What is Identity Threat Detection and Response (IDTR)?

Identity threat detection and response (ITDR) describes a new layer of security designed to protect against attacks on user identities, permissions, and identity and access management (IAM) systems.

Why it's time for ITDR

Digital identities are under attack. According to the 2023 ForgeRock Identity Breach Report, attackers not only continue to steal usernames and passwords, but they’re also targeting more valuable personally identifiable information. In 2022, 72% of U.S. breaches contained date of birth and Social Security Number (SSN), a 20% increase over 2021. Unauthorized access remains the top attack vector, accounting for 49% of all data breaches.

How do cybercriminals get the credentials that open the door to unauthorized access? Some use social engineering, such as phishing emails, against organizations and identity providers' employees as a way to steal or misuse credentials, or they can simply buy previously stolen credentials on the dark web.

And, as it turns out, stolen identity data is a gift that keeps on giving. Criminals know that people reuse their passwords, so if they have credentials for one account, there's a good possibility that they can use those same credentials for other accounts. Furthermore, access to just one account can lead to lateral movement, in which an attacker moves deeper into a network in search of sensitive data, such as customer records, intellectual property, financial information, and other high-value targets.

In 2022, in response to evidence that increasingly sophisticated attackers were moving beyond social engineering and actively targeting IAM infrastructure to steal privileged credentials, Gartner introduced a new security term: identity threat detection and response (ITDR).

Is identity threat detection and response (ITDR) a new security product or service?

Not exactly. Gartner defines ITDR as, "A security discipline that encompasses threat intelligence, best practices, a knowledge base, tools and processes to protect identity systems. It works by implementing detection mechanisms, investigating suspect posture changes and activities, and responding to attacks to restore the integrity of the identity infrastructure."1 So, it is a collection of tools and practices to protect identity and access management systems, detect when they are compromised, enable rapid investigations, and offer remediation suggestions to restore affected systems. ITDR can expose and fix configuration vulnerabilities in the IAM infrastructure and analyze identity activity in real time to detect cyberattacks.

Because ITDR is specifically for the protection of identities, entitlements, and IAM systems, it can help organizations protect against a variety of identity-related threats, such as account takeover (ATO), credential or privilege escalations or misuse, insider threats, and lateral movement across the network.

ITDR can mitigate attacks by isolating suspicious traffic, triggering step-up authentication, and integrating with security information and event management (SIEM) or security orchestration, automation, and response (SOAR) tools. ITDR also checks for security misconfigurations in IAM systems to reduce the likelihood of successful attacks on these systems.

How to bring ITDR capabilities into your IAM infrastructure

As noted, ITDR is not one specific product or solution, but its capabilities are available now. The ForgeRock Identity Platform, for example, offers many of the features and capabilities that comprise the ITDR framework and key Gartner recommendations, including:

Gartner recommendation for ITDR ForgeRock solution
A modern IAM infrastructure using current and emerging standards ForgeRock uses OAuth 2.0, FIDO2, OpenID Connect, SAML, UMA 2.0, WebAuth, and many more standards: Learn more
Best practices and a knowledge base ForgeRock offers world-class expertise and guidance in the design, development, and deployment of identity solutions: Learn more
A single authoritative user directory that is protected by active management, threat detection, and response tools ForgeRock Directory Services is a complete, high-performance, internet-scale identity store available globally
A single sign-on access management (AM) tool that continuously assesses user context attributes ForgeRock Access Management and Single Sign-On are part of the integrated ForgeRock platform, which uses AI to continually assess and adapt authorization decisions
Multi-factor authentication (MFA) ForgeRock MFA offers a range of options for MFA, including biometrics, push, OTPs, and more
Account takeover (ATO) fraud detection tools ForgeRock Autonomous Access prevents fraud and ATO at the identity perimeter, during login
Identity governance and administration (IGA) and a cloud infrastructure Cloud-Native Identity Governance is part of the converged ForgeRock IAM platform
User and entity behavior analytics (UEBA) tools ForgeRock Autonomous Access uses AI, including UEBA, that continuously gets smarter at identifying the difference between normal behaviors and emerging threat patterns
Enterprise-wide visibility and explanations for decisions ForgeRock Autonomous Access provides enterprise-wide views for administrators and analysts and clear explanations for access decisions
ForgeRock Autonomous Identity identifies security blind spots and mitigates risks by providing insights into risk during access review
Configuration drift control Allow configuration to be secured in a version control system outside of the IAM infrastructure
Controlled Configuration Promotion With ForgeRock, a security configuration cannot be promoted to production without first going to a controlled promotion process through dev and staging.

The importance of an integrated IAM platform for ITDR

Many IAM systems operate in silos. Enterprises may have multiple systems covering their legacy applications, databases, VPNs, with others designated for cloud services. But these systems can't talk to each other and can't provide you with a holistic view of potential threats.

With ForgeRock, you can eliminate the need for multiple point solutions. ForgeRock offers the industry's only end-to-end, AI-driven platform purpose-built for all identities and for any environment — on-prem, multi-cloud, or hybrid.

  1. https://www.gartner.com/document/4020294
Resources
Blog

ForgeRock Recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Access Management

Blog

What are the Critical Capabilities of Access Management in 2023?

Platform

Learn about ForgeRock Identity Breach Protection

Analyst Report

Read the ForgeRock 2023 Identity Breach Report

Platform

Learn about AI-Driven Threat Prevention