Jump to content

Identity threat detection and response

Edit links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Bibamad (talk | contribs) at 15:33, 14 August 2023 (Functionalities). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Identity threat detection and response (ITDR) is a cybersecurity discipline that includes tools and best practices to protect identity management infrastructure from attacks. ITDR can block and detect threats, verify administrator credentials, respond to various attacks, and restore normal operations.[1]

ITDR adds an extra layer of security to identity and access management (IAM) systems. It helps secure accounts, permissions, and the identity infrastructure itself from compromise. With attackers targeting identity tools directly, ITDR is becoming more important in 2023 : according to Gartner, established IAM hygiene practices like privileged access management and identity governance are no longer enough.[1]

Functionalities

ITDR enhances identity and access management (IAM) by adding detection and response capabilities. It provides visibility into potential credential misuse and abuse of privileges. ITDR also finds gaps left by IAM and privileged access management (PAM) systems.[2] ITDR requires monitoring identity systems for misuse and compromise. It uses lower latency detections than general security systems. ITDR involves coordination between IAM and security teams.[1]

ITDR uses the MITRE ATT&CK framework against known attack vectors. It combines foundational IAM controls like multi-factor authentication with monitoring. ITDR prevents compromise of admin accounts and credentials. It modernizes infrastructure through standards like OAuth 2.0.

Organizations adopt ITDR to complement IAM and endpoint detection and response. ITDR specifically monitors identity systems and user activity logs for attacks. It can isolate affected systems and gather forensic data. Adoption requires budget, training, and buy-in. Organizations can start with IAM fundamentals like multi-factor authentication and role-based access.[2]

ITDR tools can find misconfigurations in Active Directory. Strategies can update firewalls, intrusion systems, and security apps. ITDR integrates with SIEM tools for threat monitoring and automated response. An ITDR incident response plan handles compromised credentials and privilege escalation. Awareness training teaches users to spot identity-based attacks.[2]

History

ITDR emerged as a distinct cybersecurity segment in 2022. The term was coined by Gartner.[2]

ITDR Vendors

According to Gartner, ITDR vendors include Authomize, CrowdStrike, Gurucul, Microsoft, Netwrix, Oort, Proofpoint, Semperis, SentinelOne, and Silverfort.[1]

References

  1. ^ a b c d Jonathan Nunez, Andrew Davies (20 July 2023). "Hype Cycle for Security Operations, 2023". www.gartner.com. Retrieved 2023-08-08.
  2. ^ a b c d "Improve IAM with identity threat detection and response | TechTarget". Security. Retrieved 2023-08-14.

See also

Retrieved from "https://en.wikipedia.org/w/index.php?title=Identity_threat_detection_and_response&oldid=1170354292"