Sophos has announced the launch of Sophos Identity Threat Detection and Response (ITDR) — a new capability for Sophos XDR and Sophos MDR that helps organizations rapidly detect, investigate, and remediate identity-based attacks.
The launch marks a significant milestone following Sophos’ Secureworks acquisition, introducing the first Secureworks solution fully integrated into the Sophos Central platform. This integration strengthens Sophos’ security operations (SecOps) portfolio, delivering comprehensive identity protection for over 600,000 customers worldwide.
Identity-based threats are now among the fastest-growing attack vectors globally. The Sophos X-Ops Counter Threat Unit (CTU) observed a 106% increase in stolen credentials available for sale on the dark web between June 2024 and June 2025. The Sophos Active Adversary Report also found that compromised credentials were the top root cause of attacks for the second consecutive year, with 56% of incidents involving attackers using valid accounts to access remote services.
“Cloud and remote work have expanded the identity attack surface and created new opportunities for attackers,” said Rob Harrison, SVP, Product Management, Sophos. “Complex identity and access management systems often leave security gaps. Sophos ITDR helps close those gaps by providing continuous visibility into identity risks, monitoring for compromised credentials, and enabling rapid, analyst-led response through Sophos XDR and MDR.”
Closing the Identity Gap
Sophos ITDR continuously monitors customer environments for misconfigurations, exposed credentials, and risky user behavior. It detects and defends against all known MITRE ATT&CK Credential Access techniques through more than 80 cloud identity posture checks, AI-driven analytics, and dark web intelligence.
Key capabilities include:
-
Identity Catalog & Dashboard: Complete visibility across all identities and prioritized risk insights.
-
Continuous Assessments: Detection of dormant accounts, misconfigurations, MFA gaps, and vulnerabilities.
-
Compromised Credential & Dark Web Monitoring: Early alerts when stolen credentials surface online.
-
User Behavior Analytics (UEBA): Early detection of insider threats and abnormal activity.
-
Automated Response Playbooks: Remediation actions including account lock, password reset, MFA refresh, and session revocation.
By integrating seamlessly with Sophos XDR and MDR, ITDR automatically generates cases when identity threats are detected. Security analysts within Sophos MDR can then investigate and take response actions, accelerating remediation and reducing organizational risk.
“Identity has become the new frontline of cyber defense,” said a CISO at a financial services firm using the solution. “Sophos ITDR gives us end-to-end visibility and actionable intelligence to close blind spots, strengthen our security posture, and respond faster to evolving threats.”
