Identity Glossary

Identity Threat Detection and Response (ITDR)

A neutral definition of Identity Threat Detection and Response: how it detects identity-based attacks, and what it needs to detect against.

What Is Identity Threat Detection and Response?

Identity Threat Detection and Response (ITDR) is the discipline of detecting and responding to identity-based attacks in progress: credential theft, privilege escalation, lateral movement, and anomalous access patterns that indicate an account has been compromised or misused. ITDR tools establish a behavioral baseline for each identity, then flag deviations from that baseline for investigation or automated response.

When an ITDR platform detects a likely attack, it can trigger a range of responses: alerting an analyst, forcing a re-authentication, suspending a session, or orchestrating a broader response across the connected security stack. Speed matters here more than almost anywhere else in identity security, since the window between initial compromise and lateral movement is often measured in minutes.

ITDR’s detection accuracy depends on having a reliable baseline of normal behavior for each identity it watches. An identity that was never captured in the platform’s monitored inventory in the first place, and therefore never had a baseline established, generates no anomaly signal at all if it’s misused: there is no “normal” recorded for the behavior to deviate from.

Share

The Core Capabilities of ITDR

Most ITDR platforms are built around five core functions.

1

Behavioral Baselining

Establishing what normal access and activity looks like for each individual identity.

2

Anomaly Detection

Flagging deviations from that baseline in real time: unusual login locations, times, or access patterns.

3

Attack Path Analysis

Mapping how a compromised identity could move laterally or escalate privilege from its current position.

4

Automated Response

Triggering containment actions automatically: forcing re-authentication, suspending a session, or isolating an account.

5

Threat Intelligence Correlation

Matching observed behavior against known attacker tactics, techniques, and procedures (TTPs).

Frequently Asked Questions

See the Identity System of Record in Action

Hydden discovers, reconciles, and continuously governs every identity — human, machine, and agentic — across your enterprise.

Hydden Logo

Hydden, Inc.

1701 Rhode Island Ave NW, 4th Floor

Washington, DC 20036

SOC 2 Type 2 Certified

Stay Updated

Sign up to be the first to know about important company and product updates

© 2026 Hydden Inc. All rights reserved.Privacy PolicyTerms of Service