The Governments of the Five Eyes Alliance Recommend Purple Knight for Active Directory Risk & Vulnerability Assessment
November 2024 by Semperis
Semperis announced that new guidance from the Five Eyes Alliance calls out Purple Knight as a tool for detecting and mitigating common attack techniques used to exploit Microsoft Active Directory. Purple Knight is a free tool to analyse and assess vulnerabilities in Active Directory, Entra ID and Okta—for companies in the UK market. Active Directory is the most widely used identity system, present in more than 80 per cent of global companies.
"The Five Eyes’ comprehensive report on mitigating Active Directory risks highlights the urgent need to secure hybrid identity systems against today’s cyber threats. We are honored that Purple Knight is a recommended tool in the report," said Mickey Bresman, CEO, Semperis.
The participating co-authors of Detecting and Mitigating Active Directory Compromises are the Australian Signals Directorate, the U.S. Cybersecurity and Infrastructure Security Agency, the U.S. National Security Agency, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre and the United Kingdom’s National Cyber Security Centre. The report provides guidance on 17 common attack techniques and how threat actors leverage them.
"Active Directory, Entra ID and Okta vulnerabilities can give attackers unrestricted access to an organisation’s network and resources. Semperis built Purple Knight to help companies discover indicators of exposure and indicators of compromise in their hybrid identity environments. The tool has been downloaded by more than 30,000 organisations," said Ray Mills, Regional Director, Iberia, Semperis.
The results of a 2023 Semperis Purple Knight report revealed that organisations using Active Directory struggle to identify and address security vulnerabilities that leave their identity environments open to cyberattacks. Most companies scored an average of 72 on their initial Purple Knight AD security assessments, indicating significant room for improvement.
"Recent guidance in the Five Eyes nations’ report is welcomed. While perfect security is impossible, you can make your network defensible—and then you must defend it. That defence is a mix of doctrine, upskilling and technology, all of which are essential; none on their own is sufficient. Organisations such as Semperis offer hybrid identity system security that will help global organisations improve their operational resilience against today’s ever-present attacks," said Chris Inglis, former U.S. National Cyber Director and current Strategic Advisor, Semperis.