惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

TaoSecurity Blog
TaoSecurity Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
F
Fortinet All Blogs
Cisco Talos Blog
Cisco Talos Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
S
Secure Thoughts
美团技术团队
雷峰网
雷峰网
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
C
CXSECURITY Database RSS Feed - CXSecurity.com
Engineering at Meta
Engineering at Meta
人人都是产品经理
人人都是产品经理
月光博客
月光博客
T
Tor Project blog
P
Privacy & Cybersecurity Law Blog
Recorded Future
Recorded Future
I
Intezer
博客园 - 【当耐特】
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
GbyAI
GbyAI
罗磊的独立博客
V
V2EX
Google DeepMind News
Google DeepMind News
D
DataBreaches.Net
Last Week in AI
Last Week in AI
T
Tailwind CSS Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
A
About on SuperTechFans
Scott Helme
Scott Helme
Vercel News
Vercel News
Spread Privacy
Spread Privacy
T
Threat Research - Cisco Blogs
Recent Announcements
Recent Announcements
Hacker News: Ask HN
Hacker News: Ask HN
C
CERT Recently Published Vulnerability Notes
G
Google Developers Blog
B
Blog
博客园 - 叶小钗
WordPress大学
WordPress大学
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Jina AI
Jina AI
IT之家
IT之家
C
Cybersecurity and Infrastructure Security Agency CISA
P
Palo Alto Networks Blog
小众软件
小众软件
博客园 - Franky
Microsoft Azure Blog
Microsoft Azure Blog
AWS News Blog
AWS News Blog

Insight Partners

Demystifying the forward deployed engineer Behind the investment: Higharc and the AI-native future of homebuilding According to Root.io, your security backlog is a problem that only AI can fix Command Zero is betting big on AI-native defense compressing response time How AI is rebuilding America's primary care system How Skyflow ends the false choice of block or unblock for Agent data How Trustmi uses AI to make sure every dollar goes where it should How Tamnoon is tackling the cloud security backlog with autonomous remediation The next generation of analytics: Why we invested in Golden Analytics How Mate Security is building the AI teammates that security operations centers have been waiting for Brinqa is building the context layer that enterprise security is missing The SaaS GTM glossary that no one has written yet What top-performing CMOs say about success in 2026 Client Challenge How Healthie is building the critical infrastructure behind accessible, longitudinal care GovWell Raises $25M Series A Led by Insight Partners to Build the AI Operating System for Modern Government How Devo built agentic Strike48 to kill the SOC alert Devicie is building endpoint security for an AI-driven world Why Delinea focuses on privileged access to prevent breaches from humans and AI Agents Cloudsmith Raises $72M Series C Led by TCV and Insight Partners to Control and Secure the AI-Powered Software Supply Chain Covera Health and Medmo Combine to Deliver the First Platform That Manages the Complete Radiology Journey: From Imaging Order to Accurate Diagnosis From software to hardware: Where Nest founder Tony Fadell thinks AI will go next The skills gap cybersecurity leaders are facing right now Client Challenge Stop selling to enterprises. Start building with them. Behind the Investment: Linx Why we invested in Rocketlane How agentic AI is rearchitecting enterprise workflows Linx Security Raises $50M Series B as Identity Becomes Security’s Biggest Failure Point ScaleOps Raises $130M Series C at Over $800M Valuation to Lead the Future of Autonomous Cloud and AI Infrastructure Resource Management Rocketlane Raises $60 Million Series C to Redefine Professional Services for the AI Era Supercharging financial advisors: How AI is reshaping wealth management How Pictor Labs is turning tissue into data to revolutionize diagnosis
Inside Semperis: Response and recovery after identity system attacks
Insight Partners · 2026-04-28 · via Insight Partners

Almost every enterprise in the world relies on identity systems to operate.

Without digital IDs, biometric verification, and decentralized systems that enable secure authentication, employees can’t log in, security teams can’t coordinate, and even basic tools like email and collaboration platforms become inaccessible.

Identity infrastructure — often Microsoft’s Active Directory (AD) — controls access across every application, system, and workflow. But companies often treat it as just another piece of IT. Over decades of updates and ownership changes, most identity systems drift from their original configuration.

Attackers take advantage of this, says Mickey Bresman, cofounder and CEO of security and recovery platform Semperis, a leader in identity-driven cyber resilence and crisis response.

“Active Directory remains one of the main attack paths into the enterprise…I know you have it, I know it’s been misconfigured. That brings me to the conclusion that if I’m going after your enterprise, that’s what I should be going after.”

When identity fails

Cybersecurity strategies are built around prevention. Firewalls, identity layers, and monitoring layers are designed to stop attackers before they get in.

These approaches are based on the assumption that if something goes wrong, systems can be recovered — but that isn’t true of identity systems.

“All of my customers have the same identity system…None of them has a real answer to what happens when the system goes down.”

“When identity systems go down, all of a sudden, the tools that the organizations use [are] no longer available to them during the time of crisis,” Bresman explains. And without access to the very tools they rely on to investigate and coordinate a response, security teams are paralyzed.

“How do I communicate with the responders? How do I bring the teams together?” says Bresman. Most organizations don’t plan for this kind of scenario until it happens.

The idea for Semperis came from seeing these failures firsthand. Bresman and his team were brought in to investigate when the AD system of a large telecommunications company was compromised. The system went down, and restoring it was a manual, time-intensive process.

“By the end of it, you’re completely exhausted,” says Bresman. “Your brain is partially working at this point, but we are high-fiving, and we’re happy we’re going home. Less than six hours after, we get a call that it went down again.” Although the system had been restored, it wasn’t secured, and the attackers hadn’t been fully removed.

Around the same time, the team ran a simulation with a major bank where it took them five days to fully recover AD in a controlled environment. “The question was,” says Bresman, “can the bank survive more than five days without login authentication?”

That was the catalyst for Semperis, a solution that could both protect organizations from attacks and solve for what happens after, when identity systems are compromised and need to be restored quickly and safely.

‘R’ is for recovery

Semperis’ three cofounders had been on the frontlines of multiple crises. Bresman and Guy Teverovsky shared extensive experience in the IT disaster recovery and consulting space, while Matan Liberman led a government software development team.

After being accepted into Microsoft’s accelerator program, they launched Semperis in 2015, initially focusing on identity system recovery. At the time, identity threat detection and response (ITDR) was an emerging category, but the team saw a critical gap.

“One of the things that we were constantly telling the market is that ITDR actually has…two Rs,” says Bresman. “The second R [is] for recovery.”

That insight has shaped their approach. Rather than focusing on responding to attacks, the cofounders rethought how identity systems could be restored without introducing risk.

One of the key innovations was separating AD from the underlying operating system (OS) to allow organizations to rebuild clean identity environments. “If we recover to a clean OS, we are not bringing [malware] with us,” Bresman explains.

The centaur that became a unicorn

Product-market fit issues almost caused the company to fold in 2016. But the following year, one of the most destructive AD-related malware attacks in history, NotPetya, shed some light on how vulnerable enterprise AD environments are and validated Semperis’ focus.

In 2019, the company introduced its patented Active Directory Forest Recovery solution, which automates the recovery process to eliminate malware reinfection and reduces the downtime after a cyberattack by up to 90%.

By the end of that year, Semperis was operating at just above $3M ARR, having generated the majority of its revenue that year. In March 2020, the company announced a $40M Series B, led by Insight Partners, to fuel expansion and hiring.

Post-Series B, Semperis entered a period of rapid expansion. The company hit $100M ARR in 2025, morphing from an early-stage business into both unicorn and centaur status. That growth was underpinned by a $200M Series C in 2022, which cemented its position as a category leader.

During this time, Semperis grew from around 25 employees to over 600 and expanded its customer base from 50 to over 1,200. In June 2024, it raised an additional $125M in growth financing to accelerate that momentum.

Identity vs. autonomous Agents

Today, Semperis is a full-fledged identity resilience platform.

As enterprises have grown increasingly dependent on identity to operate across cloud systems and support remote work, Semperis has shifted from protecting a single system — AD — to supporting cloud-based enterprise security platforms like Entra ID, Okta, and Ping Identity.

But as identity infrastructure grows in popularity, so does the pace and scale of attacks. Last year saw a 800% surge in identity-based attacks, with 1.8 billion logins stolen from 5.8M infected hosts.

New AI tools enable attackers to discover vulnerabilities faster and move more quickly through systems, explains Bresman.

“Whatever you did not find before…in terms of different attack paths, genAI is going to help the bad actor to find. So you’d better find it before they do.”

Agentic AI brings other challenges. As businesses introduce autonomous Agents to workflows, the environment becomes more complicated and the opportunity for human error — or malicious interference — grows.

“How do I secure and protect the Agents?” says Bresman. “On one hand, making sure that only the right people can give them commands, or the right Agents, because we’re already seeing Agents commanding other Agents. On the other hand, how fast can I detect if an Agent is…doing something that it should not be doing?”

From Bresman’s perspective, the future of cybersecurity will rely less on manual responses and more on automation. “You will need to get to a point where it’s bots fighting bots and no humans in the middle,” he says.

In that future, recovery is as critical as prevention. Attacks are inevitable, but they don’t have to be catastrophic. Resilience — being able to restore identity quickly, regain control, and keep operating as usual — will be the difference between a disruption and a crisis.


*Note: Insight Partners has invested in Semperis.