At this point, it should come as no surprise to organizations that
identity has become a high-profile target for bad actors looking to gain access to corporate IT systems. Security researchers and vendors have been firing off alarms about the expanding threat for several years, particularly in the AI era.
Given that, it’s important that enterprise security teams and MSSPs prepare for such attacks by taking an “assume breach” mindset that will improve their operational resilience and response to threats when they occur, according to
Courtney Guss,
Semperis’ director of crisis management.
“Resilience starts with assuming identity will be targeted, but it becomes real when organizations can spot weakness early, rehearse response, and remediate faster,” Guss told MSSP Alert. “This mindset helps organizations take an initiative-taking stance and maintain focus on the most vital systems from a risk perspective.”
It also can make it easier for organizations to prioritize investments toward improving risk mitigation, detection, and response capabilities – such as vulnerability management, monitoring, and anomaly detection – as well as for better preparedness and response plans and exercises, she said.
A new alliance
That is the key imperative behind Semperis’ new alliance with
Hack The Box, announced this week. Identities are in the crosshairs of threat actors that are increasingly armed with AI capabilities. The combination of Semperis’ hybrid identity threat detection and response disaster recovery capabilities with Hack The Box’s gamified cybersecurity training and assessment platform will mean better hands-on training and cyber exercises for joint users, as well as industry initiatives that the two vendors will offer to build stronger resilience.
That resilience is needed, Guss said.
“Identity systems such as Active Directory, Entra ID,
Okta, and
Ping Security are the gatekeepers to an organization’s entire digital estate and determine who can log in, what they can access and what privileges they have,” she said, adding that in almost 90% of ransomware attacks, bad actors access identity systems “because when compromised, an organization can suffer significant business disruptions, leading more companies to pay a ransom in hopes of restoring their systems and limiting damage.”
More Than Just Initial Access
The identity-related cyberthreat goes beyond initial access, according to
Tony Archer, a security engineer with
Tenable until moving to
CyCongnito late last year. He wrote that “identity compromise
doesn’t stop after initial access. It plays a key role in the five stages of a cyber attack.” After gaining access, it is also abused by bad actors for reconnaissance of the compromised IT environment, lateral network movement and privilege escalation, persistence and evasion, and payload – from malware to ransomware to malicious code – deployment.
“Chances are an attacker will need to run some sort of script or installer – such as PowerShell scripts – to achieve this. Putting a restriction in place through security policies to prevent these from running can dramatically reduce risk.”
Stop the Abuse
The Semperis-Hack The Box alliance is aimed at stopping threat actors from abusing identities at the point of attack and arming organizations and MSSPs with the tools and knowledge they need, according to the companies. The collaboration revolves around Purple Knight, Semperis’ open source tool for identity security vulnerability assessment for
Microsoft’s Active Directory and Entra ID environments, as well as those with Okta.
They’ll also offer educational content based on threat research from Semperis for Active Directory and Entra ID security, joint activities at industry events like the Black Hat conference, and technical roadshows, and joint customers and partner readiness programs.
MSSPs on the Front Lines
Given their roles as the front line of security for many of their clients, MSSPs and MSPs should benefit from the alliance. Clients expect them to understand where identity vulnerabilities are, monitor for signs of abuse, translate the information they’re getting into risk guidance, and help strengthen their security posture, Guss said.
“The complexity that MSPs and MSSPs work through is where this partnership can have a real impact,” she said. “Semperis brings deep identity-security expertise and visibility into identity risk, while Hack The Box helps turn that insight into hands-on readiness through labs, exercises, and training pathways.”
For service providers, “that creates a stronger operating model: better recommendations to customers, better prepared teams, and faster, more confident response and recovery when incidents happen,” Guss said.
