Notifications
Clear all
Topic starter
12/06/2026 9:37 pm
TL;DR: Identity security readiness is the focus of a new strategic technology alliance between Semperis and Hack The Box, with initial work around Purple Knight, threat research, and hands-on cyber exercises for hybrid identity environments, according to Semperis. The practical signal is that identity resilience now depends on response practice as much as visibility and tooling.
NHIMG editorial — based on content published by Semperis: the strategic technology alliance with Hack The Box on identity resilience and cyber readiness
Questions worth separating out
Q: How should organisations improve readiness for identity-based attacks?
A: They should treat readiness as an operational control, not a training slogan.
Q: Why do hybrid identity environments create harder recovery problems?
A: Because compromise and remediation often span multiple identity systems at once.
Q: What breaks when identity security is measured only by visibility?
A: Teams can see risk without being able to act on it quickly enough.
Practitioner guidance
- Define identity incident runbooks by control plane Separate response steps for Active Directory, Entra ID, Okta, and similar systems so containment actions do not depend on improvisation during an incident.
- Run live-fire identity exercises Use exercises that force teams to execute account suspension, privilege validation, and recovery steps under time pressure, then document where coordination breaks down.
- Tie assessment findings to remediation owners Make every identity vulnerability finding land with a named owner, a deadline, and a re-test step so the output becomes operational change rather than reporting noise.
What's in the full analysis
Semperis's full announcement covers the operational detail this post intentionally leaves for the source:
- Initial collaboration areas around Purple Knight and other identity assessment workflows
- Joint industry activations, webinars, and event roadshow plans tied to readiness enablement
- Customer and partner enablement details for training programs and go-to-market coordination
- The vendor's own framing of how the alliance will support identity resilience work across hybrid environments
👉 Read Semperis's announcement on the Hack The Box alliance for identity readiness →
Identity resilience and cyber readiness: what teams need to do?
Explore further
12/06/2026 11:49 pm
Identity resilience has become a readiness discipline, not a tooling category. The alliance reflects a broader shift in how enterprises should think about identity security: visibility alone does not stop escalation. When identity systems are the control plane, defenders need muscle memory for containment, validation, and recovery. The practitioner conclusion is that identity programmes now need measurable response capability alongside access governance.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
A question worth separating out:
Q: Who should own response to identity compromise in the enterprise?
A: Ownership should sit with the teams that can actually execute containment and recovery across the affected control plane, with security, IAM, infrastructure, and operations aligned on the same runbook. If ownership is unclear, the attacker benefits from delay, and the recovery effort becomes fragmented.
👉 Read our full editorial: Semperis and Hack The Box link identity resilience to readiness
