Date: 05/22/2025
Vendor: Semperis
Technology/Topic: Modernizing Active Directory Defense: Detection, Protection, Recovery
======================================================
Welcome to the Technical Exchange Meeting (TEM)!
Semperis Directory Services Protector (DSP) and Active Directory Forest Recovery (ADFR) provide an integrated defense-in-depth solution to secure, monitor, and rapidly recover Active Directory (AD)—a critical identity infrastructure for mission operations.
DSP offers continuous monitoring of AD, detecting both real-time attacks and misconfigurations that could be exploited by external or internal adversaries. It maps exposures to MITRE ATT&CK techniques, identifies indicators of compromise, and provides actionable intelligence to harden the environment before damage occurs. DSP enables defenders to view all changes to AD and automatically or manually roll back unauthorized changes in real time without mounting backups. With DSP, the DoD gains situational awareness across hybrid AD environments—on-prem and cloud—ensuring compliance with Zero Trust and EO 14144 identity requirements.
ADFR complements DSP by enabling fast, automated, and forensically clean recovery of the entire AD forest after a cyber incident—such as ransomware or insider sabotage—without reintroducing malware or relying on potentially compromised backups. ADFR and its utilities allow the defender to discover and remediate threat actor changes to the AD service, thus re-establishing trust in the identity system. Together, DSP and ADFR enable cyber resilience and operational continuity, even in contested or degraded environments.
======================================================
To join the DISA TEM mailing list, please contact: disa.tem@mail.mil
======================================================
Disclaimer:
— TEMs do not serve as a marketing venue or request for proposal actions.
— TEMs shall not be interpreted as a commitment by the Government to issue a solicitation or ultimately award a contract.
— TEMs do not serve as an endorsement of any presented technologies or capabilities
— Presentations will not be considered as proposals nor will any awards be made as a result of a TEM session.
— TEMs are public open forums – no proprietary or sensitive information should be presented during TEM sessions. Only publicly facing content is permissible in DISA TEM sessions.