ThreatDown, the former corporate business unit of Malwarebytes, today announced the launch of ThreatDown Identity Threat Detection and Response (ITDR). ITDR is a new product that helps security teams monitor identities to detect suspicious activity, misconfigurations, and active attacks targeting user accounts and privileges. With native integrations for Microsoft Entra ID, Okta, and Active Directory, security teams gain unified visibility across hybrid identity environments without deploying additional agents.
Natively integrated with the ThreatDown EDR and MDR platform, ITDR delivers correlated endpoint-to-identity visibility, guided response, and proactive attack path hardening. It deploys in minutes with no additional agent or console.
Identities have proliferated across SaaS, cloud workloads, and managed or unmanaged devices. Today, credentials are the most common entry point in data breaches. Attackers no longer break in, they log in using valid, stolen credentials, bypassing IAM and MFA. They operate undetected in the gap between authentication and action. Identity breaches take the longest to detect, contain and remediate – over 8+ months on average. ThreatDown ITDR closes that gap at a lower total cost of ownership than standalone ITDR products.
“Attackers have shifted from breaking in to logging in, which means the most dangerous activity now happens after authentication,” said Kendra Krause, General Manager of ThreatDown. “Identity threat detection is the natural next layer of our platform, extending the same unified visibility and guided response our customers rely on for endpoints into the identity systems they use every day. By building ITDR directly into our platform, we’re giving lean IT teams and MSPs a practical way to close this gap without a new tool, a new console, or added overhead.”
ThreatDown is also announcing the Ultimate MDR Plus offering. Ultimate MDR Plus is ThreatDown’s most comprehensive offering to date, a premium bundle that brings together the ITDR product, the enhanced MDR Plus service, and the recently uplifted Premium Support. All are available in a single SKU for customers who want full-stack protection plus the highest level of service and expertise ThreatDown offers.
ThreatDown ITDR Capabilities
ThreatDown ITDR monitors identity activity across hybrid environments—Active Directory, Entra ID, and Okta—and correlates it with endpoint telemetry to detect attacks that unfold after authentication.
- Native EDR-ITDR correlation that links suspicious endpoint behavior to anomalous identity events in a single investigation timeline, replacing manual cross-referencing across disconnected tools.
- Unified console and single agent deployment to manage endpoint, identity, and email security, improving response time and reducing costs.
- Detect identity-based threats such as account compromise, privilege abuse, MFA fatigue, and persistence techniques.
- Continuously assess identity posture and surface misconfigurations before they are exploited.
- Investigate identity incidents with enriched context across identity providers and directory services.
- Respond faster to suspicious activity affecting users, sessions, and access.
ThreatDown ITDR is available now through our partners and managed service providers (MSPs). ITDR is included in the Ultimate MDR Plus bundle and is available as an add-on product to Advanced EDR and Elite MDR bundles. MSPs can add ITDR to their offerings à la carte. For Elite MDR and Ultimate MDR Plus customers, the ThreatDown managed services team leads identity detection and remediation 24/7, extending coverage without adding headcount.
To learn more about the latest threats and cybersecurity strategies for businesses and the channel, visit ThreatDown or follow ThreatDown on LinkedIn and X.
About ThreatDown
ThreatDown, the former corporate business unit of Malwarebytes, delivers elite Managed Detection and Response from a single console—without the complexity. Fueled by world-class threat research and proprietary AI engines, its lightweight agent deploys in minutes and delivers high-efficacy protection that consistently outperforms the competition. Recognized by MRG Effitas, AVLab Cybersecurity Foundation, and G2 as a leader in threat detection and response, ThreatDown stops the threats others miss. The company is headquartered in California with offices in Europe.
FAQs
How do identity-based attacks bypass MFA and traditional access controls?
Modern attackers increasingly skip the front door entirely. Rather than cracking passwords, they steal valid session tokens, hijack authenticated sessions, or use credentials harvested by info-stealers. These techniques all occur after a user has already passed MFA. ThreatDown ITDR monitors what happens after authentication across Active Directory, Entra ID, and Okta, detecting privilege escalation, token abuse, and lateral movement that IAM and MFA were never designed to catch.
What is the difference between ITDR and IAM?
Identity and Access Management controls who can log in; Identity Threat Detection and Response detects what attackers do after they’ve logged in. IAM enforces policies at the gate, such as passwords, MFA, and conditional access, while ITDR continuously monitors identity behavior for signs of compromise: credential misuse, privilege escalation, and session hijacking. ThreatDown ITDR adds this post-authentication detection layer natively within its EDR and MDR platform, so security teams get correlated endpoint-to-identity visibility without deploying a separate tool.
Can a small IT team manage identity threat detection without dedicated identity security staff?
Most standalone ITDR products assume a mature security operations team with the resources to tune, investigate, and respond to identity-specific alerts. ThreatDown built its ITDR for resource-constrained environments: guided response playbooks, one-click Security Advisor recommendations, and native correlation with endpoint data reduce investigation time and eliminate the need to pivot between consoles. Built-in compliance reporting and managed coverage options further reduce operational overhead. For teams that need full coverage, ThreatDown’s MDR service extends identity detection and response with around-the-clock managed monitoring.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260512375393/en/
Media gallery
