Semperis launches AD Delegation Manager to enhance security
Semperis announced the release of Delegation Manager, an Active Directory (AD) rights management solution designed to provide granular control of permissions to specific groups. The new tool aims to aid IT teams in improving security against cyber threats by reducing over-privileged accounts and excessive access rights, which are often exploited by attackers.
The company emphasised the persistent security challenge posed by permission sprawl, where excessive privileges are granted frequently out of convenience. Darren Mar-Elia, Semperis VP of Products, highlighted the risks associated with misconfigurations related to access-control lists (ACLs), noting that cyberattackers often target these vulnerabilities. Delegation Manager aims to remediate these security gaps by enabling IT and security teams to selectively grant permissions only to necessary groups, enhancing overall security posture and reducing ACL-based attack risks.
CISA has identified various forms of risky access rights as significant contributors to AD misconfigurations that lead to cyberattacks. These include circumvented system access controls, improper separation of user and administrative privileges, and insufficient ACLs on network shares and services. Delegation Manager seeks to address these issues through a role-based access control layer over AD. This allows organisations to implement a secure delegation model more easily, simplifying policy management, access management, and security automation. Key functionalities include:
- Creating and managing policies for securely delegating administrative privileges.
- Monitoring user-initiated directory security changes.
- Reinforcing policy compliance through seamless directory reapplication.
- Controlling access rights with a built-in policy wizard.
- Seamlessly importing preconfigured delegation permissions.
- Providing a clear visualisation of policy application.
- Quickly identifying users with directory permissions.
Mickey Bresman, CEO of Semperis, pointed out that many organisations have difficulties implementing a robust AD delegation model. These challenges can create security vulnerabilities, operational inefficiencies, and complications in user access management. According to Bresman, Delegation Manager automates delegation rights management, allowing IT teams to respond swiftly to user access needs without granting excessive privileges that could be exploited by cyberattackers. This automation facilitates faster operations while minimising risks across the identity system.
Delegation Manager is built on Semperis' identity resilience platform, which provides comprehensive solutions for threat prevention, detection, and response before, during, and after identity-related cyberattacks.