Last week, Gartner released Hype Cycle for Security Operations, 2023, which included Identity Threat Detection and Response (ITDR) at the latter stages of the “Innovation Trigger” category.
This is the second time Oort was recognized as a Sample Vendor in the Hype Cycle this month, after the Hype Cycle for Midsize Enterprises, 2023.
In this blog, we’ll explore why ITDR is gaining momentum and is likely to have a significant impact in the next 2-5 years.
Priority Matrix: Gartner Hype Cycle for Security Operations, 2023
What is Identity Threat Detection and Response?
According to Gartner: “more sophisticated attackers are actively targeting the IAM infrastructure itself”, and so security teams need better ways to detect and respond to identity attacks.
According to the Hype Cycle for Security Operations, 2023, “ITDR is a discipline that includes tools and best practices that protect identity infrastructure itself from attacks. ITDR can block and detect threats, confirm administrator posture, respond to various types of attacks and restore normal operation as needed.”
Oort has observed a significant increase in security teams looking to improve their detention and response to identity threats. We believe this aligns well with previous Gartner research and predictions. In 2022, the Gartner Magic Quadrant™ for Access Management (November 2022) predicted that “by 2026, 90% of organizations will be using some type of embedded identity threat detection and response function from access management tools as their primary way to mitigate identity attacks, up from less than 20% today.”
More is Needed Than Just Traditional Active Directory Threat Detection and Response
At this stage, you may be thinking, “Wait, is this new? Haven’t we been using AD logs in SIEMS for decades?”
While Active Directory Threat Detection and Response (AD TDR) has existed for a while, it fails to account for the increased number of cloud-based IAM tools. These technologies are often adopted without full awareness of the security teams. This makes identity and access management infrastructure a critical blindspot. Moreover, there is a lack of understanding among security teams about the importance of good IAM hygiene and strong identity posture.
As the Hype Cycle for Security Operations, 2023 states, “Lack of awareness of IAM administrator hygiene, detection, and response best practices means that many organizations are not adequately protecting their identity infrastructure. More is needed than just traditional AD TDR.”
Response Capabilities Are Still Nascent
The Hype Cycles note, however, that there are still obstacles that need to be overcome with ITDR. Specifically, “The ‘R’ part of ITDR is still nascent. Automated responses are still relatively basic.”
As a discipline, response playbooks for identity threats are still emerging. For example, to what extent are security teams killing sessions or quarantining users?
To learn more about Oort’s response capabilities, read about the newly-released One-Click-Remediation: Oort's Response Capabilities: Remediate Compromised Accounts with Just One Click.
To read more about possible threat response playbooks, you can also read our Identity Security Blueprint paper.
Oort’s Approach to Identity Threat Detection and Response
The Oort Identity Security Platform provides ITDR capabilities alongside other capabilities like Identity Security Posture Management.
From building tracking guest and service accounts to threat hunting and response options, Oort supports a wide range of identity security use cases. To learn more about these use cases, check out https://www.youtube.com/playlist?list=PLjAyjB6bayd5QJ2j36WLkDaqspsNFs3wv
Alternatively, you can read about our ITDR capabilities at https://oort.io/solutions-identity-threat-detection-and-response.
Gartner Disclaimer:
Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER, HYPE CYCLE and MAGIC QUADRANT are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.