Sophos Unveils ITDR to Combat Rising Identity Attacks
▼ Summary
– Sophos launched Identity Threat Detection and Response (ITDR), a solution that monitors identity risks, scans for compromised credentials on the dark web, and integrates with Sophos XDR and MDR for rapid response.
– This launch follows the Secureworks acquisition and marks the first fully integrated Secureworks solution into the Sophos Central platform, enhancing security for 600,000 customers.
– Identity-based attacks are a fast-growing threat, with a 106% increase in stolen credentials on the dark web and compromised credentials being the top root cause of attacks for two consecutive years.
– Sophos ITDR features include continuous identity posture checks, dark web monitoring, AI-driven detections for attacks like kerberoasting, and automated response actions such as account lock and password reset.
– The solution provides complete visibility into identity risks, strengthens security posture with user behavior analytics, and enables immediate remediation through integrated response actions in platforms like Microsoft Entra ID.
In today’s complex digital environment, identity-based attacks represent one of the fastest-growing cybersecurity threats, prompting Sophos to introduce its new Identity Threat Detection and Response (ITDR) solution. This advanced capability integrates directly with the Sophos XDR and MDR platforms, delivering continuous monitoring for identity risks and configuration weaknesses while actively scanning dark web sources for compromised credentials. Organizations can now rapidly identify and address identity-focused attacks while pinpointing dangerous user behaviors that threaten business operations.
This strategic product launch marks a pivotal development following the Secureworks acquisition, significantly expanding Sophos’ security offerings. It stands as the inaugural Secureworks technology fully embedded within the Sophos Central ecosystem, delivering enhanced security operations for the company’s global base of 600,000 customers.
The urgency for such protection stems from alarming threat intelligence. Sophos X-Ops documented a 106 percent surge in stolen credentials available on dark web markets between June 2024 and June 2025. The Sophos Active Adversary Report further revealed that compromised credentials remained the primary attack vector for the second consecutive year, with 56 percent of investigated incidents involving attackers accessing remote services using legitimate account information.
“Cloud adoption and remote work arrangements have dramatically expanded the identity attack surface, creating fresh opportunities for cybercriminals,” explained Rob Harrison, Senior Vice President of Product Management at Sophos. “Complex identity and access management systems with constantly evolving settings inevitably create security gaps that attackers actively exploit. Our ITDR solution directly addresses these vulnerabilities by providing customers with accelerated visibility into identity risks, continuous credential compromise monitoring, and seamless integration with Sophos XDR and MDR for swift, analyst-driven response.”
The Sophos ITDR platform identifies identity vulnerabilities while providing protection and detection capabilities against all documented MITRE ATT&CK Credential Access techniques. The system executes over 80 cloud identity posture assessments, monitors dark web channels for compromised credentials, and employs AI-powered detection to identify sophisticated identity attacks including kerberoasting, privilege escalation, account takeover, brute force attempts, and lateral movement activities. Integrated response playbooks enable automated remediation measures such as account locking, password resets, multi-factor authentication updates, and session termination.
Sophos Expands Cyber Defense with New ITDR Capabilities
Sophos has introduced advanced Identity Threat Detection and Response (ITDR) features designed to strengthen protection across enterprise identity systems.
At the center of this upgrade is the Identity Catalog, a capability that delivers full visibility across user accounts, service identities, and applications, eliminating the blind spots that often enable attackers to move laterally within networks.
The ITDR platform integrates directly with Sophos XDR and MDR, automatically opening cases when identity-based threats or high-risk anomalies are detected. For managed service customers, Sophos analysts take the lead in investigating incidents and deploying response actions, helping organizations shorten remediation timelines and reduce exposure.
An Information Security Director at a major financial services firm said the solution “transformed our visibility into identity risks and simplified management processes,” adding that “having identity data accessible within Sophos XDR has been a fundamental improvement to our overall security posture.”
Another Chief Information Security Officer emphasized that “identity protection is now the critical frontier in cybersecurity defense,” noting that Sophos ITDR “delivers the automation and clarity needed to stay ahead of attackers by covering the full identity spectrum, from users to service accounts and applications.”
Sophos partners can access dedicated enablement resources and sales tools through the Sophos Partner Portal to help customers implement the new ITDR capabilities effectively.
(Source: MEA Tech Watch)
