Identity threat detection and response tools help identify and block credential compromise, privilege misuse and other damaging attacks.
Mobile and the cloud make it possible for users to access data, applications, and other IT resources from any location and any device. Users demand this flexibility, and organizations are willing to provide it to maximize productivity and efficiency. However, these capabilities also make security far more complex than it used to be.
A clearly defined network perimeter has been replaced by a dynamic perimeter based on user identities. Rather than focusing on keeping threats outside the traditional network perimeter, organizations need to control network access by managing user identities and strictly enforcing access control policies.
Identity management refers to the definition and management of user access privileges, and the policies that determine how those privileges are granted or denied. It also helps IT teams manage user credentials and privileges throughout their lifecycle and ensure the uniform enforcement of policies across all systems.
However, identity management tools cannot detect unauthorized access. That’s why organizations need identity threat detection and response (ITDR).
What Is ITDR?
Gartner coined the term ITDR to describe a class of security tools and a set of best practices for protecting the identity environment. It became a separate segment of the cybersecurity market in 2022.
ITDR incorporates aspects of identity management and extended detection and response (XDR). Identity management encompasses technologies such as strong authentication and access controls. XDR tools collect data from across the IT environment, providing greater visibility and enabling rapid threat detection and response.
ITDR similarly combines proactive and reactive tools. It can analyze user credentials and permissions to identify dormant accounts and excess privileges — common sources of security threats. It can also detect and remediate policy misconfigurations. At the same time, ITDR can monitor activity during and after authentication to detect potential threats, such as attempted access from an unknown device or unusual location. It can respond by requiring additional authentication or even shutting down a remote access session.
Why Adopt ITDR?
ITDR is increasingly critical in today’s threat environment. According to the 2023 ForgeRock Identity Breach Report, unauthorized access was the root cause of 49 percent of data breaches. The 2023 Verizon Data Breach Investigation Report found that stolen credentials were used as the initial access in 86 percent of breaches. These attacks are among the most difficult to detect.
A 2023 study by Enterprise Strategy Group found that 76 percent of organizations experienced multiple attacks involving compromised credentials over the past year. Remarkably, however, just 62 percent of organizations make multifactor authentication mandatory across all user accounts.
Identity management tools handle user authorization and authentication but leave security gaps that attackers know how to exploit. These gaps are especially prominent in a multi-cloud environment because each platform has its own user access controls. ITDR fills those gaps by detecting account takeovers, escalation of privileges and other types of credential misuse.
Complementary Solution
ITDR can help organizations implement zero-trust principles. In a zero-trust approach, all users and devices are assumed to be threats until their identity has been verified. ITDR strengthens user trust by detecting unauthorized access after the initial authentication. Additionally, ITDR tools help enforce least-privilege access, which is a foundational component of zero trust.
ITDR can also enhance endpoint detection and response (EDR). EDR tools monitor activity on desktops, laptops and mobile devices and analyze this data to identify threats. ITDR complements this effort by identifying possible attacks using compromised credentials, gathering data and isolating affected devices.
Before adopting ITDR, organizations should ensure that they have robust processes and policies for managing user identities. This should include procedures for granting and revoking access and enforcing least-privilege access principles. IT teams should thoroughly evaluate ITDR solutions to ensure integration with existing security controls. Finally, IT teams should develop an incident response plan for unauthorized access, and what aspects can be automated through the ITDR solution.
