Identity-based attacks are a leading entry point for breaches, involving credential theft, the abuse of legitimate accounts, and lateral movement across environments undetected. Identity Threat Detection & Response (ITDR) is designed to close this gap by extending your protection from endpoints to identities.
Overview
ITDR provides continuous monitoring, detection, and response across your identity infrastructure. It ingests telemetry from your identity providers (IdPs), correlates it with endpoint data from the ThreatDown Endpoint Agent where available, and surfaces identity-based threats in a centralized dashboard alongside your existing ThreatDown security data.
Key Capabilities
-
Threat Detection: ITDR detects a broad range of identity-based attack techniques, including but not limited to:
- Impossible Travel
- Password Spraying and Credential Stuffing
- Golden Ticket and Kerberoasting attacks
- MFA Abuse and MFA Fatigue
- Token Abuse
- Privilege Escalation
- Lateral Movement
- Identity Risk Scoring: The Identity Risk Score is a tenant-wide metric that reflects the overall security posture of your environment, based on alert history, exposure, posture health, and coverage. This helps you prioritize which accounts require the most immediate attention.
-
Response Actions: Respond directly from the Nebula without switching tools. Supported response actions include but not limited to:
- Suspend User
- Reset User Password
- Revoke Active Sessions
- Force enabling MFA
- Unified Visibility: When the ThreatDown Endpoint Agent with Endpoint Detection is deployed, identity-relevant endpoint alerts are automatically ingested and correlated with identity telemetry, helping your team identify attacks that leverage both endpoint and identity vectors.
- Dark Web Monitoring: Monitors selected identities for exposed credentials and data on dark web sources.
- Login Restrictions: Defines allowed login countries and working hours per identity group; flags out-of-policy logins as alerts.
- MDR Integration: When subscribed to Managed Detection and Response, analysts review ITDR alerts and can take response actions on the customer's behalf.
Deploying ITDR is quick and easy with just five steps.
Review the requirements, then follow the configuration steps to get started.
Back to ITDR Guide