What is Identity Threat Detection and Response (ITDR)?

What is ITDR?

Identity Threat Detection and Response helps incident responders and Security Operations Center (SOC) personnel understand the context of identities operating in hybrid and multi-cloud environments, detect identity-based attacks, and respond quickly—even automatically—to prevent damage.

Unlike other threat detection tools like Managed Detect and Response (MDR), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR), ITDR solutions are designed specifically to protect your identity attack surface. For example, they detect and respond to account takeovers such as MFA bombings, brute-force attacks and related incidents across identity systems, SaaS and cloud.

ITDR provides end-to-end visibility of your identity attack surface, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Importantly, ITDR solutions can attribute privileged behavior in the cloud to a unique identity (human or machine) rather than a group of users with a shared account. 

ITDR solutions help you proactively reduce risk by:

• Discovering the most vulnerable identities operating in your environment, including overprivileged, stale, or unused identities.
  
  
• Determining the potential impact if those identities were to be compromised. Detailed assessments of risk account for factors such as usage, accessibility, data sensitivity, and potential consequences of an attack.
  
  
• Detecting anomalous behavior of identities, compared with baseline behavior. High-quality identity signals deliver actionable insight to help prioritize alerts and shorten response times. ITDR solutions integrate into tools and workflows used by your Security Operations Center (SOC) such as Security Investigation and Event Management (SIEM) solutions. 
  
  
• Taking appropriate actions to prevent compromises from occurring by finding and fixing misconfigurations and rightsizing permissions.
  
  
• Containing identity-related attacks in progress, including attempts to gain initial access with compromised credentials or escalate privileges if attackers are already inside, to reduce the potential blast radius.

ITDR by itself isn’t a silver bullet to improve your identity security posture. It’s part of a comprehensive approach. Just as ITDR breaks down silos in the cloud, it also breaks down silos in your organization. It brings IAM, security, and incident response teams together because they have a complete, accurate picture of identity and access in the cloud, a shared understanding of risk, and clear steps for remediation. 

More ITDR Resources:

Whitepapers

The Buyer's Guide to ITDR

Products

Delinea Identity Threat Protection

Blog

Protect against identity-based attacks with identity threat detection and response