MDR firm claims solution is the industry’s only vendor-agnostic open XDR solution that supports identity threat detection and response. Credit: Laurence Dutton / Getty Images Managed detection and response (MDR) service provider Proficio has launched ProSOC Identity Threat Detection and Response to protect businesses from identity-based attacks and credential abuse. The firm claimed the service is the industry’s only vendor-agnostic Open XDR solution that supports identity threat detection and response and works with existing security tools without proprietary agents or sensors. The release comes at a time when identity-based threats are one of the top cybersecurity risks faced by organizations.Service aims to increase visibility, quicken responses, reduce ransomwareIn a press release, Proficio stated that its new service leverages advanced technology combined with human-led investigations to detect threats to an organization’s identity and access management (IAM) infrastructure. “The fact that identity compromises are present in most ransomware and supply chain attacks is a major concern for our clients,” said Brad Taylor, CEO, Proficio. “Traditional approaches to security monitoring with manual incident response are often too slow to react to these attacks and compromises.”The vendor agnostic service delivers several advantages in identity threat detection and response, Proficio said, including:Increased visibility: Identity threat use cases, cross-correlation rules, machine learning models, telemetry from security devices, and threat intelligence data are combined to detect identity-based attacks and compromises more accurately. Clients receive prioritized alerts aligned with the MITRE ATT&CK framework and can view identity threat activity in Proficio’s ProView portal.Fast response: Active Defense supports automated and semi-automated functions, allowing incident responders to perform a double validation of a threat before initiating an account suspension.Reduced ransomware risk: Solution helps to prevent ransomware attackers stealing privileged credentials to propagate ransomware across business applications and cloud instances.When a high-fidelity threat is detected the automated response solution, Active Defense, can quickly suspend or reset a user account for one or more applications, Profico added. ProSOC Identity Threat Detection and Response is offered as an optional extension to Proficio’s MDR service. Identity-based threats a significant risk for organizationsIdentity-based threats are a top risk to organizations with attackers increasingly attempting to steal credentials, escalate privileges, and move laterally across an organization’s infrastructure. What’s more, The CyberArk 2022 Identity Security Threat Landscape Report cited the rise of human and machine identities as driving a buildup of identity-related cybersecurity debt exposing organizations. Across businesses assessed in the research, the vendor identified 30 digital identities for every staff member with 68% of non-human/bot identities having access to sensitive data which, if unmanaged and unsecured, represent significant cybersecurity risks.Speaking to CSO, Gartner Research Director Analyst Henrique Teixeira says that, as evidenced in the 2021 Verizon Data Breach Investigations Report, credential misuse is a primary attack vector with 61% of all breaches involving credentials either stolen via social engineering or hacked using brute force. “The more-sophisticated attackers are now actively targeting the IAM infrastructure itself. For instance, the SolarWinds breach used administrative permissions to gain access to the organization’s global administrator account or trusted SAML token signing certificate to forge SAML tokens for lateral movement,” he says. Forrester VP and Principal Analyst Andras Cser adds that, as most businesses now rely on and manage various digital identities, more robust detection and response capabilities are required to address identity-driven threats. “Protecting identity and identity context is very important,” he says. “Ditching the password is probably the best thing you can do and using adaptive authentication around devices is another key element to consider.” Related content news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Malware Cybercrime news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach news Top cybersecurity product news of the week New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Cycode, and more. By CSO staff Nov 30, 2023 17 mins Generative AI Security feature How to maintain a solid cybersecurity posture during a natural disaster Fire, flood, eathquake, hurricane, tornado: natural disasters are becoming more prevalent and they’re a threat to cybersecurity that isn’t always on a company’s radar. Here are some ways to prepare for the worst. By James Careless Nov 30, 2023 8 mins Security Operations Center Data and Information Security Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe