Purple Knight Post-Breach: Malware-Free Active Directory Recovery and Prevention of subsequent Attacks
Semperis, a pioneer in identity-driven cyber resilience for enterprises, today announced the release of Purple Knight Post-Breach. This is a channel-only edition of the free AD security assessment tool (Active Directory), which helps service providers defend against attacks and restore their customers after an AD-related cyber disaster. The exploitation of identity systems such as AD and Azure AD, which are used in more than 90% of companies worldwide, is one of the most common methods used by attackers to gain privileged access and penetrate target networks.
The new version of the security assessment tool for Active Directory helps cybersecurity service providers conduct important post-breach investigations as part of incident response workflows
Purple Knight Post-Breach is an extension of the community edition of Purple Knight, which has been downloaded by more than 5,000 users since its first release in March 2021. With Purple Knight Post-Breach, partners can specify an attack window to speed up attack defense, ensure malware-free recovery, and close security gaps to prevent follow-up attacks.
“After a cyber disaster, the search for the source of the attack is a tedious task that requires scouring vast amounts of data – and all this while the attackers may be preparing a follow-up attack,” says Dave Evans, VP of Global Channels and Alliances at Semperis , “Purple Knight Post-Breach speeds up the post-attack investigation process for our partners so they can help their customers limit the damage and fully recover from AD-related attacks.“
When a company’s AD environment is attacked, every minute counts to stop the ongoing attack and return the AD environment to a safe state. Purple Knight Post-Breach helps organizations determine if an attack was already underway when an AD backup was created. After an AD recovery, Purple Knight Post-Breach helps response teams find and fix vulnerabilities before the restored environment is put back into operation.
“The faster we can accurately assess the current intrusion, the faster we can eliminate the threat and restore system access,” says Marty Momdjian, Healthcare Solutions Advisor at Sirius Healthcare. “What would take us hours or sometimes days, Purple Knight Post-Breach can do in a few minutes, giving us Semperis another important tool for incident response.“
Semperis is working with some of the world’s largest cybersecurity service providers to conduct incident response for companies affected by AD-based cyberattacks. Recently, Semperis launched a ransomware taskforce in collaboration with Sirius Healthcare to improve the cybersecurity and resilience of hospitals, pharmaceutical manufacturers, insurers and other healthcare companies. Semperis also worked with one of the three largest global consulting firms to help a large multinational insurance company recover from a cyber attack.
By accelerating AD attack investigations, Purple Knight Post-Breach helps cybersecurity service providers minimize downtime for their customers and quickly restore business operations to a secure state to prevent subsequent attacks.