Semperis launches tool to boost Active Directory account security
Semperis has introduced a new version of its Directory Services Protector platform aimed at improving the security of Active Directory service accounts against cyber threats.
The Service Account Protection Essential tool addresses the challenges organisations face in managing the proliferation of service accounts, which are frequently targeted by attackers due to their high privileges and lack of oversight.
Service account risks
Active Directory service accounts have long been a vulnerability in organisational IT infrastructure, particularly highlighted by incidents such as the SolarWinds attack in 2023. As applications are added and removed over a directory's lifespan, service accounts often remain, accumulating excessive permissions and becoming increasingly difficult to manage.
"Service accounts are pernicious and nearly ungovernable by nature, so organisations struggle to adequately address them in security planning," said Ran Harel, Semperis AVP of Security Products. "Think about how many applications are onboarded and retired over the course of an Active Directory's lifespan. Each one of these applications may have several service accounts that connect them to AD. Those service account permissions are a black box, with passwords that are static or stale, but no one dares delete them. They're an obvious target for attackers because of their ungovernable state."
Service accounts, particularly those with links to Microsoft 365, are increasingly viewed as high-risk due to their widespread use and the tendency for their privileges to go unchecked.
New features for detection and response
The Service Account Protection Essential tool helps organisations identify both known and unknown service accounts, inventory them, and provide ongoing monitoring for vulnerabilities. The platform uses specialised indicators developed by Semperis' threat research team to spot misplaced, stale, or misconfigured accounts, risky settings, and active threats. Alerts are generated on the discovery of malicious or anomalous activity.
"Service accounts are very attractive to attackers," said Alex Weinert, Semperis Chief Product Officer. "These accounts tend to proliferate in legacy AD applications and acquire excessive privileges over time, making them an obvious target for malicious actors, especially when service accounts are included in privileged cloud roles or groups tied to Microsoft 365. Service Account Protection Essential gives organisations unprecedented visibility into their service account security posture by helping them identify service accounts, create an inventory, and continuously monitor them to reduce the overall attack surface of the hybrid AD environment."
The latest DSP release also offers process improvements for security teams managing Active Directory and Entra ID object lists. New automated response mechanisms and grouping features allow for categorisation of privileged accounts and service accounts, streamlining administration and enabling the undoing of malicious changes as they are detected in real time.
Platform enhancements
The enhanced DSP dashboard provides a detailed overview of recent directory changes, attack detection events, and general system health. This includes comprehensive risk scoring, enabling security teams to quickly assess and respond to identity threats and better communicate their security status within their organisations.
The new features are intended to help security practitioners reduce the risk boundaries associated with service accounts, both on-premises and in the cloud, by making it easier to identify and address misconfigurations and potential entry points for attackers.
The release responds to the heightened attention on service account protection in the aftermath of recent prominent cyber incidents and aims to give organisations greater capability to manage their hybrid identity environments effectively.
