Follow Us on Google
By Chinenye Anuforo
Sophos has announced the launch of its new Identity Threat Detection and Response (ITDR) solution, designed to help organisations detect and respond more effectively to the growing wave of identity-based cyber threats.
The solution, now integrated into Sophos XDR and Sophos MDR, provides continuous monitoring of identity risks and misconfigurations while scanning the dark web for compromised credentials. It gives businesses the visibility and tools to detect suspicious user activity and take rapid action before damage occurs.
The launch marks a key milestone following Sophos’ acquisition of Secureworks. It is also the first Secureworks-developed solution to be fully incorporated into the Sophos Central platform, expanding the company’s portfolio to deliver more comprehensive security outcomes for its over 600,000 customers worldwide.
Identity-based attacks have become one of the fastest-growing forms of cybercrime globally. Sophos’ X-Ops team recorded a 106 percent rise in stolen credentials available for sale on the dark web between June 2024 and June 2025. According to the Sophos Active Adversary Report, compromised credentials were the leading cause of cyber incidents for the second consecutive year, featuring in 56 percent of detected breaches.
Rob Harrison, Senior Vice President of Product Management at Sophos, said cloud adoption and remote work have expanded the identity attack surface and introduced new vulnerabilities. He explained that complex identity systems with constantly evolving policies create security gaps. According to him, Sophos ITDR closes these gaps by giving customers faster visibility into identity risks, alerting on compromised credentials, and enabling rapid, analyst-led response through Sophos XDR and MDR.
Sophos ITDR is designed to detect and respond to all known MITRE ATT&CK Credential Access techniques. It performs more than 80 cloud identity posture checks, detects compromised credentials on the dark web, and uses AI-driven analytics to identify identity-based attacks such as privilege escalation, brute force, account takeover, and lateral movement. Built-in playbooks also automate remediation actions like account locking, password resets, multi-factor authentication refresh, and session revocation.
The solution offers full visibility of user and service identities to reduce blind spots, continuous detection of misconfigurations and MFA vulnerabilities, monitoring of stolen credentials, and user behavior analytics to identify insider threats and abnormal activity. It also features integrated response tools for rapid threat containment.
When identity-based threats or high-risk findings are detected, Sophos ITDR automatically generates cases in Sophos XDR and Sophos MDR, enabling analysts to investigate and act swiftly.
Early adopters report significant benefits. An information security director at a financial services firm said Sophos ITDR has improved visibility into their identity risks and streamlined management. Having this data within Sophos XDR, the director noted, has strengthened their overall security posture.
Another chief information security officer (CISO) said identity has become the new frontline of cyber defense, adding that Sophos ITDR provides the automation and visibility needed to close gaps quickly and strengthen protection across user and service accounts.
Sophos partners can access enablement materials and sales resources through the Sophos Partner Portal.
Sophos is a cybersecurity company protecting over 600,000 organizations globally with AI-driven solutions and expert-led services. Its portfolio includes endpoint, network, email, and cloud security, as well as extended detection and response (XDR), identity threat detection and response (ITDR), and next-generation SIEM. Headquartered in Oxford, United Kingdom, Sophos works through a global partner network of MSPs, MSSPs, resellers, and distributors.
