ACEN MDR deepens its Silverfort integration for end-to-end Identity Security

Silverfort is one of the most underutilized platforms in enterprise security today. A report by Silverfort and Osterman Research found that 83% of organizations worldwide have experienced data breaches due to compromised credentials. Yet most of those same organizations have Silverfort running at a fraction of its configured potential.

Part of the problem is how SOC (Security Operations Center) and MDR (Managed Detection & Response) providers consume it. The other half is the platform itself: without dedicated maintenance, Silverfort drifts. Policies go stale, new attack surfaces go uncovered, and the telemetry your SOC receives gets worse over time.

ACEN solves both. Our specialized Silverfort team keeps the platform sharp, improving coverage as your environment evolves. And with this integration, both teams operate as one. Silverfort’s experts feed our 24/7 SOC with new telemetry and direct knowledge of the AD attack patterns they see across their customer base, and our analysts act on it.

What Most Organizations Do: The Log-Only Problem

Most MDR services and organizations that support Silverfort do exactly one thing with it: ingest logs into their SIEM. That gives you authentication events. It’s better than nothing, but it leaves most of the value on the table.

What you miss at log level is context. Silverfort logs every authentication request across all environments by natively integrating with all identity providers, including Active Directory. That’s not just cloud logins. It’s PsExec, RDP, PowerShell remoting, file share access, legacy application authentication, command-line tools. All of it, correlated against behavioral baselines and risk scores.

Every login, token request, API call, and cross-domain hop is captured in context. Silverfort correlates signals across protocol anomalies, identity behavior baselines, risk scores, and additional indicators. Deviations and chain-tactic behaviors get flagged immediately.

When it’s used only as a passive log source, you’re missing one of the most advanced threat hunting and ITDR (Identity Threat Detection and Response) engines available.

What Changes With Our Full Integration: True Identity Security & Response

Our full MDR integration with Silverfort covers both the on-premise and SaaS versions of the platform.

On the detection side, our SOC has direct access to Silverfort’s Active Directory analytics. This covers Kerberoasting, NTLM relay, AS-REP Roasting, Active Directory Certificate Services abuse, and lateral movement in progress. Attack patterns that blend into normal AD noise become visible. Service account behavioral anomalies, cross-tier access violations, and suspicious authentication sequences all feed into our threat hunting workflows.

The second part is containment. This is where the gap between Silverfort and native AD or Entra ID controls becomes obvious. With AD alone, disabling a user account is your primary lever. With Entra ID, you get Conditional Access, which covers cloud resources reasonably well. But neither gives you inline, real-time enforcement across the full hybrid environment.

Our SOC leverages Silverfort’s containment to stop lateral movement in its tracks, even through tools like PowerShell or PsExec, without requiring a lengthy investigation upfront. Access gets blocked instantly to prevent further spread across on-premise resources, legacy applications, and cloud services simultaneously.

Profile photo of Sepp, one of the ACEN MDR employees.

"We worked closely with Silverfort's product team to unlock the full depth of their API capabilities. These capabilities are not used by most organizations operating at log level. It required dedicated engineering work on both sides."

During an active incident, our teams use Silverfort’s freeze mode to contain ransomware and lateral movement instantly, with the ability to enforce deny policies across both legacy and modern environments.

Entra ID Conditional Access does not reach your on-premise legacy applications. AD group policy changes take time to propagate. Without Silverfort, neither one blocks a live lateral movement attempt at the authentication layer in real time.

With these capabilities, ACEN delivers true Identity Threat Detection and Response (ITDR).

One of our employees sitting at his desk, looking at two monitors.

Do you run Silverfort and MDR? Or are you interested in doing so?

If you have Silverfort and want to take it to the next level or want to improve your identity protection capabilities, contact us or take a look at our MDR service.

Share this article

Interested in learning more about our solutions and how they can benefit your business?

Contact us now for personalized insights and solutions.

Related articles

Visual showing a physical certificate rolled up and '2027' with a danger icon.

Starting in 2027, 47-day certificates will challenge every business

Digital certificates are everywhere today. They secure websites, protect applications, encrypt communications, and form...
Image of Cybersecurity experts Kelvin Bogaerts and Andres Van der Steen in the office.

A day in the life of two Cybersecurity Consultants: Meet Kelvin and Andres

Explore valuable insights from Andres and kelvin, two Cybersecurity Consultants who started out through...
Image of someone holding a phone with an indetity check on teh screen.

AI agents will redefine Identity Security

How do you control agents? Who owns them? Who's accountable? And how to you...

Subscribe to our newsletter

We only use your e-mail address to send newsletters.

We do not pass on your address to third parties.

Security as a Service

Experience peace of mind with our Security as a Service – your company’s ultimate shield against threats, featuring reliable 24/7 protection, local support, and a tailored approach to meet all your unique security needs.

We are looking for talent

Check out our careers platform and discover our wide range of cybersecurity opportunities!