Sophos, a global leader in cybersecurity solutions, has launched a new Identity Threat Detection and Response (ITDR) solution aimed at helping organizations counter the surge in identity-based cyberattacks.
The new product, which integrates with Sophos XDR (Extended Detection and Response) and Sophos MDR (Managed Detection and Response), continuously monitors for identity risks, misconfigurations, and compromised credentials — including those sold on the dark web.
The launch marks a key milestone following Sophos’ acquisition of Secureworks, with ITDR becoming the first Secureworks solution fully integrated into the Sophos Central platform. It expands Sophos’ suite of security operations tools, which now serve over 600,000 customers globally.
According to the latest Sophos Active Adversary Report, compromised credentials were the leading cause of attacks in both managed detection and incident response cases for the second consecutive year, with 56% of incidents involving attackers using valid login details to breach systems. Sophos’ X-Ops unit also reported a 106% increase in stolen credentials listed for sale on the dark web between June 2024 and June 2025.
“Cloud and remote work have expanded the identity attack surface and created new opportunities for attackers,” said Rob Harrison, Senior Vice President of Product Management at Sophos. “Sophos ITDR helps close those gaps by giving customers faster visibility into identity risks, monitoring for compromised credentials, and integrating with our XDR and MDR platforms for rapid, analyst-led response.”
Sophos ITDR is designed to detect and defend against all known MITRE ATT&CK Credential Access techniques, offering more than 80 cloud identity posture checks and using AI-driven detections to identify threats such as kerberoasting, privilege escalation, account takeover, brute force attacks, and lateral movement.
The platform’s key features include:
- Identity Catalog: Unified visibility across all user and system identities.
- Identity Posture Dashboard: A single, prioritized view of risks and compromised credentials.
- Continuous Assessments: Ongoing detection of misconfigurations, dormant accounts, and MFA gaps.
- Dark Web Intelligence: Proactive monitoring for leaked credentials.
- User Behavior Analytics (UEBA): Early detection of insider threats and anomalous activity.
- Automated Response Actions: Immediate remediation options such as account lockouts, password resets, and session revocations.
Sophos ITDR integrates directly with Sophos MDR, enabling the company’s analysts to investigate identity-based alerts and take direct action on behalf of customers — accelerating incident response and reducing exposure.
“Identity has become the new frontline of cyber defense,” said a Chief Information Security Officer at a financial services firm using the new platform. “Sophos ITDR delivers the visibility and automation needed to stay ahead of attackers and close blind spots across user and service accounts.”
