Artificial Intelligence & Machine Learning
Identity & Access Management
Next-Generation Technologies & Secure Development
The AD Security Vendor Wants to Defend More Cloud Apps and Cloud Identity Providers
Semperis has closed a Series C funding round to expand geographically and enhance identity protection and threat mitigation with artificial intelligence and machine learning capabilities.
The Hoboken, New Jersey-based Active Directory security provider plans to use the more than $200 million to expand into safeguarding additional cloud applications and cloud identity providers, Semperis co-founder and CEO Mickey Bresman tells Information Security Media Group. The funding round was led by KKR, which Bresman praised for its Asia-Pacific footprint and experience helping later-stage companies.
“From our perspective, identity has become the new perimeter that allows you to go ahead and protect organizations,” Bresman says. “At a very high level, we are basically looking at everything as a connection between three things: identity, resource and access.”
Semperis was founded in 2015, employs 253 people and has now raised $240 million in seven rounds of outside funding, according to LinkedIn and Crunchbase. The company in May 2020 closed a $40 million Series B funding round led by private equity giant Insight Partners (see: Hacker Breached Florida City’s Water Treatment System).
Preventing Password Spray Attacks
The company plans to use artificial intelligence and machine learning to help organizations better detect password spraying attempts in on-premises environments as well as identify and protect critical Tier 0 applications, Bresman says. For instance, Semperis knows both what it looks like when an attacker uses password spraying to breach an organization as well as how to stop something like that from happening.
Going forward, Bresman says, Semperis plans to leverage its data scientists to come up with algorithms and train machines to be able to detect password spraying attacks without the manual intervention of people. The company expects to achieve big advancements before year’s end in how it embeds artificial intelligence and machine learning into its technology.
Semperis has for years offered protection around Microsoft Active Directory and Azure Active Directory since they account for roughly 90% of the directory services market, he says. The company started with safeguarding directory services since any adversary that gains control over an organization’s Active Directory now has the keys to the kingdom and can wreak lots of havoc, according to Bresman.
If Active Directory is secured and protected, Bresman says organizations should be able to go back and gain control over what’s happening following a ransomware attack without having to pay the ransom. Semperis wants to extend its capabilities to Okta since it’s the world’s third-largest directory provider and many customers run both Okta’s cloud directory and an on-premises version of Active Directory.
From Directories to Applications
Bresman says Semperis plans to get into protecting cloud applications since breaching a user account for an application such as Salesforce is a common way that adversaries gain access to a company’s IT environment. Semperis is looking to, for instance, provide customers with a better sense of what the breach of a Salesforce account would mean for the company’s cloud-based Oracle applications, he says.
“Those are the kinds of things that you can solve if you fully understand what is called identity mesh,” Bresman says. “You need to understand what a particular identity has in terms of different accounts in different environments, and how they all tie together into one single story.”
Semperis is frequently contacted when an adversary in inside an organization’s directory services and has control over the victim’s environment, Bresman says. Customers count on Semperis to remove the intruder from their environment and make sure the directory is fully secured and control is returned to the defenders, according to Bresman.
The company wants to ensure it is defending against new types of attacks and addressing the risk associated with people making unauthorized configuration changes before a threat actor is able to exploit a misconfiguration, he says. Semperis allows customers to undo configuration changes no matter how they were introduced into the Active Directory environment and easily revert back to a previous stage.
Semperis differentiates itself from peers by providing coverage for the entire attack kill chain, meaning it can address issues that arise before, during or after the attack. Most other companies that focus on securing directory services can only address one phase of the attack chain. Many prospects don’t have any tools in place and think they can manually recover from an Active Directory breach.
From a metrics standpoint, Bresman says Semperis wants to maintain its very high customer retention and mean time to response rates while increasing the number of customers the company is able to help.
“The desire to expand our offerings and cover additional sets of security use cases around Active Directory is basically why we need more funds,” Bresman says.