About Us
The new Sophos ITDR solution integrates directly with Sophos XDR and Sophos MDR, continuously monitoring identity environments for misconfigurations, risky user behavior, and compromised credentials, including those circulating on dark web marketplaces. The goal, according to Sophos, is to give security teams earlier visibility into identity risks and clearer response actions before attackers can escalate access.
The launch builds on Sophos’ recent acquisition of Secureworks and marks the first Secureworks technology fully integrated into the Sophos Central platform. With more than 600,000 customers globally, Sophos said the move strengthens its ability to deliver unified, analyst-led security operations as identity becomes a primary attack surface in cloud and remote-work environments.
Sophos research highlights why identity protection has become critical. Data from the Sophos X-Ops Counter Threat Unit shows a 106 percent increase in stolen credentials being sold on the dark web between June 2024 and June 2025. The company’s Active Adversary Report also found that compromised credentials remained the leading root cause of attacks for the second consecutive year, with more than half of incidents involving attackers logging in through valid accounts.
Sophos ITDR is designed to detect and protect against known credential access techniques mapped to the MITRE ATT&CK framework. It performs more than 80 cloud identity posture checks, uses AI-driven analytics to flag threats such as privilege escalation, account takeover, brute-force attacks, and lateral movement, and supports automated response actions including account lockouts, password resets, session revocation, and enforcement of multi-factor authentication through platforms such as Microsoft Entra ID.
Key capabilities include a centralized identity catalog, a posture dashboard that prioritizes identity risks, continuous assessments for misconfigurations and dormant accounts, and dark web intelligence that alerts organizations when stolen credentials surface in breach databases. Integrated response playbooks allow teams—or Sophos MDR analysts—to act immediately when high-risk findings are detected.
Security leaders using the platform say embedding identity risk data directly into extended detection and response workflows improves both speed and clarity. Executives from the financial services sector noted that having identity threats visible alongside endpoint and network data strengthens overall security posture and reduces the time needed to contain incidents.
As attackers increasingly bypass traditional defenses by targeting user identities instead of infrastructure, Sophos positions ITDR as a long-term response to a structural shift in cyber risk—where protecting identities is no longer optional, but central to modern security operations.