Identity threat detection and response (ITDR) is a term used to describe the collection of tools and best practices to defend identity systems. ITDR software detects identity-related threats and vulnerabilities, including credential misuse and abuse, unapproved entitlements and privilege escalations, and other identity-related threats. Information security teams use ITDR software as part of their threat detection initiatives, specifically geared toward the identity-related attack surface.
The term was introduced by Gartner in March 2022, when the company identified it as one of its seven top security and risk management trends for 2022. Gartner stated:
Sophisticated threat actors are actively targeting identity and access management (IAM) infrastructure, and credential misuse is now a primary attack vector.
Gartner research vice president, Peter Firstbrook, described the current issues facing IAM security:
Organizations have spent considerable effort improving IAM capabilities, but much of it has been focused on technology to improve user authentication, which actually increases the attack surface for a foundational part of the cybersecurity infrastructure... ITDR tools can help protect identity systems, detect when they are compromised and enable efficient remediation.”
ITDR solutions differ from IAM software. While IAM's purpose is to prevent identity-related risks through proper user authentication and access, ITDR identifies threats once systems have been compromised.
ITDR is also similar to security categories such as Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), and Network Detection and Response (NDR). ITDR differentiates itself by focusing on protecting credentials, privileges, cloud entitlements, and the systems that manage them.