Semperis on Tuesday announced it raised more than $200 million in Series C funding to accelerate hiring across all functions to support the company’s expanding customer base, with an emphasis on its identity-focused incident response team. The move put Semperis into unicorn territory, though it would not disclose a specific valuation.

The company also plans to dedicate a significant portion of the new funding to research and development to drive innovation in the identity system defense market, focusing on its Directory Services Protector platform.

Gartner, which categorizes the product as an identity threat detection and response (ITDR) solution, included the ITDR category in its top cybersecurity trends for 2022, noting that credential misuse is a primary method attackers use to access systems and achieve their goals. Much of what Directory Services Protector does is focus on defense and incident response for Active Directory environments.

“With [our] multi-layered identity protection, organizations can fend off cyberattacks without being forced to choose between two bad options: paying the criminals or getting shut down,” said Mickey Bresmen, co-founder and CEO of Semperis.

It’s great to see Semperis gaining traction in securing Active Directory, as AD is a prime target for attackers who can use access to accounts to exfiltrate sensitive data, and can leverage privileged accounts — literally the keys to the kingdom — to manipulate critical IT infrastructure, said Jack Poller, a senior analyst at the Enterprise Strategy Group. Poller said recent ESG research found that 45% of organizations suffered a breach or attack because of identity-related threats and 36% were breached because of permission-related threats.

“Equally as important, AD lies at the center of IT — without AD, many apps can’t run, users can’t log-in, and an attacker taking AD down can cripple or destroy the business,” Poller said. “Unfortunately, Microsoft’s recommendation for recovering AD from a disaster or attack is a long, onerous, manual process prone to errors. Thus, identity security and protecting AD have become a prime directive of the cybersecurity team, and Semperis’ ability to detect and prevent the unique attacks targeting AD is becoming more and more important, as is the [company's] ability to automate and accelerate the AD recovery process.” 

Frank Dickson, who covers security and trust at IDC, added that our awareness of and approach to ransomware and ransomware-like attacks has matured. Dickson said today’s attacks take a five-stage approach, including: initial compromise, lateral movement, privilege escalation, data exfiltration, and then encryption.

“The encryption of our critical data is, frankly, the last and least interesting phase of the attack,” Dickson said. "The most interesting and the foundational component of the success of the attack is identity- centric, especially directory centric. As a result, we are seeing mainstream vendors like CrowdStrike and Qualys making investments in identity offering to address cyber security use cases in the name of XDR. Clearly, start-ups like Semperis are also looking to capitalize on the market need."