In this interview, Furkan Özer, Co-Founder of Forestall, explains why organisations must adopt an adversary-centric approach, focusing on how attackers actually operate, to identify exploitable paths, reduce risk, and secure increasingly complex identity ecosystems.
What is Forestall, and what do you offer to the market?
At Forestall, we provide an Identity Security Posture Management (ISPM) solution. With this, we analyse our customers’ identity environments, including identity and access management platforms such as Active Directory and Entra ID.
We identify risk points, such as misconfigurations, excessive privileges, and complex attack paths, before attackers can exploit them. Essentially, we provide a proactive solution that detects risks and misconfigurations before an attack happens.
You describe yourselves as an adversary-centric cybersecurity company. What does that mean in practical terms, and how is it different from traditional approaches?
That’s correct. There are many cybersecurity products in the market, and many focus on compliance or identifying theoretical vulnerabilities. However, not all of these issues are actually exploited by attackers.
Our approach is different. We think and operate like real threat actors. We analyse how attackers behave in real-world environments and focus on identifying the vulnerabilities they actually exploit.
So instead of highlighting hypothetical risks, we prioritise real, exploitable attack paths—those that attackers are actively using.
Are you using AI-driven security analytics, particularly for identity-based threats?
Yes, we are using AI in two key ways. First, we analyse AI-related identities, such as cloud-based AI agents. We evaluate their permissions and relationships with other identities and resources, helping us identify risks and exposure.
Second, in our upcoming release, users will be able to interact with our platform through an AI interface. For example, they can generate reports or query insights simply by using natural language.
Do you think identity has effectively become the new security perimeter?
Absolutely. Identity is already the new perimeter.
There’s a common saying: attackers don’t break in, they log in. Most attackers use exposed or stolen credentials to gain initial access. From there, they move laterally and escalate privileges using identity misconfigurations.
So identity is now central to how attacks happen.
With the rise of agentic AI and autonomous systems, can traditional IAM solutions keep up? Can your platform secure non-human identities as well?
That’s a very important question. Yes, we analyse machine identities, especially within Active Directory and Entra ID. This includes service principals and machine accounts.
As AI agents become more autonomous, they can access resources independently if they have the necessary permissions. This creates new risks.
Both our platform and the broader cybersecurity industry need to adapt to this shift. We are already working on analysing AI agent identities and identifying their exposure and potential blast radius.
What are your priorities for global expansion, particularly in the Middle East?
The Middle East is a key focus for us, especially the UAE and Saudi Arabia.
We already have a presence in Dubai, and our goal over the next one to two years is to expand further across the Gulf region. We are also aligning our solutions with regional regulatory requirements.
For example, we are integrating frameworks such as the UAE’s Information Assurance Regulations (IAR) from TDRA, and we are working on additional compliance frameworks in Saudi Arabia and other markets.
How do you see demand for identity security evolving across sectors like BFSI, government, and telecom?
Demand is growing rapidly. New categories such as ISPM and Identity Visibility and Intelligence Platforms (IVIP) are gaining traction.
Traditionally, organisations relied on PAM, IAM, or IGA solutions. However, recent incidents and evolving threats are driving demand for deeper identity visibility and risk analysis. According to industry reports, including Gartner, sectors like BFSI and government are expected to increasingly adopt these solutions through to 2028.
