What the heck is ITDR?

A Crash Course on Identity Threat Detection & Response (ITDR) and its role in Identity Security Ecosystem [Securing Things by M. Yousuf Faisal]

Author

M. Yousuf Faisal
December 22, 2024

Disclaimer: All views presented here, in this newsletter, are my own.

Author or the newsletter are not liable for any actions taken by any individual or any organization / business / entity. The information provided is for education and awareness purposes only and is not specific to any business and or situation.

M. Yousuf Faisal

Table of Contents

Hi Securing Things Community,

📢 Welcome to ITDR (Identity Threat Detection & Response) crash course! 🛡️

If you've ever been curious about what the heck is ITDR and or if you are reading about it the first time, then you are in the right place. It could be misinterpreted with other terminologies that we’ve been used to, as evident from my LinkedIn Poll. Almost 50% guessed it right, while rest got it wrong and mixed it with other terminologies that we’ve been used to hearing.

In this newsletter, I'll cover ITDR's background, foundational concepts, and its role in identity security, IAM, and cybersecurity. Will outline its relation to XDR, industry insights, key software vendors, and provide reference materials. Additionally, I'll share some of my academy initiatives updates, popular social media posts, ways I can assist, and requests.

Special Message:

Before we begin, do me a favour and make sure you hit the “Subscribe” button to let me know that you care and keep me motivated to publish more. Thanks!

Securing Things Academy: (coming soon)

IT & OT CySEAT (Cyber Security Education And Transformation) course is designed for IT and OT cybersecurity practitioners. Join the wait-list → here.

Checkout a brief overview below:

What is ITDR?

ITDR (Identity Threat Detection and Response) is a specialised category or an approach within cybersecurity, that focuses on and or designed to detect, identify, detect and respond to threats targeting identities (whether humans identities or non-human identities i.e. machines). It encompasses tools and best practices that enhance existing Identity Access Management (IAM) systems by adding detection and response capabilities. ITDR aims to provide comprehensive visibility into identity-related threats across hybrid and multi-cloud environments, ensuring rapid response to potential breaches.

Gartner, which first defined ITDR in 2021, views it as distinct cybersecurity category and a necessary evolution to address gaps left by IAM (identity and access management) and PAM (privilege access management) solutions, in order to combat advanced identity-based threats in increasingly hybrid and distributed environments.

Expert Insight: “ITDR is not just a tool; it’s a paradigm shift. It empowers organizations to respond faster and more effectively to identity-based attacks.” – CISO, Fortune 500 Company.

Security Issues: Why is ITDR important?

The rise of identity-related breaches like the most famous ones in 2024 are, Snowflake data breach, Cloudflare, Hugging face and AWS breaches, highlighting the vulnerabilities and limitations in traditional identity management systems. Attackers do prioritise credential theft over exploiting hardware vulnerabilities.

Addresses an essential controls gap: ITDR have the potential to solve problems that are currently unsolvable by other IAM, PAM and XDR solutions due to their different focus and functionality.

Stay updated on Cybersecurity of Things with specialized content, industry insights, career guidance, best practices, market analysis, tools, and training to enhance your skills for a smarter, safer society!

ITDR Explained

Here's a quick crash course on ITDR, covering its fundamental concepts, role in identity security solutions, and key differences. This guide provides all the essentials for those curious or eager to learn more.

Background and Introduction to ITDR

Goal: Understand the origins of ITDR, threat landscape that creates the demand and how it differs from XDR solutions.

The cybersecurity landscape is constantly evolving, with identity threats increasing as attackers target identities to bypass defenses. ITDR has become crucial in combating these challenges, especially as organizations adopt zero trust and identity-centric strategies.

Identity Security Ecosystem & ITDR play

Goal: Understand how and where ITDR positioning is within the broader Identity security ecosystem.

Identities can be divided into 2 types:

  • Human Identities (HI) - our digital identities. Can be internal or external to organization.

  • Non-Human Identities (NHI) - machine related (processes, services or devices). These are all over the place, everywhere, in our workloads, devices, CI/CD pipelines, on-prem or cloud infrastructure, SaaS, code, our IOT, M2M, RPA and more.

Source: Cyberhut

Several terms we need to be familiar with and their roles within identity security solution ecosystem per the diagram below:

  • IAM (Identity Access Management) = solutions focused on providing access control and management of identities in real-time for access to applications and data through user authentication, authorization and accounting.

  • CIAM (Customer Identity & Access Management) = Same as above, but more focused on external users, citizens, consumers, customers and or guest access control.

  • PAM (Privilege Access Management) = solutions that protects privileged accounts with administrative rights or extensive access across an enterprise.

  • IGA (Identity Governance & Administration) = solutions responsible for aggregating and managing digital identities, roles and access rights across enterprise systems.

In an industrial environment, these HI and NHIs exists at each layer of industrial automation stack from cloud to the factory floor. Part of the above solutions also operate at all layers as well. However, some of these solutions are more commonly used across cloud and enterprise layers and or in case of CIAM for serving external customers only.

Solutions like ITDR are important for the cloud and enterprise levels, but they are not commonly used in the lower levels of automation, except in a few advanced settings (which I haven't personally seen). However, as industries move towards Industry 4.0 and beyond, we will likely see these solutions being adopted as part of cybersecurity programs with advance maturity levels.

ITDR within Identity Security across Industrial Environments

ITDR fits into the broader cybersecurity ecosystem as part of a defense-in-depth strategy. It serves as an additional layer of security that complements IAM solutions like PAM and IGA. By focusing on identity-centric threats, ITDR enhances an organization's overall security posture within a Zero Trust framework.

With drive towards Zero Trust, we’d likely going to see more adoption on the industrial side as well.

Securing Things (Sponsor)

OT CBPRS (Cybersecurity Best Practices Requirements Specification) Toolkit!

The Solution (For Asset Owners Only) - Toolkit to get a head start for your OT/ICS Cybersecurity journey for SMB/SME industrial environment. Bonus - comes with limited complimentary seats for IT & OT CySEAT offering.

Below is a brief walkthrough on the OT-CBPRS toolkit:

(Note: Next iteration would include the ISA/IEC 62443-2-1 Security Program related requirements).

Note: I might update this or add more information to this in future versions.

Continue to read more on this after subscribing below.

Read more about ITDR → from Industry analyst perspective, cyber threats driving its needs with example of attack scenarios and ITDR mechanism on addressing them, real-world use cases, capabilities, comparison between ITDR vs. EDR vs. XDR, ITDR vendor insights etc.

Subscribe to keep reading

This content is free, but you must be subscribed to Securing Things Newsletter to continue reading.

I consent to receive newsletters via email. Terms of Use and Privacy Policy.

Already a subscriber?Sign In.Not now

Reply

or to participate.