Identity Threat Detection and Response Powered by Semperis

Identity systems like Active Directory (AD) and Entra ID are a prime target for attackers because identity and access management (IAM) serves as a security control plane. When the identity system has security vulnerabilities that attackers can exploit, it becomes a blast radius multiplier. Bad actors are hiding behind directory changes that look “normal” at first glance, turning obscure AD misconfigurations into privilege escalations, and compromising domain controllers to use business downtime as leverage.

A compromise of AD or Entra ID can mean that suddenly every app, every user, and every system is also compromised. Downtime means no one can log in. Attackers know that it’s often the fastest path from “one compromised endpoint” to “we’re offline and briefing the board.”

The evidence is clear: organizations must treat Active Directory (AD) and Entra ID as a first-class priority in achieving cyber resilience. That’s why we’re proud to announce a critical expansion of Cohesity Identity Resilience to include Identity Threat Detection and Response (ITDR), powered by Semperis. Now, you can get continuous, in-depth visibility into your identity environment's security posture with a single dashboard view across AD and Entra ID.

The expanded solution can flag misconfigurations and malicious changes, then automatically roll back changes before attackers exploit them. It also delivers advanced threat detection that can detect changes that evade traditional event-based and log-based monitoring. These capabilities build on our proven ability to provide clean, automated recovery and powerful identity forensics for fault-tolerant recovery of AD and Entra ID.

Here’s how we’re doing it:

Advanced security at every stage of the attack lifecycle

These new features deliver the only threat detection and protection solution that provides a single unified view of security vulnerabilities across AD and Entra ID, including service accounts.

Figure 1: Cohesity’s ITDR capabilities provide organizations with a single pane of glass view into AD and Entra ID security vulnerabilities.

With Cohesity Identity Resilience, we have you covered across multiple stages of the attack lifecycle with purpose-built capabilities to prevent compromises, remediate threats, and recover your critical identity infrastructure when necessary.

Before the attack, Cohesity Identity Resilience:

Continuously inspects your identity posture, flags risky changes, and captures changes even if security logging is off, logs are missing, or malicious changes are injected directly into AD. This approach looks for over 200 indicators of exposure (IOE’s) specific to AD and Entra ID, helping to minimize the attack surface and stay ahead of identity-focused threats.
Shines a spotlight on attackers moving through your hybrid AD environment unchecked. Uninterrupted visibility helps stop attackers from gaining initial access to AD and Entra ID.

During the attack:

Automate remediation by automatically rolling back malicious changes in AD and Entra ID that are too risky to wait for human intervention. Create custom rules and alerts for your security operations team.

After the attack:

Accelerate incident response by quickly finding and eradicating malware. This unique ability enables teams to identify and remove persistent threats and bad actors, rather than just telling you “what’s changed.”
- Only Cohesity can tell you not only what’s changed, but what’s wrong—key to remediating threats and driving clean recoveries.
Translate unstructured AD and Entra ID data into a natural language format. Easily search, correlate, and undo AD changes at object and attribute levels. Drill down to a specific point in time to isolate compromised AD accounts and prevent future attacks.

CISOs and CIOs alike ask the same question: “If someone targets our identity systems, can we actually detect it quickly, remediate, and recover cleanly—without reintroducing the attacker?” Our expanded offering helps security and IT teams to answer this critical question with confidence, moving from proactive to reactive identity security that is at the heart of true cyber resilience.

Cohesity Identity Resilience is purpose-built for today’s identity challenges

As a proven leader in cyber resilience, Cohesity is taking what customers already trust us for and elevating it for the most vulnerable parts of your IT infrastructure. Securing AD and Entra ID is challenging. Misconfigurations accumulate over time, creating legacy security vulnerabilities that attackers love to exploit. Recovery is just as hard and complex. To make matters worse, without functioning, trusted identity systems, cyber recovery of the rest of your infrastructure is usually impossible.

These are all reasons why we continue to double down on delivering powerful, proven, and effective Identity Resilience that directly solves today’s most pressing identity challenges:

Challenge	How Cohesity Identity Resilience Helps
Complex hybrid identity environment	Continuously scan AD and Entra ID, uncovering misconfigurations, legacy artifacts, and indicators of exposure and compromise.
Attackers weaponize identity to expand the blast radius	With advanced ITDR capabilities, quickly identify and contain identity-based attacks before they become a full-blown compromise and outage.
Limited visibility into critical identity changes	Identity systems are complex and can be a black box. Cohesity provides continuous, granular monitoring of identity changes.
Slow, manual, and unpredictable recoveries	In a real-world, chaotic incident, ensure automated, clean, and orchestrated recovery of hybrid identity in a few clicks without internet access.
Threat of re-infection after initial recovery	Support clean recovery of the identity system (decoupled from the OS) to prevent malware reintroduction, using immutable and durable data from Cohesity storage. Use advanced identity forensics to close backdoors to prevent follow-on attacks.
Poor security posture for identity systems leading to unmitigated risks	Prove and demonstrate identity resilience with continuous posture assessments, prioritized/actionable remediation, and tested recovery capabilities that CISOs and CIOs can report as part of an overall cyber resilience strategy.
Gaps in end to-end identity resilience planning and strategy	Deliver an integrated, “before, during, and after” identity resilience strategy that is testable and effective for every stage of an attack lifecycle.

Ready to stop identity from being your weakest link?

Identity won’t stop being a target. You can instead stop it from being a gateway for bad actors and confidently prove quick and clean recoveries.

To hear directly from our leaders shaping leading identity resilience solutions, watch a conversation between Cohesity Chief Product Officer, Vasu Murthy, and Semperis Chief Product Officer, Alex Weinert as they break down:

Industry trends, headwinds from identity-based cyberattacks.
How organizations should rethink the approach to identity resilience.
What organizations should be looking for to secure their critical identity systems.
The expanded Cohesity Identity Resilience offering

And learn more in the resources below:

Written By

Isabelle Yang

Product Marketing Manager

Andy Drag

Staff Product Manager

Cohesity Data Cloud

Data Cloud packaging

Certified platforms

Backup & Recovery

Cloud Data Protection

SaaS Data Protection

Unstructured Data Protection

Cyber Resilience

Zero Trust Security

Archive & Long-Term Retention

Disaster Recovery

Identity Resilience

Ransomware Anomaly Detection

Threat Protection

Data Classification

Cyber Vaulting

Cyber Recovery Orchestration

Digital Jump Bag

Clean Room Solution

AI Conversational Search

Reporting & IT Insights

Global Search

Why Cohesity

Cohesity vs. Rubrik

Cohesity vs. Commvault

View all solutions

Learn more

Microsoft 365 Protection

AWS

Azure

Google Cloud

Google Workspace

Slack

Active Directory & Entra ID

Hyper-V

Kubernetes

IBM

MongoDB

MS SQL Server

NAS

NoSQL & Hadoop

Nutanix

Oracle

Red Hat

SAP HANA

VMware

Financial services

Healthcare and life sciences

Manufacturing and logistics

Federal government

State, local government, and education

Retail and hospitality

Legal

Energy and utilities

Telecom

Technology

Media and Entertainment

View all

Corporate Overview

Blogs

Demos

Events and Webinars

Customer Stories

Glossary

Marketplace

Support

Support login

How-to videos

Cyber Event Response Team

Cohesity User Group

Cohesity Academy

Trust Center

Channel Partners

Global System Integrators

Security Partners

Cloud Alliances

Technology Partners

Managed Service Providers

Data Security Alliance

Leadership