Skip to content

Cross-forest authentication with Thinfinity: secure multi-domain access

Introduction 

In modern enterprises, IT environments often span multiple Active Directory (AD) forests, hybrid cloud platforms, and external identity providers (IDPs) such as Azure Entra ID, Okta, and PingID. Securely managing authentication across these disparate environments is a critical challenge for CIOs, CISOs, and IT administrators.

Thinfinity provides a powerful Cross-Forest Authentication solution through Global Account Mapping, ensuring seamless user authentication across multiple domains while maintaining a Zero Trust Security Model. This article explores how Thinfinity achieves secure cross-domain authentication, leveraging 2FA, external IDPs, and directory federation.

 
 

What is cross-forest authentication?

Defining active directory (AD) forests

An Active Directory forest is the highest-level security boundary in a Windows Server environment. Multiple forests can exist within an organization due to:

  • Mergers & Acquisitions: Different companies with separate AD infrastructures.
  • Security Segmentation: Isolating user groups or business units.
  • Geographic Distribution: Multiple regional offices managing separate IT infrastructures.
 

Challenges in cross-forest authentication

Cross-forest authentication becomes a challenge when users need to access resources outside their native AD forest. The main obstacles include:

  1. Credential Duplication: Users often require separate accounts for each domain.
  2. Lack of SSO (Single Sign-On): Logging into multiple domains requires multiple authentications.
  3. Security Risks: Traditional authentication mechanisms expose organizations to credential theft and privilege escalation attacks.
  4. Limited Integration with Modern IDPs: Many enterprises are moving to Azure Entra ID, Okta, and other cloud IDPs but still require legacy on-premises AD integration.

Cross-Forest Authentication Challenges

Cross-forest authentication challenges: credential duplication, lack of SSO, security risks, and limited IDP integration (Azure Entra ID, Okta)

The need for a secure cross-forest solution

To address these issues, organizations require:

  • A unified authentication mechanism that works across AD forests.
  • Seamless integration with cloud IDPs like Azure Entra ID, Okta, OneLogin, and ForgeRock.
  • Zero Trust Network Access (ZTNA) principles that ensure users only access authorized resources.

This is where Thinfinity’s Global Account Mapping comes into play.

Thinfinity’s global account mapping: How it works

Thinfinity simplifies cross-forest authentication by implementing Global Account Mapping, which associates external user identities with Thinfinity accounts and resource identities.

Step-by-Step Process of Thinfinity’s cross-forest authentication

1. External authentication via IDPs & Federation services

  • Thinfinity supports authentication from Google, Microsoft AD, Azure Entra ID, Okta, DUO, Auth0, ForgeRock, JumpCloud, PingID, and OneLogin. 
  • Supports SAML and OAuth 2.0 for federated authentication.
  • Thinfinity validates the user’s identity against their primary domain.

2. Global mapping of user identities

  • Thinfinity maps the authenticated user from an external domain to the internal AD forest account.
  • This ensures that external and internal users are seamlessly linked.

3. Role-based access vontrol (RBAC) enforcement

  • After authentication, Thinfinity assigns roles based on Active Directory groups or Thinfinity IDP policies.
  • Access is granted only to resources authorized for the assigned role.

4. Authorization for specific resources

  • Thinfinity ensures that only mapped identities can access Active Directory, Local Users, and Database-based User Apps (SQL, MongoDB, etc.).

5. Seamless multi-domain access

  • Thinfinity supports authentication and resource access across Corporate Domains and Secondary Domains.
  • This eliminates the need for users to manage multiple passwords across different forests.
Thinfinity cross-forest authentication: SSO, MFA, RBAC, IDP integration (Azure Entra ID, Okta), secure multi-domain access, and role-based authorization
 

Key benefits of Thinfinity’s cross-forest authentication solution

1. Secure access without VPN dependencies

Traditional VPN-based solutions struggle with cross-forest authentication, often requiring complex trust relationships. Thinfinity eliminates these issues by providing direct browser-based authentication using secure web protocols.

2. Seamless integration with Cloud IDPs & Multi-factor authentication (2FA)

Thinfinity integrates with leading identity providers like:

  • Azure Entra ID
  • Okta
  • PingID
  • OneLogin
  • Google Workspace
  • Duo Security
  • Auth0
  • ForgeRock

This ensures that users can leverage existing identity platforms while securing authentication with MFA (Multi-Factor Authentication).

3. Unified identity management with active directory & external domains

Thinfinity creates a centralized authentication layer, mapping external identities to internal AD resources. This allows:

  • Users to log in once and access resources across multiple forests.
  • RBAC (Role-Based Access Control) enforcement to restrict unauthorized access.
  • Elimination of duplicate credentials across different forests.

4. Support for hybrid and Multi-Cloud environments

Many enterprises run workloads across multiple clouds and require cross-domain authentication for:

  • On-premises Active Directory
  • Cloud-hosted Azure Entra ID
  • Hybrid cloud environments (AWS, GCP, Azure, private clouds)

Thinfinity ensures authentication is seamless across these environments, enabling secure access control.

5. Zero Trust architecture (ZTA) compliance

Thinfinity aligns with Zero Trust principles, ensuring:

  • Least Privilege Access: Users can only access authorized applications.
  • Adaptive Authentication: Based on device, location, and risk analysis.
  • Continuous Monitoring: Tracking authentication events and potential anomalies.
 
Thinfinity cross-forest authentication: SSO, MFA, IDP integration (Azure Entra ID, Okta), hybrid cloud support, and Zero Trust compliance
 

Use Cases

Use case 1: Enterprise deployment of cross-forest authentication

Scenario: Multi-Domain Organization with External IDP

A global enterprise has:
  • Corporate AD Domain (HQ)
  • Regional Active Directory Domains (Europe, APAC, Americas)
  • Cloud-based Azure Entra ID for remote users
  • Okta authentication for contractors
Thinfinity’s solution
  1. Users log in using Okta/Azure Entra ID credentials.
  2. Thinfinity maps external users to their corresponding AD accounts in the primary domain.
  3. Users authenticate once and gain access to all authorized applications.
  4. 2FA is enforced on each log in to enhance security.
  5. Access is logged for auditing and compliance.
Outcome

 Seamless authentication across multiple forests

No password duplication or credential sprawl.

Increased security via MFA and RBAC.

Achieving Seamless Enterprise Authentication

Enterprise cross-forest authentication: Thinfinity enables SSO, MFA, RBAC with Azure Entra ID, Okta, secure access, and audit logging.

Use Case 2: MSP-Hosted applications with customer-managed authentication

Scenario: Multi-Tenant MSP with Customer-Managed IDPs

A Managed Service Provider (MSP) offers hosted applications to multiple customers. Each customer:

  • Manages their own Azure Entra ID or Okta authentication.
  • Requires Single Sign-On (SSO) to access MSP-managed applications.
  • Has users in different Active Directory (AD) domains and requires seamless cross-forest authentication.

Challenges faced by the MSP

1. Multi-Tenant Identity Management
  • Customers do not want to provision separate credentials for the MSP’s environment.
  • The MSP must support authentication via each customer’s existing IDP (Azure Entra ID, Okta, etc.).
2. Secure Access Without VPN or Direct AD Trusts
  • VPN tunnels or Active Directory trust relationships with the MSP.
  • Traditional cross-domain authentication methods increase complexity and security risks.
3. Single Sign-On (SSO) to Hosted Applications
  • Users should authenticate once via their own Entra ID or Okta accounts.
  • They should get automatic access to applications hosted in the MSP’s data center or cloud.

Thinfinity’s solution: Global account mapping for MSPs

Thinfinity enables secure cross-forest authentication and SSO between:

Customer-Managed Identity Providers (Azure Entra ID, Okta, PingID, etc.)

MSP-Hosted Applications

Using Global Account Mapping, Thinfinity:

  1. Authenticates users via their customer-managed IDP (Azure Entra ID, Okta, etc.)
  2. Maps the authenticated identity to a corresponding Thinfinity account in the MSP’s domain.
  3. Grants access to MSP-hosted applications via SSO, enforcing Role-Based Access Control (RBAC).

How it works

  1. User logs into Thinfinity using their existing IDP (Azure Entra ID or Okta).
  2. Thinfinity validates authentication via SAML or OAuth 2.0.
  3. Global Account Mapping links the external IDP user to an internal account in the MSP’s environment.
  4. Thinfinity grants SSO access to the MSP’s hosted applications.

Outcome & business impact

Customers authenticate using their existing credentials—no need to manage extra accounts.

 Seamless Single Sign-On (SSO) to MSP-hosted applications.

 No VPNs or direct AD trust relationships required, reducing security risks.

 Full Role-Based Access Control (RBAC) ensures users access only authorized applications.

Thinfinity’s Global Account Mapping Process

MSP cross-forest authentication: Thinfinity enables SSO, MFA, RBAC with Azure Entra ID, Okta, secure access to MSP-hosted applications

Why Thinfinity is the ideal solution for MSPs

  • Multi-Tenant Ready: Supports customer-managed authentication while centralizing access to hosted apps.
  • Cloud-First Security: Enables Zero Trust authentication across multiple identity providers.
  • Seamless Cross-Forest Authentication: Bridges customer IDPs with MSP-hosted environments.
  • Looking to enable secure SSO for MSP-hosted applications? Thinfinity’s Global Account Mapping provides the best solution for multi-tenant authentication.
 
 

Conclusion

Thinfinity’s Global Account Mapping for Cross-Forest Authentication provides enterprises with a secure, scalable, and seamless solution for managing authentication across Active Directory forests and external identity providers.

By integrating Azure Entra ID, Okta, and other IDPs, Thinfinity eliminates the complexities of cross-domain authentication while enforcing Zero Trust security and Multi-Factor Authentication.

With Thinfinity, enterprises can modernize their authentication strategy, ensuring users can securely access resources across all domains, clouds, and hybrid environments.

Key takeaways:

Supports Cross-Forest Authentication without VPNs

Seamless Integration with External IDPs (Azure Entra ID, Okta, DUO, etc.)

Role-Based Access Control (RBAC) & MFA for Security

Zero Trust & Secure Web Access Model

Improves IT Efficiency by Eliminating Credential Duplication

 

About Cybele Software Inc.
We help organizations extend the life and value of their software. Whether they are looking to improve and empower remote work or turn their business-critical legacy apps into modern SaaS, our software enables customers to focus on what’s most important: expanding and evolving their business.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Nord Security 推出 NordStellar 全新的企業威脅管理平台

領先的網絡安全公司 Nord Security 宣佈推出 NordStellar,是一款全新的威脅暴露管理平台(Threat Exposure Management Platform)。

由市場領先的 VPN 解決方案 NordVPN 的開發團隊設計,這款企業級網絡威脅暴露管理平台可幫助企業檢測並應對網絡威脅、保護數據存取、保障帳戶安全、防範詐騙,並降低勒索軟件攻擊的風險。

NordStellar 產品負責人 Vakaris Noreika 表示:「企業通常在數據外洩後才發現問題。此外,監控外部網絡威脅需要投入大量時間和人力資源。NordStellar 讓企業能縮短數據外洩的檢測時間,利用自動化監控節省資源,並降低企業面臨的風險。」

企業遭受網絡攻擊的威脅日益加劇

針對企業的網絡攻擊數量正以驚人的速度增長。根據最新統計,勒索軟件攻擊激增,目前已佔所有資料洩露事件的近四分之一。2023 年,針對身份的攻擊次數增長了 71%。此外,網絡犯罪分子如今經常濫用有效帳戶,這類事件已佔所有事故的 30%。

Noreika 強調,黑客如今不需要尋找複雜的方法來入侵系統,他們只需搜索可能已經在暗網上流通的憑證即可。這種風險正是 NordStellar 能有效緩解的。

NordStellar 如何為企業提供效益

NordStellar 為員工、品牌和企業安全提供全面的保護與暗網監控。它通過降低勒索軟件風險、防止帳戶被盜用、識別惡意軟件暴露、檢測受損憑證以及保護員工免受身份盜竊的威脅,提升企業抵禦網絡攻擊的能力。

「這一新平台使安全團隊能夠在網絡威脅針對企業前採取行動。這種多層次的方法可以迅速識別和減輕內部及外部威脅,從而增強企業的整體網絡安全水平。」Noreika 表示。

 

關於 NordStellar

NordStellar is a threat exposure management platform that enables enterprises to detect and respond to network threats before they escalate. As a platform and API provider, NordStellar can provide insight into threat actors’ activities and their handling of compromised data. Designed by Nord Security, the company renowned for its globally acclaimed digital privacy tool NordVPN.

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

A complete guide to Endpoint Management

 

What is Endpoint Management?

Endpoint Management is a crucial and decisive aspect of IT Service Management. Under this label are gathered the centralized management processes of all devices connected to the corporate network, from desktops to laptops, smartphones, and even IoT devices.

We are thus talking about monitoringupdating, and protecting all these endpoints, with two fundamental objectives: ensuring the highest levels of security and continuously increasing operational efficiency.

The Importance of Endpoint Management in Modern IT Environments

What we have highlighted so far makes the importance of Endpoint Management very clear. But it is essential to look even further.

In a corporate context characterized by increasing employee mobility, the expansion of remote work, and the rise of cybersecurity threats, Endpoint Management has become essential to ensure IT security and operational continuity. Put simply: it is almost indispensable.

Efficient management reduces risks associated with vulnerabilities and security breaches, improves the end-user experience, and helps maintain compliance with ever-evolving industry regulations.

Key Components of an Endpoint Management System

Devices: Desktops, Laptops, Mobile, and IoT

The IT architecture of a modern company is multi-channel and consists of a mosaic of different devices… a mosaic that must be organized and made to work optimally.

An effective Endpoint Management system must cover a wide range of devices, including desktops, laptops, smartphones, and IoT (Internet of Things) devices, which are likely to multiply in every type of company.

Managing heterogeneous devices is more necessary than ever, but it requires flexible solutions that can adapt to the various operational and security needs of each device and, of course, each company.

Software and Patch Management

It’s not just about devices. Endpoint Management also involves managing software and patches.

How? By ensuring continuous software updates (another aspect that helps prevent vulnerabilities that could be exploited for cyberattacks). All this is done with a holistic approach, where all company systems interact seamlessly.

Good centralized patch management also allows for the rapid application of critical updates to all devices, reducing the risk of exposure to threats.

Security and Compliance Controls
 

We know well: implementing robust security measures is essential to protect corporate data and ensure compliance with regulations like GDPR and HIPAA.

Tools such as multi-factor authentication, data encryption, and policy management help maintain high-security standards and address compliance challenges. All tools and solutions must be integrated harmoniously into the company’s IT services. This is also a role of Endpoint Management.

Best Practices for Effective Endpoint Management

There are many best practices for Endpoint Management, and they depend, of course, on the specific characteristics of each company, the industry in which it operates, and the context that surrounds it.

That said, some fundamental pillars can be identified, applicable in most situations; the most important are:

  • The use of standard configuration criteria to maintain consistency and uniformity.
  • Network segmentation to limit and regulate access to critical data.
  • Continuous device monitoring to detect anomalies early.
  • Last but not least, the continuous education and training of IT teams and all employees and collaborators. While we increasingly talk about technologies and automation, the human factor remains central. This must never be forgotten.

Tools for Centralized Endpoint Management

Centralizing endpoint management is crucial for security and efficiency; we’ve discussed this above. It must be done with a focus on the characteristics of the specific company but also by following best practices that are valid in general.

But what tools can make all this concrete and operational?

We are mainly talking about two major categories: Unified Endpoint Management (UEM) and Mobile Device Management (MDM) solutions, which allow monitoring and control of all devices from a single platform.

These tools offer advanced and critical features such as asset inventory, application management, and the distribution of security policies.

Automation in Endpoint Management

The turning point in Endpoint Management has a clear identity: automation. In fact, automation has already brought a real paradigm shift for the entire IT sector.

Specifically, automating patch applications, configuration distribution, and incident response reduces the workload for the IT team and minimizes downtime.

This can be done with maximum simplicity today. But the future holds even more opportunities.

Challenges in Endpoint Management

Security Threats and Vulnerabilities
 

Expanding a company’s technological and digital surface also means increasing the attack surface for cybercriminals.

Put another way: the more devices connected, the more potential access points for malicious actions.

This is why endpoint protection has become an absolute priority. A proactive approach is more necessary than ever, one that includes continuous monitoring and automated threat response. This is exactly what Endpoint Management systems guarantee.

Managing Remote Workforces
 

Remote work is an increasingly leveraged opportunity for companies, particularly in more flexible and hybrid models.

As a result, managing remote devices presents a significant challenge to IT architecture. Ensuring the security and performance of devices used from home requires specific tools like remote support.

In this context, products such as EV Reach allow technicians to access user devices remotely, diagnose, and solve problems without the need for on-site intervention. With advanced features like real-time monitoring and secure system access, EV Reach allows for effective management of remote work challenges, ensuring operational continuity and reducing downtime.

Managing BYOD (Bring Your Own Device) Policies
 

BYOD, or “bring your own device,” has several advantages (in terms of cost savings and convenience for employees and collaborators), but at the same time, it requires managing personal devices used for work purposes. This presents particular challenges in terms of cybersecurity since non-company devices may not meet required security standards.

Defining clear policies and using UEM tools can help mitigate risks, ensuring adequate data protection without sacrificing the benefits and conveniences of BYOD.

Conclusions

The future of Endpoint Management is already apparent in today’s developments.

In summary: a more holistic and integrated vision, the increasing adoption of advanced technologies like artificial intelligence (AI) and machine learning, and the constant development of automation systems with growing emphasis on real-time security management.

Maximizing Security and Efficiency with Modern Solutions
 

Implementing modern Endpoint Management solutions, such as UEM and remote support, helps companies maximize security and operational efficiency. Investing in advanced technologies and automating key processes thus allows risk reduction, improves the user experience, and ensures operational continuity.

All within a single, decisive virtuous cycle.

FAQ

What is Endpoint Management?
 

Endpoint Management is the process of managing all devices connected to the corporate network, aimed at ensuring security, compliance, and performance optimization.

What devices are included in Endpoint Management?
 

Desktops, laptops, smartphones, tablets, and IoT devices are all managed centrally to ensure uniform control, even in BYOD mode.

Why is Endpoint Management important for remote work?
 

Because it allows monitoring and protection of employee devices working outside the office, greatly reducing security risks and improving operational continuity.

Request a demo or trial

About EasyVista  
EasyVista is a leading IT software provider delivering comprehensive IT solutions, including service management, remote support, IT monitoring, and self-healing technologies. We empower companies to embrace a customer-focused, proactive, and predictive approach to IT service, support, and operations. EasyVista is dedicated to understanding and exceeding customer expectations, ensuring seamless and superior IT experiences. Today, EasyVista supports over 3,000 companies worldwide in accelerating digital transformation, enhancing employee productivity, reducing operating costs, and boosting satisfaction for both employees and customers across various industries, including financial services, healthcare, education, and manufacturing.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Inside a hackers’ playbook for 2025: What to watch for

 

Summary: We spoke with Mary D’Angelo about how “moving left of the boom” in the cyber kill chain can help your business stay secure.

Why can unskilled cybercriminals now run sophisticated attacks? Will cybercriminals outpace us in an AI arms race? And what is the next big thing in cybersecurity in 2025?

We asked Mary D’Angelo, a threat intelligence and dark web expert, for her insights on emerging cyber threats and how businesses can prepare to protect themselves.

The interview’s highlights

  • AI and cybersecurity in 2025: 2025 is definitely going to be an AI arms race, with cybercriminals versus us.
  • Key industries under attack: Financial, healthcare, and manufacturing will still be the hardest-hit sectors.
  • The kill chain, cybercriminal tactics: Cybercriminals often follow the cyber kill chain, starting with gathering intel and ending with data exfiltration.
  • Moving “left of boom” with threat intelligence: Threat intelligence lets you disrupt attacks during the reconnaissance phase before they escalate.
  • The importance of proactive defense: No business is too small to be attacked, so businesses should make it more difficult for cybercriminals.

Cyber threats in 2025

Key insight #1: 2025 is going to be an AI arms race, with cybercriminals vs. us

NordLayer: As we closed 2024, what was the most common cyber threat?

Mary D’Angelo: The most common threat has been ransomware and other financially motivated attacks, a trend that is likely to continue in 2025. These attacks will become even more common because of the lower barrier to entry. Now, even relatively unskilled hackers can access different tools, like AI and malware, to run sophisticated attacks.

An example of this is the Lockbit source code leak that happened early in 2024. Many cybercriminals gained access to it, made minor tweaks to the code, and then deployed it onto their victims’ networks.

NordLayer: Gartner predicts that 25% of breaches will involve AI by 2028. What are the emerging threats in 2025 we should brace for, in your opinion?

Mary D’Angelo: I saw that stat, too, and I thought it was a really, really low number. From the research that I’ve done and the attacks that I’ve seen, most already include some level of AI. So by 2028, I think most attacks, not just 25%, will be using AI. 2025 is definitely going to be an AI arms race, with cybercriminals versus us.

Deepfakes will definitely be a huge one. Fake videos will be mostly used for social engineering tactics, and even phishing attempts will be automated by AI. For example, the content of phishing emails will seem much more authentic.

Another thing is AI-powered malware. It’s very sophisticated and can evolve based on the environment it’s in, making it harder to detect and neutralize.

There are also AI-poisoning tactics. As the name suggests, these involve manipulating AI models in security systems so that they produce incorrect results in cybersecurity operations. It’s a bit like the cat-and-mouse game, really.

 

NordLayer: These AI threats mean companies need to be more proactive. With cybercrime expected to cost $13.82 trillion by 2028, which industries will be hit hardest next year?

Mary D’Angelo: I think it’s the same as in 2024, so financial, healthcare, and manufacturing. Financial because it’s the most lucrative. Healthcare is often low-hanging fruit. Threat actors know it is stretched thin without the budget and resources to adopt better tools. However, healthcare has incredibly valuable data, which will always be a target. Manufacturing is at risk, too, mostly due to shadow IT and legacy systems. The infrastructure is often outdated, making it easier for threat actors to exploit.

However, there are attackers with a moral code. Some won’t target hospitals because of the ethics behind it. But they’ll justify attacking banks and large financial organizations. So, the financial sector will always be a top target.

Key insight #2: Bad actors typically use the cyber kill chain approach to carry out attacks

NordLayer: How do cybercriminals typically plan their attacks?

Mary D’Angelo: When you say cybercriminals plan their attacks, I think that gives them too much credit. They’re usually financially motivated, opportunistic, and sporadic. They’ll do research on who they want to target, but it’s not incredibly thorough because they look for the easiest prey and easy money.

NordLayer: And what tactics do cybercriminals use?

For their reconnaissance, they’ll go into the dark web, where many initial access brokers sell credentials at a decent price. But they follow what is called the cyber kill chain. It’s like the steps a threat actor takes to achieve their objective. The kill chain is basically six or seven stages, but it always starts with gathering intel. Then you have weaponization, where you develop the weapon you plan to use. Then, you have your command and control stage. Finally, data exfiltration or the attack.

NordLayer: The cyber kill chain is the hackers’ playbook, right?

Mary D’Angelo: Yes, the MITRE ATT&CK framework does a great job of defining the tactics a threat actor uses when trying to exfiltrate data from a network. Cybercriminals often don’t deviate from their playbook because it works. As the saying goes, if it ain’t broke, don’t fix it. They’ll try new approaches only when access is taken away from them, forcing them to start over.

It’s unfortunate, but organizations often fall behind because they lack the resources to implement better detection and response tools. Smaller organizations, including hospitals, don’t have those resources and hence are more vulnerable.

NordLayer: Given the threats and hacker tactics we’ve just discussed, what are the top 5 challenges businesses face this year?

Mary D’Angelo: Patching, technical debt, and legacy systems will be big challenges. Cloud security is still in its infancy for many organizations, so we’ll need to work on it collectively. Exposed and misconfigured vulnerabilities within systems also need attention.

Threat-specific responses

Key insight #3: “Moving left of boom” lets you stop attacks before they start.

NordLayer: How can threat intelligence solutions and security solutions work together to prevent cyber threats?

Mary D’Angelo: When it comes to threat intelligence, there are three buckets: tactical, operational, and strategic. If these three work alongside security operations, they can help you be more defensive rather than constantly reacting at the last minute. This way, you’re not always on the edge of your seat when threats or attacks come in.

Tactical threat intelligence helps security operations by providing background on indicators of compromise and ongoing threats. Strategic threat intelligence is about planning for the year. Executives will identify the ransomware groups more likely to target their organization and their tactics, then build a defense plan for the year to stay strong against them. Operational intelligence is about the day-to-day, ensuring your business has the right intel to respond effectively.

Most security tools don’t alert you until stages two or three of the kill chain. The advantage of dark web intelligence and threat intelligence is that you can be alerted at the very first stage—during the reconnaissance phase. This is when threat actors are doing their research to identify their next victim and how they plan to attack. By catching the threat early, you disrupt the cybercriminal, forcing them to start over with someone else.

That’s why threat intelligence is a powerful tool for organizations if done correctly and made actionable.

NordLayer: Threat intelligence has the power to break this cyber kill chain. How does it work?

Mary D’Angelo: Organizations often track their key criminal groups through strategic threat intelligence. For example, if I were in healthcare, I’d focus on the threat actors targeting the healthcare industry and understand their tactics and techniques. Once I identify these groups, I can set up systems to detect their activity.

A good analyst tracking the right dark web forums and marketplaces might come across an initial access broker selling credentials for a hospital. These brokers are very sneaky—they don’t directly name the hospital but mention the industry and the company’s revenue size. But if you’re sharp, you can identify the target hospital.

Once you know the attack is targeting you, you’re ahead of the game. The broker sells privileged access to the hospital, which could lead to a breach. By spotting this early, you can take action to mitigate the threat.

We always say “move left of boom,” a military term. It’s about getting as far left on the kill chain as possible. Instead of being alerted at stage three, when you’re panicking, you can act early and prevent the attack before it escalates.

NordLayer: So moving to the left of the kill chain also means always upgrading your security?

Mary D’Angelo: Yes, absolutely. Stressing that no business is too small to be attacked is never enough. So gear up for it and make it more difficult for cybercriminals.

NordLayer: Thank you very much for your insights.

Mary D’Angelo is a Cyber Threat Intelligence Solutions Lead at Filigran, where she focuses on democratizing threat intelligence. She started her career at Darktrace before joining Searchlight in 2021.

Outside of work, Mary is dedicated to supporting child safety initiatives through the Innocent Lives Foundation. She’s passionate about sharing her knowledge and continuing to learn as the cybersecurity field evolves.

How can NordLayer help?

Cybersecurity can feel overwhelming, but it starts with building awareness of safe digital practices. From there, focus on easy-to-deploy tools or partner with an MSP or MSSP to protect against opportunistic attacks.

NordLayer is a toggle-ready platform that offers comprehensive security to protect your business. Our solutions include:

We also recommend multi-layered Zero Trust Network Access (ZTNA) policies for stronger network protection. Need help? Our sales team is always ready to guide you every step of the way.

Monitoring the dark web is crucial for staying ahead of threats. This is where NordStellar comes in. It tackles vulnerabilities during the reconnaissance phase of the cyber kill chain.

The platform automates key security tasks, such as:

  • Dark web monitoring to track company-related risks
  • Leaked data management to protect employees and customers
  • Attack surface assessments to identify and mitigate potential weaknesses.

Together, NordLayer and NordStellar provide a proactive, multi-layered defense to protect your business.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×