Identity security threats are a significant concern for businesses, particularly those with Active Directory environments. The 2022 ITWeb Security Summit will feature a presentation by Forestall and Cyberrey, showcasing their comprehensive approach to protecting Active Directory environments against advanced threats.
The Threat Landscape
Active Directory remains the backbone of identity management for 90% of Fortune 1000 companies, making it the primary target for sophisticated cyber attacks. Research shows that 80% of organisations have experienced identity-related breaches, with 90% of security incidents involving Active Directory vulnerabilities.
- Attackers are increasingly targeting identity infrastructure as the path of least resistance for ransomware deployment and data theft.
- Research shows that 93% of organisations have insufficient privilege access and lateral movement controls.
- 87% struggle with limited adoption of modern security frameworks.
The Challenges Faced by African Enterprises
Across the African continent, we’re seeing a rapid expansion of digital infrastructure without corresponding growth in cyber security expertise. Identity security, particularly around Active Directory, represents one of the most critical yet overlooked vulnerabilities in the region’s security posture.
“The weaponisation of Active Directory has evolved dramatically in recent years,” says Atanur Elmasoğlu, Co-Founder of Forestall. “Attackers are increasingly targeting identity infrastructure as the path of least resistance for ransomware deployment and data theft.”
Research Findings and Recommendations
Research presented by Forestall reveals the most significant findings from ransomware response engagements, highlighting a concerning security landscape.
- 74% of organisations lack multi-factor authentication.
- 65% have inadequate information protection control.
- 74% implement insufficient application security practices.
- 86% show insecure configuration of identity providers.
- 93% of organisations have insufficient privilege access and lateral movement controls.
The Complexity of Modern Identity Infrastructures
The complexity of modern identity infrastructures creates a severe visibility gap for most organisations. They typically lack awareness and understanding of identity-based attack paths, misconfigurations and vulnerabilities. Analysis shows that 90% of attack paths contain three steps or more, and the same percentage of organisations can be compromised by an unprivileged account. “Defenders think in lists, but attackers think in graphs,” explains Furkan Özer, Co-Founder of Forestall. “This fundamental difference in perspective gives attackers a significant advantage when targeting complex Active Directory environments.”
Challenges in Remediation
Organisations face numerous challenges when remediating Active Directory exposures.
| Top Issues | Percentage |
|---|---|
| Minimising downtime | 46% |
| Lack of visibility to AD exposures | 38% |
| Researching the exposure | 37% |
| Prioritising the exposure | 34% |
| Lack of personnel or expertise | 31% |
A Procrastination Loop
Aadil Khan, Channel Director: Africa at Cyberrey, paints a picture of the regional challenges: “African businesses are struggling with a real cyber security talent shortage right now. When you combine that with how quickly attackers are finding new ways to exploit Active Directory, it’s creating a dangerous situation. Many organisations don’t realise their entire network can be compromised through misconfigurations in Active Directory that have existed for years.”
A Solution to Address Identity Security Challenges
The partnership between Forestall and Cyberrey brings a multifaceted approach to address these identity security challenges:
The solution highlights critical attack paths and vulnerabilities that would otherwise go undetected until it’s too late.
- Prioritise the identity attack surface: Understanding threats from attackers’ perspectives and identifying “crown jewels” of interest to potential attackers.
- Continuous attack path management: Defining and cutting off nested attack paths to prevent privilege escalation and lateral movement between identities.
- Analyse security posture and risk exposure: Measuring attack paths’ risk levels and potential business impact.
- Be aware of misconfigurations: Identifying and remediating identity-centric weaknesses, misconfigurations and vulnerabilities.
- Prevent new problems: Monitoring changes and stopping new attack paths before they form.
The Forestall Platform
The Forestall platform, distributed across Africa by Cyberrey, provides critical insights into identity security environments, revealing that:
- At least 1% of identities are of high interest to attackers.
- 90% of AD environments can be compromised by an unprivileged account.
- 24% of relations cause privilege escalation paths.
- 10% of objects are stealth/shadow admins.
- 15% of stale objects can abuse business-critical identities.
The Road Ahead
“Our solution gives organisations the visibility and control they’ve been lacking,” says Özer. “By implementing a graph-based approach to identity security, we enable security teams to see their environment the way attackers do.”
In Africa, keeping Active Directory secure has become a major challenge. Companies are quickly adopting new digital tools, but many don’t have the security know-how to protect them properly. This creates a risky situation where Active Directory – basically the control centre for who can access what in a company – becomes an easy target for hackers. When Active Directory gets compromised in African companies, the damage is often worse than in other parts of the world because these businesses have fewer resources to recover. It’s not just an IT problem; it can threaten the entire business. Forestall and Cyberrey’s partnership directly addresses these realities by bringing practical identity security solutions tailored for the African market. Their collaboration focuses on making Active Directory security accessible without requiring specialised expertise. By providing tools that clearly visualise attack paths and vulnerabilities within Active Directory environments, they help security teams identify and remediate the exact issues that attackers would exploit. This approach allows organisations to dramatically improve their identity security posture with existing resources while supporting continued digital growth.
