previously invisible information is readily available, easily understood, and highly actionable through DSP’s auditing and analysis of the deepest levels of Active Directory. The Directory Services Protector Solution for Azure Sentinel is available for free in the Microsoft Azure Marketplace.

Unlock cyber resilience. Request a Demo