Defining ITDR – It’s More Than What You Might Think
For Identity Threat Detection and Response (ITDR) to deliver its promise, there are a few core things that need to be made clear upfront before any real discussion about its implementation can successfully move forward. In the end, ITDR addresses the missing (and critical) capabilities between IAM and other security controls that are usually already in place. But organizations need a clear understanding of ITDR to avoid what could easily become an inaccurate portrayal of its important cybersecurity role.
Here are four potential misnomers surrounding ITDR:
It’s Definitely Not All About Active Directory
The overlying benefit of ITDR is that its scope lies far beyond just the Active Directory (AD). AD threats are important to detect, but are only one piece of the ITDR solution, as it strives to provide an organization with visibility into a far larger group of potential security lapses associated with identities.
It’s Not Simply a Combination of Existing Tools
Designed to work in tandem easily and effectively with existing security investments, ITDR offers its own powerful set of security capabilities that don’t rely on simply combining insights from other solutions. Instead, ITDR goes beyond the prevention that’s offered by Identity and Access Management (IAM) solutions by providing its own detection and response capabilities as well as by providing far more comprehensive analysis that leads to greater resilience.
It's a Team Effort, That’s for Sure
For successful ITDR deployments, there’s no one single team within an IT organization that can do it alone. Without, for instance, the combined work of the Identity and Access Management (IAM) team as well as the security teams tasked with protecting the overall infrastructure, it’s a non-starter. Security and risk management executives need to create a solid network of collaborative leaders within each element of IT who play vital roles in ensuring ITDR enjoys a full reach within the entire organization.
It's Not Limited to the Security Operations Center
ITDR works alongside tools that the Security Operations Center (SOC) and its personnel rely upon frequently, including Security Information and Event management (SIEM) solutions as well as Security Orchestration, Automation and Response (SOAR) tools. It even works alongside other powerful tools such as extended detection and response (XDR) vendor solutions to provide a fully comprehensive approach. The importance of ITDR is rooted in the fact that all these SOC tools are vital, but they don’t bring to the table the needed visibility of identity-focused threats that ITDR can identity and actively prevent.
Protecting against account takeovers, accidental or nefarious insider threats, shadow privilege access, new usage of local accounts and exposed assets, and any other identity-related dangers is the paramount capability of ITDR.