Adversaries exploit compromised identities, infrastructure weaknesses, and misconfigurations to gain unauthorized access to sensitive data and systems, putting user-based access and controls at the frontline of modern IT and cybersecurity. However, with identities no longer confined to the network perimeter, and the widespread shift to cloud and remote work, monitoring and securing identity systems has become increasingly complex. Indicating the scale of the issue, Sophos Incident Response analysis shows that 95% of Microsoft Entra ID environments are misconfigured, creating an open door for threat actors to escalate privileges and launch identity-based attacks.

Protect your customers against identity-based attacks

Earlier this month, we marked the next chapter in the evolution of the Sophos portfolio by announcing our expanded range of security operations products and services. Today, we’re excited to announce that our new identity security solution — Sophos Identity Threat Detection and Response (ITDR) — is now generally available.

Built on the proven Secureworks Taegis IDR product, Sophos ITDR is fully integrated into Sophos’ open AI-native platform, Sophos Central, enabling your customers to deploy with speed and confidence.

Sophos ITDR automatically runs more than 80 advanced identity posture checks, going far beyond basic hygiene to uncover risks in minutes. The solution includes full coverage of MITRE ATT&CK Credential Access techniques, alerts you when credentials are exposed in data breaches, and flags anomalous user activity.

Sophos ITDR helps your customers:

• Reduce their identity attack surface: Sophos ITDR continuously scans Microsoft Entra ID environment to uncover misconfigurations, identify security gaps, and provides clear, actionable recommendations.
• Monitor for leaked or stolen credentials: In the past year, the number of stolen credentials offered for sale on one of the dark web’s largest marketplaces has more than doubled*. Sophos ITDR protects user accounts from unauthorized access by monitoring the dark web and breach databases and alerting when credentials have been exposed.
• Identify risky user behavior: Sophos ITDR detects abnormal activity associated with stolen credentials or insider threats, such as unusual login patterns.
• Protect against identity-based threats: Sophos ITDR enables analysts to respond quickly and effectively with built-in actions such as forcing password resets and locking down suspicious accounts.

A critical part of a complete security portfolio 

Identity is a vital component of any modern security strategy. Sophos provides unmatched cyber defenses through an open AI-native platform spanning identity, endpoints, network, firewall, cloud, email, and productivity tools. Sophos ITDR strengthens your customers’ defenses and is available as an add-on for Sophos Extended Detection and Response (XDR) and Sophos Managed Detection and Response (MDR):

• Sophos XDR + Sophos ITDR: Equip your customers’ in-house security teams with advanced tools to detect and stop active adversaries and identity-based threats.
• Sophos MDR + Sophos ITDR: Enable your customers to offload investigations and response activities for identity-based threats to our expert analysts, freeing their IT and security staff to focus on core business priorities.

Sophos ITDR enables you to unlock new revenue streams by delivering comprehensive protection against identity threats. Expand your reach, attract new business, and retain existing customers looking to strengthen their defenses against identity-based attacks. Term subscriptions for Sophos ITDR are available now, with MSP Flex monthly billing available from November 1, 2025.

Discover how Sophos ITDR can help you expand your customer base. Visit the new resources on the Sophos Partner Portal (login required), take the Sophos ITDR partner training, or connect with your Sophos representative today to get started.

*Observed by Sophos X-Ops Counter Threat Unit™ (CTU).