Sophos this week unveiled Sophos Identity Threat Detection and Response (ITDR), a dedicated offering designed to detect and remediate identity-based attacks by combining dark-web credential monitoring, behavioural detection and automated response playbooks tied into Sophos XDR and MDR services.
The new ITDR capability is positioned as an extension to Sophos’ security operations portfolio. Sophos says the functionality is built to work natively with its X-Ops intelligence and to improve triage and automated containment when identities are weaponised. Sophos X-Ops reported a 106% increase in stolen credentials offered for sale on the dark web between June 2024 and June 2025.
Why identity protection matters now?
Identity protection matters more now than ever because digital identities have become the new attack surface in cybersecurity. Multiple industry signals show identity theft and credential abuse remain the favoured route for intruders.
According to IBM’s 2024 Cost of a Data Breach Report, over 80% of breaches involve compromised credentials or misuse of identity.
Verizon’s 2025 Data Breach Investigations Report (DBIR), highlights credentials and authentication abuse as a leading contributor to breaches, reaffirming that attackers continue to exploit weak, stolen or misused identity data to gain initial access. This pattern underpins the business case for ITDR systems that correlate identity anomalies with lateral movement and endpoint compromise.
MarketsandMarkets projects the global ITDR market will expand from roughly USD 12.8 billion in 2024 to USD 35.6 billion by 2029 (CAGR ~22.6%), signalling strong vendor and buyer investment in identity-centric detection and response capabilities over the next five years.
Key Features and Benefits of Sophos ITDR
1. Identity Catalog: See all user identities across different systems to avoid missing any important information.
2. Identity Posture Dashboard: Get a clear view of identity risks, including stolen passwords found on the dark web, to respond quickly.
3. Continuous Assessments: Improve security by checking for misconfigurations, old accounts, vulnerabilities, and gaps in multi-factor authentication (MFA) regularly.
4. Compromised Credential Monitoring: Keep users safe by detecting and warning when stolen passwords appear in data breach records.
5. Dark-web monitoring baked in: pragmatic for rapid detection of exposed credentials.
6. User Behaviour Analytics (UEBA): Identify insider threats and unusual activities early to prevent account takeovers and unauthorised movements.
7. Advanced Identity Detections: Find complex identity attacks like kerberoasting, account compromise, stolen passwords, password spraying, brute force, and impossible travel patterns.
8. Identity Response Actions: Quickly deal with identity threats by using built-in actions to disable accounts, reset user sessions, change passwords, or mark users as compromised in Microsoft Entra ID.
When considering Identity Threat Detection and Response (ITDR) or broader identity protection solutions, buyers should carefully evaluate several practical factors before adoption.
Also Read: Cognizant to Deploy 1,000 Context Engineers to Drive Smart AI Solutions for Businesses
