MDR firm claims solution is the industry’s only vendor-agnostic open XDR solution that supports identity threat detection and response. Credit: Laurence Dutton / Getty Images Managed detection and response (MDR) service provider Proficio has launched ProSOC Identity Threat Detection and Response to protect businesses from identity-based attacks and credential abuse. The firm claimed the service is the industry’s only vendor-agnostic Open XDR solution that supports identity threat detection and response and works with existing security tools without proprietary agents or sensors. The release comes at a time when identity-based threats are one of the top cybersecurity risks faced by organizations.Service aims to increase visibility, quicken responses, reduce ransomwareIn a press release, Proficio stated that its new service leverages advanced technology combined with human-led investigations to detect threats to an organization’s identity and access management (IAM) infrastructure. “The fact that identity compromises are present in most ransomware and supply chain attacks is a major concern for our clients,” said Brad Taylor, CEO, Proficio. “Traditional approaches to security monitoring with manual incident response are often too slow to react to these attacks and compromises.”The vendor agnostic service delivers several advantages in identity threat detection and response, Proficio said, including:Increased visibility: Identity threat use cases, cross-correlation rules, machine learning models, telemetry from security devices, and threat intelligence data are combined to detect identity-based attacks and compromises more accurately. Clients receive prioritized alerts aligned with the MITRE ATT&CK framework and can view identity threat activity in Proficio’s ProView portal.Fast response: Active Defense supports automated and semi-automated functions, allowing incident responders to perform a double validation of a threat before initiating an account suspension.Reduced ransomware risk: Solution helps to prevent ransomware attackers stealing privileged credentials to propagate ransomware across business applications and cloud instances.When a high-fidelity threat is detected the automated response solution, Active Defense, can quickly suspend or reset a user account for one or more applications, Profico added. ProSOC Identity Threat Detection and Response is offered as an optional extension to Proficio’s MDR service. Identity-based threats a significant risk for organizationsIdentity-based threats are a top risk to organizations with attackers increasingly attempting to steal credentials, escalate privileges, and move laterally across an organization’s infrastructure. What’s more, The CyberArk 2022 Identity Security Threat Landscape Report cited the rise of human and machine identities as driving a buildup of identity-related cybersecurity debt exposing organizations. Across businesses assessed in the research, the vendor identified 30 digital identities for every staff member with 68% of non-human/bot identities having access to sensitive data which, if unmanaged and unsecured, represent significant cybersecurity risks.Speaking to CSO, Gartner Research Director Analyst Henrique Teixeira says that, as evidenced in the 2021 Verizon Data Breach Investigations Report, credential misuse is a primary attack vector with 61% of all breaches involving credentials either stolen via social engineering or hacked using brute force. “The more-sophisticated attackers are now actively targeting the IAM infrastructure itself. For instance, the SolarWinds breach used administrative permissions to gain access to the organization’s global administrator account or trusted SAML token signing certificate to forge SAML tokens for lateral movement,” he says. Forrester VP and Principal Analyst Andras Cser adds that, as most businesses now rely on and manage various digital identities, more robust detection and response capabilities are required to address identity-driven threats. “Protecting identity and identity context is very important,” he says. “Ditching the password is probably the best thing you can do and using adaptive authentication around devices is another key element to consider.” Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe