News
Semperis Extends ML-Based Attack Detection with Specialised Identity Risk Focus
April 2024 by Patrick LEBRETON
Identity Runtime Protection (IRP), the first offering in the Semperis Lightning™ platform, merges deep machine learning with unmatched identity security expertise to detect and stop the most successful attack techniques
Semperis announce the release of Lightning Identity Runtime Protection (IRP), a new identity threat detection and response (ITDR) offering that uses machine learning models developed by identity security experts to detect widespread and successful attack patterns such as password spray, credential stuffing, other brute force attacks, and risky anomalies. The first offering in the Semperis Lightning™ platform, IRP brings critical identity context to attack pattern and anomaly detection, helping organisations spot and quickly respond to high-risk events.
Lightning IRP addresses a persistent problem for cyber defenders: Known identity attack patterns like password spraying continue to be extremely successful because of the difficulty in detecting and responding to the sheer signal volume and noise.
Using trained algorithms based on Semperis’ real-world experience responding to identity attacks in the wild and supporting the world’s largest enterprises and government agencies, Lightning IRP detects sophisticated identity attacks that traditional ML solutions miss. Lightning IRP focuses defenders on the most critical identity attack alerts and reduces noise by layering in an identity-risk fabric that draws insights from multiple sources, including:
– Directory change tracking data across hybrid Active Directory and Entra ID environments.
– Hundreds of security indicators of exposure and compromise, regularly updated by Semperis’ identity threat research team.
– Tier 0 attack path analysis to map out risky relationships to privileged groups with access to sensitive data.
Lightning IRP captures, analyses, and correlates authentication activities with Semperis’ identity threat intelligence to detect known attack patterns or signal malicious behaviour, including:
– Password spray attacks: Monitors logon attempts to detect patterns indicative of a password spray attack.
– Brute force attacks: Monitors repeated and rapid logon attempts against a single user to detect potential brute force attacks.
– Anomalous logons: Looks for user logon anomalies that indicate an anomalous logon attack on AD.
– Anomalous resource access: Monitors a user’s activity and any interaction with services that indicate an attack on AD services.
– Service ticket anomalies: Looks for suspicious service ticket requirements that indicate a Kerberoasting attack on AD.
