Sophos Expands SecOps Portfolio with New Identity Threat Detection and Response Solution

Sophos, a global leader in cybersecurity, has launched Sophos Identity Threat Detection and Response (ITDR), a new addition to its Sophos XDR and Sophos MDR platforms. The solution continuously monitors customer environments for identity risks and misconfigurations while scanning the dark web for compromised credentials. This enables organizations to quickly detect and respond to identity-based threats and identify risky user behavior that could endanger their operations.

The launch marks a key milestone following Sophos’ acquisition of Secureworks, as ITDR becomes the first fully integrated Secureworks solution within the Sophos Central platform. This integration expands Sophos’ security operations capabilities for its more than 600,000 customers worldwide.

Identity-based attacks have become one of the fastest-growing cyber threats globally. According to the Sophos Active Adversary Report, stolen credentials were the leading cause of cyber incidents for the second consecutive year, accounting for 56 percent of all investigated cases. Sophos X-Ops also reported a 106 percent increase in stolen credentials available on the dark web between June 2024 and June 2025.

“Cloud and remote work have expanded the identity attack surface and created new opportunities for attackers,” said Rob Harrison, SVP of Product Management at Sophos. “Complex identity and access management systems with constantly changing settings and policies create gaps that attackers exploit. Sophos ITDR helps close those gaps by giving customers faster visibility into identity risks, monitoring for compromised credentials, and integrating with Sophos XDR and Sophos MDR for rapid, analyst-led response.”

Sophos ITDR leverages advanced detection techniques to identify and defend against all known MITRE ATT&CK Credential Access methods. It performs more than 80 cloud identity posture checks and uses AI-driven detection to uncover threats such as kerberoasting, privilege escalation, brute force attacks, account takeover, and lateral movement. The platform also includes automated response playbooks that can initiate remediation steps like account locking, password resets, multi-factor authentication refreshes, and session revocations.

Through its integration with Sophos XDR and MDR, the ITDR solution automatically generates cases when identity threats or high-risk findings are detected. Sophos’ security analysts can then investigate and take action on behalf of customers, accelerating remediation and minimizing risk.

“Sophos ITDR has improved visibility into our identity risks and streamlined how we manage them,” said an information security director at a financial services firm. “Having identity risk data available within Sophos XDR is a game changer for strengthening our overall security posture.”

A chief information security officer at another firm added, “Identity has become the new frontline of cyber defense, and Sophos ITDR delivers the visibility and automation needed to stay ahead of attackers. By covering the full spectrum of identities—from users to service accounts and applications—it closes blind spots and strengthens our overall security posture.”

Sophos partners can access enablement materials and sales resources for the new solution via the Sophos Partner Portal.