GUIDO GRILLENMEIER

MAGAZINE SPEAKS WITH GUIDO GRILLENMEIER, CHIEF TECHNOLOGIST AT SEMPERIS, ON HOW THE COMPANY PIONEERS IN IDENTITY PROTECTION

A well-established industry veteran, Guido Grillenmeier is Chief Technologist at cyber resilience and threat mitigation platform Semperis –a role he has held since 2021.

Grillenmeier previously worked as Chief Engineer at HP for nearly 20 years, where he was a member of the company’s Advanced Technology Group leading the development and delivery of HP's Windows Server 2008 Academies to HP’s Services division. Most recently, Grillenmeier held the position of Chief Technologist within the Enterprise Services Group at DXC Technology, a spinoff company from the Enterprise Services division of HPE and CSC.

In addition, Grillenmeier is a Microsoft-certified architect and co-author of Microsoft Windows Security Fundamentals, who has spoken at leading Microsoft conferences, including Microsoft Tech-ED, IT Forum, Windows Connections, and the Hybrid Identity Protection conference.

Q. THANK YOU FOR JOINING US GUIDO, PLEASE INTRODUCE YOURSELF AND TELL US ABOUT YOUR ROLE

» My name is Guido Grillenmeier and I am based in Germany. I have

devoted my professional career to identity and enterprise security, with a focus on the Microsoft ecosystem that I helped many companies to migrate into and optimise for their needs. A frequent speaker at technology conferences, I have been privileged to receive the Microsoft MVP award for 12 years in a row. I am now the Chief Technologist of Semperis, supporting our customers around the globe.

12

» Semperis is a pioneer in identity protection, focusing on the Microsoft Directory services – both in the cloud (Azure Active Directory) and on-premises (Active Directory).

Microsoft Active Directory (AD) has been around since 2000 and is an incredibly popular identity management solution. It helps organisations to manage their users, devices, and more. As a tool, it’s ubiquitous, used by approximately 90% of the Fortune 1000. However, it is also a common target for cybercriminals to exploit, with research indicating that 90% of cyberattacks involve AD in some way.

Semperis helps customers to identify their weak spots in AD and discover if there is an intruder in their environment by looking for suspicious activity going on.

There are many permissions in AD that intruders use to hide, persisting in the environment. Semperis scans all permission changes live. Any change taking place in AD is visualised and recorded in its ‘Directory Services Protector’ (DSP) solution, with which you can undo any changes manually or automatically.

» The secret of Microsoft Active Directory’s success was its openness. By default, any end-user in your company can read all user- and group-information from your AD, as well as all critical configuration settings. This made it very easy to integrate with all sorts of applications.

But today, that is its weak spot, and hardly any company has taken the security steps needed to make AD harder to attack by reducing those weak permissions.

For many organisations, it’s their Achilles’ heel. It’s so easy to read, which means it’s also easy for attackers to detect vulnerabilities and use them against you. Microsoft has increased AD security over the years, but there’s a variety of settings now that many companies are still not

“WE ARE ENTERING A PHASE OF INCREASED FOCUS ON IDENTITY PROTECTION – AFTER ALL, HACKERS DON’T BREAK IN, THEY LOG IN!

WE ARE ENTERING A PHASE OF INCREASED FOCUS ON IDENTITY PROTECTION – AFTER ALL, HACKERS DON’T BREAK IN, THEY LOG IN!” using to protect themselves, and that’s why they are still very, very vulnerable.

Once a criminal has access to AD, they can move laterally within the networks of the business taking down one system after another reading the data. Companies hold vast amounts of valuable data – critical customer information – and the very secrets of the companies themselves. In this sense, AD is something of a treasure trove. It contains the keys to the kingdom; a map that reveals where their resources that contain value are.

» The best approach for securing AD is implementing a layered defence strategy that protects AD before, during, and after an attack. Organisations need solutions that address every stage of the attack lifecycle, including identifying and mitigating vulnerabilities, detecting advanced attacks, automatically remediating malicious changes, and ensuring a malware-free AD recovery in the event of a cyberattack.

Given that many AD attacks are successful, organisations should prepare for the worst by having a tested AD forest recovery plan in place so they can resume business operations as quickly as possible after an attack.

» We are entering a phase of increased focus on identity

In December, Semperis ranked No.64 on the Deloitte Technology Fast 500, a ranking of the 500 fastest-growing technology, media, telecommunications, life sciences, fintech, and energy tech companies in North America. In a statement, the company said it's more than 2,800% revenue growth was down to high market demand for identity protection in AD environments.

protection – after all, hackers don’t break in, they log in! As such, easily determining unknown vulnerabilities that allow compromising the most critical components of any identitysystem – the so-called “top tier” or “tier 0” objects – is a key capability I am excited about.

Semperis is already offering the powerful Purple-Knight vulnerability scanning tool for validating AD and Azure-AD environments for wellknown misconfigurations.

Semperis will also be releasing a free version of another powerful graph-based security tool, named Forest Druid, which will allow locating those company-specific risks within AD that do not fit into existing patterns. Utilising these technologies in concert will further help to improve the security posture of companies, making life harder for the cybercriminals to succeed on their vicious path of destruction.

Executives from Appian, AWS, and Xebia share their collaborative efforts and excitement about their partnership in low-code, cloud, and sustainability.

Technology is instrumental to achieving next-level capabilities across industries. But organizations that want to operate sustainably must choose technology that lets them adhere to strong environmental, social, and governance principles.

Appian Corporation, a process automation leader, is a critical piece of the digital transformation and sustainability puzzle. The enterprise-grade Appian Low-Code Platform is built to simplify today’s complex business processes, with process mining, workflow, and automation capabilities.

“By quickly building apps that streamline and automate workflows, organizations are using Appian to make their processes for monitoring and reporting on ESG initiatives faster, simpler, and more effective,” says Meryl Gibbs, Emerging Industries Leader at Appian.

“Both AWS and Appcino are amazing partners of ours,” says Michael Heffner, VP Solutions and Industry Go To Market at Appian. “We have an extremely long legacy engagement with AWS as our trusted, go-to-market partner and Appcino builds “meaningful, business-focused applications on the Appian platform and is amazing in all things ESG.”

As an AWS leader enabling sustainability solutions built on the cloud, Mary Wilson, Global Sustainability Lead at AWS, talks about the partnership with Appian.

“Our objective is to help our customers achieve sustainability goals across their business operations,” says Wilson. “[This means] looking at data availability, meaning access to more data, and enabling actionable insights. “Lowcode, cloud-enabled, technologies will allow organizations to build fast, learn fast, iterate, and continue to improve these insights to drive their sustainability outcomes.”

Tarun Khatri, Co-Founder & Executive Director of Appcino (product part of Xebia), explains just how critical ESG is in the face of digital transformation. “The investment community now considers ESG reporting as a major factor for measuring performance,” says Khatri The collaboration will continually uncover new insights and provides customers the opportunity to accelerate their ESG goals with speed and security.