ChannelLife US - Industry insider news for technology resellers
United States
ThreatDown launches identity threat detection service
MFA Cloud Security SOCs

ThreatDown launches identity threat detection service

Tue, 12th May 2026 (Today)
Mark Tarre
MARK TARRE News Chief

ThreatDown has launched an Identity Threat Detection and Response (ITDR) product and introduced an Ultimate MDR Plus bundle that includes it.

The ITDR product monitors identities for suspicious activity, misconfigurations and attacks targeting user accounts and privileges. It integrates with Microsoft Entra ID, Okta and Active Directory, and is built into ThreatDown's existing endpoint detection and managed detection and response platform.

The launch reflects a broader shift in cyber attacks towards the use of valid credentials rather than malware or direct network intrusion. Attackers increasingly exploit stolen credentials, session tokens and authenticated user sessions, allowing them to evade controls focused on the point of login.

Identity breaches can take more than eight months on average to detect, contain and remediate, according to ThreatDown. The new product aims to shorten that window by linking identity events with endpoint telemetry in a single investigation timeline.

The system can be deployed through ThreatDown's existing agent and does not require an additional console. Customers using its platform for endpoint, identity and email security can therefore manage those tools through a single interface.

Identity focus

The product is designed to detect threats such as account compromise, privilege abuse, MFA fatigue and persistence techniques. It also assesses identity posture and flags configuration issues that could be exploited.

By combining endpoint and identity data, it is intended to help security teams investigate incidents involving users, sessions and access rights without switching between separate tools. That could reduce the manual cross-referencing often required when identity and endpoint monitoring sit in different systems.

For customers using managed services, ThreatDown's teams can provide round-the-clock identity detection and remediation for Elite MDR and Ultimate MDR Plus users. The offer is aimed at smaller IT teams and managed service providers that may lack dedicated identity security staff.

Kendra Krause, General Manager of ThreatDown, outlined the rationale for the launch.

"Attackers have shifted from breaking in to logging in, which means the most dangerous activity now happens after authentication," said Kendra Krause, General Manager, ThreatDown. "Identity threat detection is the natural next layer of our platform, extending the same unified visibility and guided response our customers rely on for endpoints into the identity systems they use every day. By building ITDR directly into our platform, we're giving lean IT teams and MSPs a practical way to close this gap without a new tool, a new console, or added overhead."

Bundle offer

Alongside the standalone ITDR launch, ThreatDown introduced Ultimate MDR Plus, a bundle that combines the ITDR product, MDR Plus services and Premium Support in a single stock keeping unit. It is positioned as the company's broadest package for customers seeking identity monitoring alongside managed detection and response.

The ITDR product is available as an add-on to Advanced EDR and Elite MDR packages, while managed service providers can also add it to their own portfolios. That channel focus aligns with ThreatDown's effort to serve smaller organisations through partners and MSPs rather than relying solely on large in-house security teams.

The distinction between identity threat detection and identity and access management has become more pronounced as attackers move beyond password attacks. IAM systems are typically designed to control who can log in, using tools such as passwords, multi-factor authentication and conditional access policies. ITDR products, by contrast, monitor what happens after authentication, looking for signs such as privilege escalation, token abuse and lateral movement.

That post-authentication emphasis has drawn growing attention across the cyber security market, particularly as organisations spread user identities across cloud services, software-as-a-service applications and mixed fleets of managed and unmanaged devices. In those environments, a compromised account can give an attacker legitimate-looking access that is harder to detect through conventional controls alone.

ThreatDown, previously the corporate business unit of Malwarebytes, has been expanding its managed security portfolio as competition intensifies among vendors seeking to bundle endpoint, identity and monitoring tools. The latest launch puts identity monitoring at the centre of that strategy, with an emphasis on customers that want a single platform rather than separate specialist products.

The new service is available through partners and managed service providers, with 24/7 managed monitoring for identity incidents offered to customers on the higher-tier MDR packages.

Related stories
Silverfort & SentinelOne unite on AI identity security
Enzoic partners boost defences against stolen passwords
WatchGuard buys Perimeters.io in cloud security push
Cork Cyber adds automated mapping to Vantage platform
Attackers exploit trust in Blackpoint Cyber report
Top stories
Cognite Flows brings AI tools to industrial front line
Solid State Logic launches portable TCA Tour system
Address data is the retail superpower
BlackBerry renews share buyback plan for 26.8 million
Trademarks professionals warm to AI with human oversight