Market Drivers
Cloud Adoption
In 2023, 98% of organizations surveyed by the Identity Defined Security Alliance responded that they had witnessed an increase in number of identities they needed to manage, and 78% of executives responded their organizations had adopted cloud in most, if not all parts of their business. Both markers can be indicative of how cloud adoption is still driving a significant impact in the requirements businesses need to face to level up their security posture.
Not surprisingly, albeit, less than ideal is the fact that 90% of surveyed cloud adopters responded that they are in the process of implementing Zero Trust. Zero Trust Architecture (ZTA) is a principle built on assumption that an organization has already been breached. ZTA moves the perimeter from the old way of looking inward into a secure network infrastructure to individualized entities that need continuous verification, enforces least privilege, denies implicit trust.
Why is Zero Trust important here?
Identity is one of the six pillars of Zero Trust Architecture; and one that has seen a change from ‘Users’ to now– Identity, which is more reflective of the overarching significance that expands on that definition to include person entities to non-human entities; i.e., AI, APIs, machine-to-machine agents, etc.
Breach Patterns
In 2024, RSA Top trends in Identity reported that out of all data breaches, 49% involved credentials, and the 2023 Verizon Data Breach Investigations Report found that stolen credentials had become “the most popular entry point for breaches.” Two statistical findings that have set the stage for a significant portion of the current threat landscape.
The Advent of AI
In 2023, the RSA ID IQ Report found that 91% of organization stakeholders believed AI has a role to play in identity security. This means security teams and beyond are looking to gain productivity and enhanced security, specifically focused on identity-related security from AI.
What is ITDR?
ITDR stands for Identity Threat and Incident Response. A term coined by Gartner to describe a set of capabilities that seek to detect identity-based threats, provide identity-risk context, enable response and recovery.
The IAM model
Historically, Identity Access Management provided a clean way to grant and receive access, but as digital identities have expanded into other forms that are not necessarily tied to a device or a person; such as security accounts or API keys that work behind the scenes to perform automated tasks– IAM is like dealing with 3-D problem in 2-D. With cloud adoption and its subset variations such as SaaS platforms, IaS, digital identities are increasingly difficult to manage for any organization.
IAM administration typically relies on a administrative team in charge of Privilege Account Management, Identity Governance and Administration, and the latest response to an increase of managed identities and entitlements in the cloud– CIEM, or Cloud Infrastructure Entitlement Management.
From a challenge to solution
The current IAM model lacks the visibility into identity-focused threats and attack patterns and detection correlation across an organization’s surface such as endpoint and workload to quickly know when an attack is underway. Without identity-based threat detection, a SOC team would need to put pieces together from various other IoCs. ITDR seeks to bridge the gap between the IAM model and SOC teams, where security teams can quickly identity if someone in your organization is using a password to login to your organization’s systems which has already been seen in the dark web or been publicly disclosed elsewhere.
Other ITDR capabilities besides threat intelligence as described above, include continuous identity-based risk scanning for top attack TTPs, identity attack mapping– what would it take for one account to compromise another, remediation playbooks, amongst a few.
Top Vendors in ITDR
Currently, some of the top vendors are BeyondTrust, Crowdstrike and SentinelOne.
Though not an all-encompassing cybersecurity platform, BeyondTrust has been able to gain a sizable market share from the increasingly profitable ITDR offering, perhaps, in part because of its narrower focus in identity access management and security.
Crowdstrike is one of the most comprehensive cybersecurity platforms, known for its lightweight agent, hassle-free deployments and its aggressive marketing that draws their storyline very well together against a giant like Microsoft.
SentinelOne with their newly released Singularity platform, which had been one of its biggest drawbacks to compete with customer’s ever demand to consolidate their toolbox. SentinelOne will now offer a single, unified and enhanced XDR platform with key benefits; from endpoint and workload correlations to their identity-based detections, which is built on their unique AD detection capabilities. Some of their differentiators will be significant as they continue their journey in the ITDR market and beyond. Some of which are their deception technology, their acquisition of PingSafe for cloud security, which also happens to have breach and simulation features– along deception, it can truly be one of those wow-factors that can entice customers from other competitors. And not to mention the advanced data analytics being built on top of their data lake, all of which with the assistance of their capable Purple AI.