What Is Identity Threat Detection and Response?
Identity Threat Detection and Response (ITDR) is the discipline of detecting and responding to identity-based attacks in progress: credential theft, privilege escalation, lateral movement, and anomalous access patterns that indicate an account has been compromised or misused. ITDR tools establish a behavioral baseline for each identity, then flag deviations from that baseline for investigation or automated response.
When an ITDR platform detects a likely attack, it can trigger a range of responses: alerting an analyst, forcing a re-authentication, suspending a session, or orchestrating a broader response across the connected security stack. Speed matters here more than almost anywhere else in identity security, since the window between initial compromise and lateral movement is often measured in minutes.
ITDR’s detection accuracy depends on having a reliable baseline of normal behavior for each identity it watches. An identity that was never captured in the platform’s monitored inventory in the first place, and therefore never had a baseline established, generates no anomaly signal at all if it’s misused: there is no “normal” recorded for the behavior to deviate from.