Showing results for 
Search instead for 
Did you mean: 

Semperis and Veritas Join Forces in Active Directory Protection and Recovery!

Level 4

In today's rapidly evolving digital landscape, cybersecurity has become a critical concern for organizations of all sizes and industries. One of the most common targets for cyberattacks is Active Directory (AD), the cornerstone of identity management for most enterprises.  Its pivotal role in controlling access to various resources within an organization makes it an enticing target for cybercriminals aiming to gain unauthorized access to sensitive information. AD serves as the backbone of many organizations' digital operations, making it a prime target for cyber adversaries.

According to recent statistics, a staggering 9 out of 10 cyberattacks exploit vulnerabilities within Active Directory systems.  The prompt restoration of AD is paramount, as any delay can have far-reaching implications, potentially impeding the entire recovery process. This alarming trend underscores the urgent need for robust AD security solutions. Recognizing this critical need, Veritas and Semperis have joined forces to provide a comprehensive solution designed to safeguard and recover AD environments.

Veritas and Semperis, two industry leaders in data protection and AD security respectively, have forged a powerful alliance to deliver an unparalleled solution for safeguarding and restoring AD environments. This collaboration leverages the strengths of both companies, providing organizations with a comprehensive defense strategy against a broad spectrum of cyber threats.

Key Benefits of the Veritas Semperis Solution: 

Veritas 360 Defense Data Protection Platform: Veritas 360 Defense platform ensures Semperis' critical infrastructure is consistently and comprehensively safeguarded. A proactive shield powered by industry leading NetBackup anomaly detection and malware scanning protection ensures that even before data reaches the Veritas Immutable Vault it undergoes rigorous scrutiny for any signs of malicious intent.  In the face of unforeseen disasters or cyber-attacks, the On Prem and cloud immutable recovery Vault with native isolated recovery capabilities ensures that critical information remains intact and accessible.

Granularity and Speed during AD recovery: Semperis ADFR provides granular recovery options, allowing you to restore individual objects, attributes, or even the entire forest quickly. This level of granularity can be critical in situations where precise recovery is essential. Veritas and Semperis ensure swift recovery, minimizing downtime and reducing the impact on business operations. Semperis ADFR is designed to support recovery of complex Hybrid and Multi-Cloud Environments AD environments.

Transaction-Level Recovery: Semperis ADFR captures and replays every change that occurs in AD at the transaction level. This means it can roll back to a specific point in time, ensuring that the forest is restored to a consistent state.

Continuous Monitoring and Remediation: Semperis ADFR continuously monitors the AD environment for changes and alerts administrators to potentially harmful or unauthorized activities. It also provides options for automated remediation. The unified solution employs cutting-edge technologies to proactively identify and neutralize potential threats before they can exploit AD vulnerabilities. After recovery of Active directory from backups, several other tasks require manual interventions such as metadata cleanup and Semperis automates all tasks as part of recovery.

Expert Support and Incident Response: With access to a team of dedicated experts with Veritas and Semperis cyber recovery and assessment services, organizations will benefit from rapid incident response and expert guidance in navigating complex security challenges.

Solution Overview


NetBackup Alta Recovery Vault

Veritas Alta Recovery Vault is a cloud-based data vault designed to protect applications and infrastructure from threats that target backup data, by immutably isolating an off-site data copy in the cloud with a virtual air gap. With Veritas Alta Recovery Vault, there is no need to build, manage, and protect a physical site to isolate backup data.

All resources are provisioned and managed from within NetBackup’s locked-down security and role-based authentication policies, eliminating separate accounts and user interfaces across cloud providers and ensuring security and compliance policies are in check. You can run Alta Recovery Vault in the cloud while deploying an air-gapped IRE on-premises with Flex Appliances or BYO. This hybrid cloud approach provides stronger resilience and security while lowering your total cost of ownership by eliminating the unexpected data ingress and egress fees and paying for only what’s used with a “pay-as-you-go” subscription service.


NetBackup Isolated Recovery Environment

Unlike traditional IRE solutions, the NetBackup IRE solution offers a unified, scalable solution with immutability and indelibility. In addition, the Veritas IRE is based on the Flex appliances’ container-based multi-tenant WORM storage with hardening OS and a zero trust architecture without additional license cost. NetBackup Anomaly and Malware Detection provides another line of defense against malware propagating in the environment. As of NetBackup 10.1, the air-gap restricts network access to the IRE all the time and works for Flex Appliances and BYO. Veritas’ IRE solution provides a high-performant NetBackup solution with zero-trust security without any extra license cost.

NetBackup Anomaly Detection

The machine learning (ML)-driven anomaly detection can identify backup behavior abnormalities and automatically initiate malware scanning. With the NetBackup Anomaly Detection engine and malware scanning running on the production side, anomalies in the backup process are automatically and continuously analyzed. Detecting anomalies in backup images provides the backup administrator with an important metric that plays a role in the organization’s security posture and understanding trends and deviations in the data protection footprint. Anomaly Detection was previously only possible through rigorous manual analysis of the NetBackup Activity Monitor, but with the Anomaly Detection engine, this is now automated. Introduced in NetBackup 9.1, Anomaly Detection uses metadata already available to key in on likely indicators of issues. An anomaly is any significant change in backup image size, number of backup files, data that is transferred in KB, deduplication rate, or backup job completion time. NetBackup uses machine learning to detect anomalies using statistical data clustering analysis to form an anomaly’s score. A higher score is more significant and reflects how different one set of data is compared to previous sets of data to form a baseline.

NetBackup Malware Scanning

NetBackup Malware Detection provides greater control in the detection and recovery portions of the workflow. NetBackup offers two malware scanning methods to protect your data’s integrity and the backup image: on-demand scans and scans automatically triggered by high anomaly scores. We recommend adding Malware Detection workflows on the IRE side. The last-known-good image will be clearly visible in the recovery workflow, and selecting an impacted image will present several warnings to the user. If we find something infected in the immutable storage, the image cannot be expired before the minimum retention period, but in this situation, administrators will know there is an infection and can plan accordingly. Also, you can scan the image before the recovery. NetBackup will give warnings on detection before the restore. Malware Detection offers a powerful point of insight into the backup images as a response to an alert or on-demand scan of a backup image. The integrated NetBackup malware engine allows you to perform on-demand scans of backup images for latent threats. Additionally, integration with leading malware scanners such as Microsoft Defender and Symantec Protection Engine was made available in the NetBackup 10.0 release.


Malware scanners can be deployed on one or more hosts, depending upon concurrent scanning requirements. These scan hosts are grouped together into a scan pool that can inspect unstructured data of either MS-Windows or Standard data types. Malware scanning can be initiated using the WebUI or launched automatically when a high anomaly score is generated from Anomaly Detection activity. You can also create custom data protection workflows using our powerful APIs. Scan pools should be configured with a common malware application along with the desired protocol and you should not mix engines or protocols when adding additional scan hosts.

Malware Detection leverages Universal Shares, so you don’t need to configure a specific share for scanning. NetBackup Flex appliances have all the prerequisites for Malware Detection and support SMB and NFS shares. The MSDP host exposes the image to the scan host as a read-only share so there is no additional risk to read a potentially infected image. As an image passes through its Storage Lifecycle Policy (SLP), you can scan images once they reside on MSDP without interrupting the secondary SLP operations.


An on-demand scan model in the NetBackup WebUI is focused on periodic inspection of images, with the option of enabling automatic scanning for images with high Anomaly Detection scores. Focus your on-demand scans against the high-risk hosts—hosts interfacing with the public internet, Internet-of-Things (IoT) devices, and other edge machines.

On-demand scanning targets images within a specific range for a specific host and each image will be scanned in a single job. The scan’s output status is stored with the image and offers common remediation actions, which also triggers an alert in the top right of the WebUI.

Once an impacted image is detected, you can view the impacted files list, expire all copies, or leave the image in place where the scanning status tag will alert when the backup image is selected in a recovery workflow in the future. The last-known-good image will be clearly visible in the recovery workflow and selecting an impacted image will present several warnings to the user.


The alliance between Veritas and Semperis represents a holistic approach to data protection and identity security. By combining the strengths of these industry-leading solutions, organizations can navigate the digital landscape with confidence, knowing their critical data and digital identities are fortified against even the most sophisticated cyber threats.

This collaboration reflects our shared commitment to pushing the boundaries of data protection and security. As we look ahead, both teams are poised to delve deeper into the realm of Active Directory (AD) prevention and protection, uncovering opportunities for more advanced use cases.

The partnership between Veritas and Semperis is a testament to our commitment to innovation and excellence in cyber security landscape. As we continue to collaborate, both teams will continue to explore opportunities in more advanced cases to provide identity-driven cyber resilience to our joint customers.

Check out our video and technical brief for more information!