Terry KS Sophos has introduced its new Identity Threat Detection and Response (ITDR) solution for Sophos XDR and MDR, marking a major milestone in identity security as credential-based cyberattacks surge worldwide.
MALAYSIA, 24 OCTOBER 2025 – Sophos, a global leader in cybersecurity innovation, today announced the launch of Sophos Identity Threat Detection and Response (ITDR), a new solution designed to detect, prevent, and respond to identity-based cyberattacks. The solution integrates seamlessly with Sophos XDR and Sophos MDR, offering continuous monitoring for identity risks, misconfigurations, and compromised credentials — including those traded on the dark web.
The launch represents a significant advancement following Sophos’ acquisition of Secureworks, with ITDR becoming the first Secureworks technology fully integrated into the Sophos Central platform. This expansion strengthens Sophos’ comprehensive security operations capabilities for more than 600,000 global customers.
Identity-based attacks are now among the fastest-growing threats worldwide. Sophos X-Ops Counter Threat Unit (CTU) reported a 106% year-over-year increase in stolen credentials available for sale on the dark web between June 2024 and June 2025. The company’s Active Adversary Report also found that compromised credentials were the leading cause of cyber incidents for the second consecutive year, accounting for 56% of all cases analyzed.
“Cloud and remote work have significantly expanded the identity attack surface,” said Rob Harrison, Senior Vice President of Product Management at Sophos. “Sophos ITDR helps close those gaps by providing visibility into identity risks, monitoring for compromised credentials, and enabling faster, analyst-led responses through Sophos XDR and MDR.”
Sophos ITDR is designed to protect against all known MITRE ATT&CK Credential Access techniques, performing over 80 cloud identity posture checks and leveraging AI-driven detections to identify attacks such as privilege escalation, account takeover, and brute force. The system also includes automated remediation features such as account locking, password resets, multi-factor authentication refreshes, and session revocation.
Key Features of Sophos ITDR:
• Identity Catalog – Centralized visibility across all user and service identities
• Identity Posture Dashboard – Prioritized view of risks, including dark web exposure
• Continuous Assessments – Ongoing detection of misconfigurations, MFA gaps, and dormant accounts
• Dark Web Intelligence – Proactive monitoring for leaked credentials
• User Behavior Analytics (UEBA) – Early detection of insider threats and anomalies
• Advanced Identity Detections – AI-based identification of credential theft and lateral movement
• Automated Response Actions – Immediate mitigation through account and session controls
When integrated with Sophos MDR, the ITDR system automatically generates cases for high-risk findings, allowing Sophos security analysts to investigate and take direct action on behalf of customers.
“Identity has become the new frontline of cyber defense,” said a Chief Information Security Officer at a financial institution using Sophos ITDR. “By closing blind spots and providing actionable insights, Sophos ITDR has strengthened our ability to manage identity risks efficiently and proactively.”