Sophos launches ITDR to combat rising identity-based attacks

Sophos, a cybersecurity provider, has announced the launch of Sophos Identity Threat Detection and Response (ITDR), a new solution for Sophos XDR and Sophos MDR designed to detect and mitigate identity-based attacks across enterprise environments.

Sophos ITDR continuously monitors systems for identity risks, misconfigurations, and dark web exposure, helping organisations rapidly detect and respond to compromised credentials or suspicious user activity.

This launch marks a key milestone following Sophos’ Secureworks acquisition, as ITDR becomes the first fully integrated Secureworks solution within the Sophos Central platform. This integration strengthens Sophos’ portfolio, delivering unified visibility and faster incident response for over 600,000 global customers.

According to Sophos X-Ops Counter Threat Unit (CTU), identity attacks are rapidly escalating — with a 106% increase in stolen credentials sold on the dark web between June 2024 and June 2025. Sophos’ Active Adversary Report also found that compromised credentials were the top root cause of cyber incidents for the second consecutive year, appearing in 56% of cases investigated.

“Cloud and remote work have expanded the identity attack surface and created new opportunities for attackers,” said Rob Harrison, SVP, Product Management, Sophos. “Sophos ITDR helps close those gaps by giving customers faster visibility into identity risks, monitoring for compromised credentials, and integrating with Sophos XDR and MDR for rapid, analyst-led response.”

Sophos ITDR leverages AI-driven detections to identify and defend against advanced threats, including kerberoasting, brute force, privilege escalation, and lateral movement. It performs over 80 cloud identity posture checks, continuously assesses MFA gaps and dormant accounts, and enables automated remediation through integrated response playbooks.

Key Capabilities of Sophos ITDR include:

• Identity Catalogue: Unified visibility across all user identities.

• Identity Posture Dashboard: Prioritised risk view and dark web credential alerts.

• Continuous Assessments: Detection of misconfigurations and vulnerabilities.

• Compromised Credential Monitoring: Real-time alerts for stolen credentials.

• User Behaviour Analytics (UEBA): Identifies insider threats and anomalous activity.

• Advanced Identity Detections: Protects against kerberoasting, account takeover, and brute-force attacks.

• Identity Response Actions: Automates remediation — disabling accounts, resetting passwords, or marking users as compromised in Microsoft Entra ID.

When integrated with Sophos MDR, identity-based threats trigger automated case creation, enabling security analysts to investigate and remediate in real-time, reducing exposure and strengthening resilience.

“Agentic AI and identity-driven threats are reshaping the cybersecurity landscape,” said Harrison. “With ITDR, Sophos delivers proactive, intelligence-led defence that helps organisations stay ahead of adversaries while simplifying security operations.”

Sophos ITDR represents a major advancement in proactive identity protection, combining detection, response, and dark web intelligence to defend against today’s most pervasive attack vectors.

Read More:

Beyond Make in India: How IMS 2025 is powering the next era of industrial self-reliance

AISIE applauds DGTR’s Anti-Dumping move on toner cartridge imports

DEP’s Basant Sharma: AI and Digital Twins will define India’s next wave of manufacturing