Article Details

True Protection or False Promise? The Ultimate ITDR Shortlisting Guide. It's the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity skill used in almost every ransomware attack. The lateral movement uses compromised credentials for malicious access – a critical blind spot that existing XDR, network, and SIEM solutions fail to block. Identity Threat Detection and Response (ITDR) has emerged in the last couple of years to close this gap. This article breaks down the top five ITDR capabilities and provides the key questions to ask your ITDR vendor. Only a definitive 'YES' to these questions can ensure that the solution you evaluate can indeed deliver its identity security promise. Coverage For All Users, Resources, and Access Methods Why is it important? Partial protection is as good as no protection at all. If identity is the name of the game, then the ITDR protection should range across all user accounts, on-prem and cloud resources, and no less importantly – all access methods. What questions to ask: Real-Time (Or As Close As You Can Get) Why is it important? In-threat detection speed matters. In many cases, it could be the difference between spotting and mitigating a threat at an early stage or investigating a full-size active breach. To deliver that, the ITDR should apply its analysis on authentications and access attempts as close to their occurrence as possible. What questions to ask: Multi-Dimensional Anomaly Detection Why is it important? No detection method is immune to false positives. The best way to increase accuracy is to search for multiple different types of anomalies. While each by itself might occur during legitimate user activity, the mutual occurrence of several would increase the likelihood that an actual attack was detected. What questions to ask: Chain Detection with MFA and Access Block Why is it important? Accurate detection of threats is the starting point, not the end of the race. As we've mentioned above, time and accuracy are the key to efficient protection. Just like an EDR that terminates a malicious process, or an SSE that blocks malicious traffic, the ability to trigger automated blocking of malicious access attempts is imperative. While the ITDR itself cannot do that, it should be able to communicate with other identity security controls to achieve this goal. What questions to ask: Integrate with XDR, SIEM, and SOAR Why is it important? Threat protection is achieved by the conjoint operation of multiple products. These products might specialize on a certain facet of malicious activity, aggregate signals to a cohesive contextual view, or orchestrate a response playbook. On top of the capabilities that we've listed above, ITDR should also integrate seamlessly with the security stack already in place, preferably in an automated manner as possible. What questions to ask: Silverfort ITDR Silverfort's ITDR is part of a consolidated identity security platform that includes, among other capabilities, MFA, privileged access security, service account protection, and authentication firewalls. Built on native integration with AD, Entra ID, Okta, ADFS, and Ping Federate, Silverfort ITDR analyzes every authentication and access attempt in the hybrid environment and applies multiple, intersecting risk analysis methods to detect malicious user activity and trigger real-time identity security controls. Learn more on Silverfort ITDR here or schedule a demo with one of our experts.