Sophos Launches ITDR to Protect Against Identity Based Attacks
Expands Sophos SecOps portfolio to deliver faster detection of identity risks and compromised credentials
Sophos, a global leader in cybersecurity solutions, has announced the launch of Sophos Identity Threat Detection and Response (ITDR), a new addition to its Sophos XDR and Sophos MDR offerings. The solution continuously monitors customer environments for identity risks and misconfigurations while scanning the dark web for compromised credentials.
With identity based attacks becoming one of the fastest growing cyber threats, Sophos ITDR enables organizations to detect and respond to such incidents faster and identify risky user behaviors before they escalate.
This marks the first Secureworks solution fully integrated into the Sophos Central platform following Sophos’ acquisition of Secureworks, strengthening its end to end security operations for more than 600,000 customers worldwide.
According to the Sophos Active Adversary Report, compromised credentials remain the leading cause of cyber incidents for the second consecutive year, with 56 percent of cases involving attackers using valid accounts to log in to external remote services. The report also highlights a 106 percent increase in stolen credentials available for sale on the dark web between June 2024 and June 2025.
“Cloud and remote work have expanded the identity attack surface and created new opportunities for attackers,” said Rob Harrison, SVP, Product Management at Sophos. “Complex identity and access management systems create gaps that attackers exploit. Sophos ITDR helps close those gaps by giving customers faster visibility into identity risks, monitoring for compromised credentials, and integrating with Sophos XDR and MDR for rapid, analyst led response.”
What Sophos ITDR Offers
Sophos ITDR is designed to detect and defend against all known MITRE ATT&CK Credential Access techniques. It performs more than 80 cloud identity posture checks, monitors for stolen credentials on the dark web, and uses AI driven detections to identify attacks such as kerberoasting, brute force, privilege escalation, and lateral movement.
Key features include:
-
Identity Catalog: Complete visibility of all identities across systems to reduce blind spots.
-
Identity Posture Dashboard: A single, prioritized view of identity risks and compromised credentials.
-
Continuous Assessments: Ongoing detection of misconfigurations, dormant accounts, vulnerabilities, and MFA gaps.
-
Compromised Credential Monitoring: Alerts when stolen credentials appear in breach databases.
-
Dark Web Intelligence: Proactive monitoring of underground markets for leaked credentials.
-
User Behavior Analytics (UEBA): Early detection of insider threats and anomalous activity.
-
Advanced Identity Detections: Identifies sophisticated attacks such as password spray and impossible travel.
-
Identity Response Actions: Enables immediate remediation, such as disabling accounts, resetting passwords, or marking users as compromised in Microsoft Entra ID.
Integrated with Sophos XDR and Sophos MDR, the ITDR solution automatically generates cases when identity based threats arise. Sophos security analysts can then investigate and act on these threats, accelerating remediation and reducing overall risk.
“Sophos ITDR has improved visibility into our identity risks and simplified how we manage them,” said an Information Security Director at a financial services firm. “Having identity risk data available within Sophos XDR is a game changer.”
“Identity has become the new frontline of cyber defense,” added a CISO from another financial institution. “Sophos ITDR delivers the visibility and automation we need to close blind spots and act quickly when threats arise.”
Sophos partners can access enablement materials and sales resources through the Sophos Partner Portal.
