What ITDR Does
Think of ITDR as a security system that protects your digital identity—your usernames, passwords, and accounts—just like a home security system protects your house.
ITDR does three big things:
Watches for suspicious activity
It keeps an eye on your accounts to spot unusual behavior, like:
- Someone trying to log in from another country
- Too many failed password attempts
- Accessing things they normally shouldn’t
Alerts when something looks wrong
Using data from your normal activity, we can spot issues with hackers trying to gain access by geo-locating every login and checking for abnormal behavior.
Our Security Operations Center (SOC) reviews suspicious activity to ensure your identity is not compromised.
If something seems off, ITDR raises a flag so security teams can check it out quickly.
A security team is monitoring this activity 24/7 to make sure no one slips through the door. Having expert monitoring of this activity is essential to safeguarding your identity.
Helps stop the threat
We can instantly isolate your account and deny access to hackers.
It can take action, such as:
- Locking an account
- Forcing a password reset
- Blocking the suspicious activity
Then work with you to reset your credential securely.
ITDR helps ensure:
- Your accounts stay safe
- Hackers can’t pretend to be you
- Your company’s data stays protected
It’s basically an early-warning system + automatic protection for your digital identity.
FAQ
What does ITDR stand for?
Identity Threat Detection & Response. It’s a critical security control that continuously monitors for abnormal identity-based behaviors that could indicate compromise or abuse.
Is Google Workspace supported?
Yes, both Google and M365 logs are ingested and evaluated for ITDR incidents.
Is ITDR included in Fortified360?
Yes. ITDR is a core security control available on all plans. It helps reduce human risk and protect identities without requiring an upgrade. ITDR is paired with our 24/7 MDR team, who monitor alerts, triage incidents, and respond to threats, so you get a human-powered safety net on top of automated protection.
Is ITDR a replacement for Cloud Directory Posture?
Yes. ITDR replaces and goes well beyond the capabilities of our included Cloud Directory Posture.
While “posture” focuses on static misconfigurations at the individual user level, ITDR delivers dynamic, behavior-based threat detection, identifying anomalous activity, privilege escalations, authentication-related attacks, and more. It’s smarter, deeper, and built to evolve with modern identity risks.
What Responses are available as part of ITDR?
The main response action is to suspend the user, thereby preventing further spread of the attack. This remediation, along with isolating a device, are designed to be strong but reversible actions to mitigate a threat without hindering long term productivity.
Suspending a user can be done by the admin at the click of a button or by the SOC when approval has been granted.
What log sources does ITDR use?
Currently, ITDR leverages Microsoft 365 logs (Graph API) for identity threat detection and response. Google Workspace support is coming soon.