Semperis Expands Active Directory Cyberattack Recovery Capabilities with Built-in Post-Attack Forensics and Fast OS Provisioning
February 2022 by Marc Jacob
Semperis announced innovations in its Active Directory Forest Recovery (ADFR) product that extend the company’s offerings to help organisations rapidly conduct post-attack forensics capabilities and recover Active Directory to a trusted, malware-free environment following a cyber disaster.
Expanding on Semperis’ mission of cyber-first Active Directory (AD) disaster recovery, the enhancements help organisations detect and remove backdoors and persistence that might remain in AD itself after a cyberattack and provide a new OS provisioning tool that speeds the AD recovery process. The new capabilities help cyberattack victims rapidly conduct reconnaissance efforts when every minute counts during post-attack incident response.
A cyber-first disaster recovery strategy is an essential part of broader business continuity planning. In a recent report, Gartner predicted that by 2025, at least 75% of IT organisations will face one or more attacks. To accelerate recovery from attacks, Gartner recommends adding a dedicated tool for backup and recovery of Microsoft Active Directory. The report concludes that “organisations without a useful backup system will be left with few options but to pay the ransom.”
The new ADFR capabilities address the increasingly frequent types of attacks in which the environment is penetrated weeks or months before the final malware payload is executed. ADFR’s post-recovery forensics allow incident response teams to identify changes made by adversaries within a defined attack window, speeding the investigation. ADFR helps organisations determine whether an attack was in progress when an environment backup was taken. Following an AD recovery, response teams can use ADFR’s post-recovery forensics to find and remediate vulnerabilities before bringing the recovered environment back into production.
The new OS provisioning tool in ADFR addresses the challenge of quickly building an isolated recovery environment, which is the first step in an AD forest recovery. Response teams can use the standalone PowerShell-based tool for setting up a test environment to validate a recovery plan and for conducting remediation efforts without tipping off malicious actors who might be lurking in the environment, ready to deploy additional malware.