Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

Blog

Business Cyber Security Business Network Security Cloud Security Cyber Security Cyber Security Awareness Cyber Security News Cyber Security Threats Cyber Security Tips cyber security warning cybersecurity cybersecurity awareness Data Security Email Security Endpoint Security Identity Threat Detection Identity Threat Detection and Response IT Security Strategy ITD ITDR
_

Sophos New Offering: Identity Threat Detection and Response (ITDR)

Identity as the New Attack Surface

Being a Sophos Partner for many years, we are always excited about new offerings they come out with.  As our clients have embraced cloud and remote-first environments, identity systems have emerged as a primary target. According to Sophos X‑Ops, there was a 106% year-over-year increase in stolen credentials on the dark web between mid‑2024 and mid‑2025. Meanwhile, 56% of Sophos Active Adversary incidents involved attackers using valid credentials to access remote services. These trends reflect findings from IBM and Verizon stating that over 80% of breaches involve credential misuse. As a result, ITDR tools—that detect and respond to identity-based attacks—have become essential, with Gartner ranking them as a top priority for 2025.

Introducing Sophos ITDR

Sophos launched Identity Threat Detection and Response (ITDR) in October 2025 as part of its SecOps portfolio, fully integrated into Sophos Central, and leveraging Secureworks Taegis IDR following their acquisition. ITDR extends the capabilities of Sophos XDR and MDR, adding continuous monitoring of identity configurations, compromised credentials, and anomalous behavior.

Features

  1. Identity Catalog & Posture Dashboard
    • Automatically builds an inventory of identities across Microsoft Entra ID and other systems, uncovering hidden accounts and shadow admin privileges.
    • Runs over 80 posture checks to detect misconfigurations, dormant accounts, MFA gaps, and excessive privileges.
  2. MITRE ATT\&CK Credential Access Coverage
    • Detects methods attackers use to steal or misuse credentials—including kerberoasting, brute-force, password spraying, privilege escalation, and lateral movement.
  3. Compromised Credential Detection
    • Continuously monitors the dark web and breach repositories, alerting when any organizational credentials appear for sale or in leaks.
  4. Behavioral Analysis (UEBA)
    • Utilizes AI-driven detection to uncover suspicious login behavior—like atypical location or timing—that may signal compromise or insider threats.
  5. Automated, In-platform Remediation
    • Offers built-in playbooks to lock accounts, reset passwords, invalidate sessions, and refresh MFA.
    • Actions can be automated or handled manually via XDR/MDR workflows.

Technical Architecture

  • Data Collection: Ingests telemetry from cloud identity platforms (like Microsoft Entra ID), XDR agents, and Sophos Central logs.
  • Threat Intelligence: Embedded with X‑Ops and Secureworks CTU data, bringing dark web insights and global breach analytics.
  • Detection Engine: Correlates identity configuration issues, credential exposures, and behavioral anomalies within the ATT\&CK framework.
  • Response Orchestration: Integrated with XDR and MDR to initiate automated or analyst-driven responses.
  • Dashboard & Reporting: Centralized interface showing posture scores, alerts, breaches, and remediation actions.

Use Case: Sophos Internal Deployment

Sophos applied ITDR to its own Entra ID environment. Within 45 minutes of activation, the team uncovered:

  • Over‑permissive third-party app permissions
  • Device access loopholes permitting unmanaged devices
    These were issues undetected by annual audits but spotted immediately by ITDR’s ongoing checks.

Integration & Extensibility

  • Sophos Central: Flows naturally into the centralized view alongside endpoint, network, and cloud defenses.
  • XDR/MDR Support: Alerts escalate into MDR cases for human-guided response, or trigger XDR actions automatically.
  • Human & AI Intelligence: Combines X‑Ops threat intelligence with AI-driven detection and packaged with Secureworks expertise.

Why It Matters Now

  • Escalating credential leaks and identity-based breaches are reshaping the threat landscape.
  • Traditional IAM hygiene and static audits are insufficient for dynamic identity configurations and threat evolution.
  • ITDR fills a crucial gap by merging posture, detection, and response within a single operational plane.

Sophos ITDR addresses this head-on by proactively identifying risks, monitoring real-time threats, and enabling rapid remediation—all centrally managed and threat-informed.

Sophos ITDR is a sophisticated fusion of dark-web credential monitoring, continuous posture checks, ATT\&CK-based detection, UEBA insights, and automated remediation—all designed to strengthen identity security within the existing XDR/MDR ecosystem. For organizations treating identity as a perimeter, ITDR is becoming an indispensable layer of defense.

3

Leave a comment

Your email address will not be published. Required fields are marked *