Semperis intensifies efforts with Veritas on ransomware defence
Semperischas announced a new collaboration with Veritas Technologies. This development is designed to enhance measures against ransomware threats, focusing on preventing bad actors from accessing sensitive business data by utilising an advanced technique for attack-path analysis. This collaboration expands on the marriage of the Semperis Active Directory Forest Recovery (ADFR) and the Veritas NetBackup enterprises announced in 2023.
Through prioritising the monitoring and management of risky access to crucial organisational data stores, this innovative approach offers a substantial reduction in time spent cutting excessive privileges that could lead to data exfiltration and encryption by nefarious players. This, paired with the comprehensive cyber-first Active Directory (AD) backup and recovery solution offered by Semperis and Veritas, presents joint customers with an unparalleled level of identity system protection and resilience.
Semperis CEO Mickey Bresman explained the intricacies of a ransomware attack: "If the bad actor encrypts the backup and recovery system, the victim organisation is much more likely to pay the ransom, as the company finds itself in a position of very limited options. By helping our joint customers identify and close off attack paths leading to the organisational backup and recovery system, we can prevent data exfiltration and preserve the recovery option, removing one of the primary negotiating tactics threat actors have."
This deeper integration between the two enterprises addresses the critical need to identify and manage accounts posing a threat to sensitive corporate data storage environments. By reducing the attack surface and limiting the advantages of malicious actors, organisations are better equipped to spot and neutralise attacks promptly.
Matt Waxman, SVP, GM, Data Protection, Veritas, concurred, "Our approach to data security, Veritas 360 Defense, is designed with that in mind, enabling the integration of best-in-breed cyber resilience capabilities from organisations, such as Semperis, with our own. The extended integration between our two companies equips customers with more tools for hardening their environments and preventing mission-critical data from being compromised."
The enhanced solution integration relies on an API to access the Veritas data pool, offering a map showing which identities have access to privileged accounts. This gives cyber defenders the power to establish secure zones for privileged accounts, eliminate unnecessary privileges, and continuously monitor for risky configurations threatening security. The solution sends alerts and auto-remediates unauthorised changes when a malevolent party tries to join a privileged group with access to Veritas devices.
Darren Mar-Elia, Semperis VP of Products, reflected, "Many of our customers are astounded at the number and severity of previously unknown security vulnerabilities in their identity environments, particularly accounts that can open doors to highly privileged assets. Threat actors can exploit those vulnerabilities to move laterally throughout the identity system, escalating privileges until they're capable of a device or network takeover. At that point, the organisation's critical data—including customer data—is at stake, and the attackers have the upper hand."
The bolstered solution integration will be available to current joint customers. Veritas customers not currently using Semperis will have access to the attack path management tool powered by Forest Druid and can add alerting and rollback functionalities by deploying Semperis DSP.