Why does identity matter more than ever in cybersecurity?

Identity has become the new perimeter. Attackers no longer rely only on malware. They target accounts, tokens and credentials. Cybercriminals now buy stolen logins from dark web marketplaces and disguise themselves as trusted users.

In 2024, 71 percent of attacks used valid credentials. This means attackers logged in rather than broke in. That statistic alone explains why traditional endpoint tools miss many threats. If an attacker is using a valid identity, there may be no malware file to detect. This is why identity security now sits at the center of modern cyber defense.

Identity Threat Detection and Response (ITDR) is a relatively new security category that focuses on detecting identity misuse. It helps SOC teams identify when legitimate accounts behave in suspicious ways. The challenge is that most ITDR tools operate separately from EDR and SIEM. That leads to more security silos and extra tools for already stretched MSPs and MSSPs.

Stellar Cyber has changed this by embedding ITDR directly into its Open XDR platform. This gives MSSPs correlated insights across identity data, endpoints, networks, cloud and logs in one place.

What is ITDR and how does it protect identity in the SOC?

ITDR stands for Identity Threat Detection and Response. It focuses on detecting cyber attacks that use stolen or abused identities. ITDR monitors authentication logs, account behavior and access patterns to spot anomalies sooner.

What does ITDR detect?

ITDR looks for identity-based threats such as:

• MFA bypass attacks

• Privilege escalation

• Lateral movement between systems

• Impossible travel logins

• Dormant accounts coming back to life

• Compromised admin accounts

• Golden ticket and Kerberos attacks

• Suspicious password resets

• Credential abuse from new locations or devices

These threats often appear before ransomware deployment. By detecting these early signals, ITDR gives SOC teams a chance to intervene earlier in the attack chain. That reduces dwell time, limits lateral movement and prevents full-scale breaches.

Why did Stellar Cyber embed ITDR into its platform?

Traditional SOC stacks rely on separate tools: EDR for endpoints, SIEM for log correlation, NDR for network threats and IAM for authentication controls. ITDR used to sit outside this stack, creating yet another silo. Stellar Cyber eliminated this friction by embedding ITDR capabilities into its Open XDR platform.

What does this mean for MSSPs?

MSSPs get:

• Identity analytics alongside endpoint and network data

• Fewer siloed tools to maintain

• Lower operational complexity

• Correlated detections across identity + threat data

• Unified investigations that combine user context

• More accurate alerting and faster response

This move shifts identity from a separate control to a core detection source inside the SOC.

What problem does ITDR solve for MSPs and MSSPs?

Many MSPs believe their endpoint protection tools are enough, but EDR cannot detect identity misuse. SIEMs collect logs but often lack the behavioral intelligence to identify identity abuse. Attackers know this. They weaponise valid accounts to bypass defenses. Without ITDR, SOC teams are reactive instead of proactive.

With ITDR, MSSPs can:

• Detect credential theft before ransomware is deployed

• See cross-system identity misuse at speed

• Reduce false positives through contextual analysis

• Build strong lateral movement detection

• Provide high-value identity monitoring services

• Close a major SOC blind spot and increase trust with customers

In short, ITDR helps MSSPs evolve from tool monitoring to attack disruption.

How does Stellar Cyber’s ITDR improve detection?

Stellar Cyber uses AI-powered detection models and behavioral analytics to learn normal user activity. It then identifies anomalies that suggest malicious activity. By integrating ITDR into Open XDR, the platform automatically correlates identity signals with endpoint, network and log data.

A real life example:

If a user suddenly logs in from two countries at the same time, that is suspicious. If that same user then attempts to access a privileged system and downloads sensitive files, that is a high priority threat. Stellar Cyber automatically connects these events so the SOC team does not miss the bigger picture.

This prevents analysts from being overwhelmed by disconnected alerts. Instead, they investigate meaningful attack stories with context already applied.

How does embedded ITDR help with SOC efficiency?

SOC teams struggle with alert fatigue and case overload. Without context, analysts spend hours chasing low-value alerts. ITDR improves SOC efficiency by reducing noise and surfacing identity-driven threats that matter.

• Automated correlation reduces manual investigation

• Identity context helps analysts prioritise faster

• Attack chains are clearly visualised

• Risk scoring helps triage threats quickly

• Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) improve

For MSSPs delivering managed detection and response (MDR), time is a competitive advantage. Embedded ITDR translates into faster response and stronger SOC outcomes.

How do MSSPs package ITDR as a service?

ITDR gives MSSPs a strong commercial opportunity. Clients understand identity risk because they are already using Microsoft 365, Azure AD or Google Workspace. The gap is protection.

MSSP service bundles could include:

By combining ITDR with XDR and SOC services, MSSPs can increase monthly recurring revenue and win enterprise accounts.

Where does enhanced.io fit into this?

Incorporating Stellar Cyber, enhanced.io delivers Open XDR-powered platform for MSP partners. This allows MSPs to add identity protection without extra tools or integration work.

What do enhanced.io partners get?

• ITDR alerts built into the SOC workflow

• Identity risk visibility for every tenant

• Unified reporting for identity + endpoint + network threats

• Support from enhanced.io’s Fractional Security Team

• Compliance-ready reports covering identity security requirements

This helps MSPs offer identity protection at scale without hiring more security analysts.

How does ITDR support compliance frameworks?

Many regulatory and cyber insurance frameworks now require identity controls. ITDR makes compliance easier by proving that identity threats are monitored and addressed.

Relevant standards supported by ITDR include:

• NIST CSF

• ISO 27001

• Cyber Essentials

• SOC 2

• HIPAA

• CIS Controls

Customers need proof of security improvement. ITDR provides measurable metrics.

Identity is now a SOC priority

Identity is now the number one attack vector. Threat actors use valid credentials to move through networks silently. ITDR gives MSPs and MSSPs a decisive advantage by closing the identity gap in the SOC.

With Stellar Cyber embedding ITDR directly into Open XDR, identity protection is no longer a bolt-on. It is part of the detection pipeline. For enhanced.io partners, this means identity alerts, investigations and reports are unified across every tenant.

The MSSPs that win in 2025 will be the ones that embrace identity-first security.