CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Realistic illustration shield digital network lines protecting human silhouettes biometric cybersecurity
#
Firewalls
#
Network Security
#
MFA

Sophos launches ITDR to counter rising identity-based attacks

Thu, 23rd Oct 2025
Author image
By Shannon Williams, Journalist

Sophos has launched Sophos Identity Threat Detection and Response (ITDR), introducing a new security solution to monitor identity risks and manage compromised credentials.

The ITDR platform integrates with both Sophos XDR and Sophos MDR, allowing organisations to continuously supervise identity risks and misconfigurations while scanning the dark web for stolen user information. The platform aims to provide insight into identity-based attacks and user behaviours that might endanger business operations.

This development marks the first product launch following the acquisition of Secureworks. The ITDR solution is fully integrated into Sophos Central and expands the company's managed detection and response offering, now utilised by approximately 600,000 customers worldwide.

Identity risks on the rise

According to Sophos X-Ops, the volume of stolen credentials available for sale on the dark web increased by 106 percent between June 2024 and June 2025. The Sophos Active Adversary Report stated that compromised credentials remained the leading cause of attacks in both managed detection and response (MDR) and incident response cases. In 56 percent of incidents, attackers used valid credentials to access remote services.

Rob Harrison, Senior Vice President, Product Management at Sophos, commented on the growing challenge for organisations:

Cloud and remote work have expanded the identity attack surface and created new opportunities for attackers. Complex identity and access management systems with constantly changing settings and policies create gaps that attackers target. Sophos ITDR helps close those gaps by giving customers faster visibility into identity risks, monitoring for compromised credentials, and integrating with Sophos XDR and Sophos MDR for rapid, analyst-led response.

Sophos ITDR incorporates detection rules for all known MITRE ATT&CK Credential Access techniques. The platform includes more than 80 cloud identity posture checks, ongoing dark web monitoring, and leverages AI-based detection for identity-centred threats such as kerberoasting, privilege escalation, account takeovers, brute force, and lateral movement attacks.

Automated response playbooks in ITDR can perform remediation actions triggered by specific threats. These actions include locking accounts, resetting passwords, refreshing multi-factor authentication, and revoking compromised sessions.

Main features detailed

The solution offers an Identity Catalog for broad system-wide visibility, reducing blind spots and supporting comprehensive security. Users can access an Identity Posture Dashboard, displaying a prioritised view of risks, even those linked to compromised data located on the dark web, to facilitate prompt action.

Continuous assessments help strengthen security through active detection of misconfigurations, dormant accounts, vulnerabilities, and multi-factor authentication (MFA) lapses. The platform's compromised credential monitoring capabilities provide alerts when stolen credentials arise in breach databases, while its dark web intelligence feature proactively monitors underground markets for leaked information.

User and Entity Behaviour Analytics (UEBA) capabilities are included to identify both insider threats and unusual activity before account takeovers or lateral movement can occur. In addition, advanced detections target identity-specific threats, such as kerberoasting, account compromise, password spraying, brute-force attacks, and "impossible travel" activities.

The platform can perform direct response actions, including disabling accounts, resetting user sessions, enforcing new passwords, or marking users as compromised in Microsoft Entra ID.

Customer feedback

The integration of Sophos ITDR with XDR and MDR ensures that any identity-based threat generates a case for analysis and possible action by security teams. With Sophos MDR, security analysts investigate and may take direct remedial steps on behalf of their customers.

An Information Security Director at a financial services firm provided feedback on the deployment:

Sophos ITDR has improved visibility into our identity risks and streamlined how we manage them. Having identity risk data available within Sophos XDR is a game changer for strengthening our overall security posture.

A CISO at another financial services organisation also shared their perspective on the new offering:

Identity has become the new frontline of cyber defense, and Sophos ITDR delivers the visibility and automation needed to stay ahead of attackers. By covering the full spectrum of identities from users to service accounts and applications, it closes blind spots, strengthens our overall security posture, and provides clear remediation actions that help my team address risks quickly and effectively.

Sophos stated that its partners will be provided with enablement materials and sales resources associated with ITDR through its partner portal.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
How to detect fake players in online gaming
Xero rolls out AI bank reconciliation with JAX tool
AI delivers returns for wealth managers, FNZ study finds
Orgvue unveils Henshaw AI to transform workforce planning
KPMG partners with Aiimi to launch global workplace AI platform

Top stories

NCC Group to secure 21X’s regulated digital asset bourse
Thirdfort adds iProov biometrics to fight UK ID fraud
Stopping the growing threat of synthetic ID fraud
NiCE’s 2024 ESG report shows gains in climate & ethics
Denmark launches sovereign AI on Gefion to boost public sector