Cybersecurity firm rolls out ITDR solution amid a 106% surge in credential theft over the past year.
Sophos has unveiled its Identity Threat Detection and Response (ITDR) solution, targeting one of the fastest-growing cybersecurity vulnerabilities: identity-based attacks. The launch marks a significant expansion of the company’s security operations portfolio, bringing enhanced protection to its 600,000 customers worldwide.
The Growing Threat
The timing couldn’t be more critical. Sophos X-Ops Counter Threat Unit observed a staggering 106% increase in stolen credentials available for sale on the dark web between June 2024 and June 2025. Even more concerning, compromised credentials were identified as the leading cause of cyberattacks for the second consecutive year, accounting for 56% of incidents in which attackers gained access through legitimate accounts.
What ITDR Does
The new solution continuously monitors customer environments for identity vulnerabilities and misconfigurations, and scans the dark web for compromised credentials. It performs over 80 cloud identity posture checks and uses AI-driven detection to identify sophisticated attacks, including kerberoasting, privilege escalation, account takeover, and brute force attempts.
Rob Harrison, SVP of Product Management at Sophos, explained that cloud computing and remote work have dramatically expanded the identity attack surface. “Complex identity and access management systems with constantly changing settings and policies create gaps that attackers target,” he noted.
Automated Response Capabilities
When threats are detected, ITDR enables automated remediation actions such as account locks, password resets, multi-factor authentication refreshes, and session revocations. The solution integrates seamlessly with Sophos XDR and MDR services, automatically generating cases when identity-based threats emerge.
Early User Feedback
Financial services firms testing the solution have reported significant improvements. An Information Security Director described having identity risk data within Sophos XDR as “a game changer for strengthening our overall security posture.” A CISO at another financial services firm emphasized that identity has become “the new frontline of cyber defense.”
The solution represents the first fully integrated offering following Sophos’s acquisition of Secureworks, demonstrating the company’s commitment to comprehensive security operations as organizations face increasingly sophisticated identity-based threats.
