Sophos Launches ITDR to Protect Against Growing Identity-Based Attacks

Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced the launch of Sophos Identity Threat Detection and Response (ITDR). This new solution for Sophos XDR and Sophos MDR continuously monitors customer environments for identity risks and misconfigurations and scans the dark web for compromised credentials. It enables organizations to detect and respond to identity-based attacks rapidly and identify risky user behavior that could pose a threat to their business.

This launch is a significant milestone building on the Secureworks acquisition, broadening Sophos’ portfolio and is the first Secureworks solution that has been fully integrated into the Sophos Central platform, further enabling comprehensive security operations outcomes for its 600,000 customers.

Sophos ITDR addresses identity-based attacks, one of the fastest-growing threat vectors globally. Sophos X-Ops observed a 106 percent increase in stolen credentials for sale on the dark web between June 2024 and June 2025, underscoring the growing risk. The Sophos Active Adversary Report further found that compromised credentials were the number-one root cause of attacks across MDR and incident response cases for the second year in a row, with 56 percent of incidents involving attackers logging into external remote services with valid accounts.

“Cloud and remote work have expanded the identity attack surface and created new opportunities for attackers,” said Rob Harrison, SVP, Product Management, Sophos. “Complex identity and access management systems with constantly changing settings and policies create gaps that attackers target. Sophos ITDR helps close those gaps by giving customers faster visibility into identity risks, monitoring for compromised credentials, and integrating with Sophos XDR and Sophos MDR for rapid, analyst-led response.”

Sophos ITDR uncovers identity risks and is designed to protect and detect against all known MITRE ATT&CK Credential Access techniques with detection rules for all of the techniques The solution performs more than 80 cloud identity posture checks, monitors for compromised credentials on the dark web, and uses AI-driven detections to identify identity-based attacks such as kerberoasting, privilege escalation, account takeover, brute force, and lateral movement. Response playbooks within Sophos ITDR, enable automated remediation actions, including account lock, password reset, multi-factor authentication refresh, and session revocation.

Key Features and Benefits in Sophos ITDR

• Identity Catalog: Gain complete visibility across all identities across systems to reduce blind spots.

• Identity Posture Dashboard: Get a single, prioritized view of identity risks, including compromised credentials on the dark web, to act faster.

• Continuous Assessments: Strengthen security posture with ongoing detection of misconfigurations, dormant accounts, vulnerabilities, and MFA gaps.

• Compromised Credential Monitoring: Protect users by detecting and alerting when stolen credentials surface in breach databases.

• Dark Web Intelligence: Stay ahead of attackers with proactive monitoring of underground markets for leaked credentials.

• User Behavior Analytics (UEBA): Spot insider threats and anomalous activity early to prevent account takeover and lateral movement.

• Advanced Identity Detections: Detect sophisticated identity attacks such as kerberoasting, account compromise, stolen credentials, password spray, brute force, and impossible travel.

• Identity Response Actions: Take immediate action on identity threats with integrated response actions to disable accounts, reset user sessions, reset passwords, or mark users as compromised in Microsoft Entra ID.

The Sophos ITDR solution integrates with Sophos XDR and Sophos MDR, automatically generating cases when identity-based threats or high-risk findings arise. With Sophos MDR, Sophos security analysts then investigate and take response actions on behalf of customers, accelerating remediation and reducing risk.

“Sophos ITDR has improved visibility into our identity risks and streamlined how we manage them,” said an Information Security Director at a financial services firm. “Having identity risk data available within Sophos XDR is a game changer for strengthening our overall security posture.”

“Identity has become the new frontline of cyber defense, and Sophos ITDR delivers the visibility and automation needed to stay ahead of attackers. By covering the full spectrum of identities from users to service accounts and applications, it closes blind spots, strengthens our overall security posture, and provides clear remediation actions that help my team address risks quickly and effectively,” said a CISO at a financial services firm.

Sophos partners can access enablement materials and sales resources via the Sophos Partner Portal.