Blumira enhances EDR and ITDR to speed up threat detection and containment

Blumira has announced the release of expanded endpoint detection and response (EDR) and identity threat detection and response (ITDR) capabilities in its platform. Security teams on Blumira Respond and Automate editions can now contain active threats by isolating compromised endpoints, stopping malicious processes, and locking out attackers across Microsoft 365 and Active Directory, without ever leaving the Blumira dashboard.

“Ransomware and identity-based attacks including business email compromise are top-of-mind concerns keeping IT teams up at night right now,” said Matt Warner, CEO of Blumira. “Response teams shouldn’t have to jump between multiple dashboards during an active breach, or have to wonder what to do next. These endpoint and identity security improvements help us deliver on our promise of manageable, scalable security for busy teams and partners.”

Ransomware attacks continue to increase, rising by 34% since 2024, and are seen in 44% of breaches according to Verizon’s DBIR 2025 report. For IT administrators and MSP technicians managing an active incident, the difference between a contained threat and a full-blown breach often comes down to incident response times and having the right toolkit. By bringing endpoint and identity response into a unified platform where threats are detected and investigated, Blumira cuts down the time between threat detection and mitigation.

“We’re stopping breaches in seconds instead of minutes or hours. I don’t have to find a password, log in, get to the user, revoke MFA, and change their password. I can do all of that in one click,” said Matt Timm, Network Operations Center Team Lead at TR Computer Sales. “Efficiency is key, especially in a security monitoring department. For us to have everything in one central location — the information, what’s happening, the ways that we can fix it, and then the feedback of how it was fixed — is huge.”

Stop threats fast, wherever you find them

The benefits of Blumira ITDR and EDR include:

• Improved response times: Users can respond directly from a new finding, so teams move from detection to containment with less time and less clicks
• Enriched threat context: Response teams have the context of an investigation, whether it’s related to a compromised M365 account to shutting down privilege abuse before it escalates
• Faster containment with a clear response process: IT teams have fewer tools to manage under pressure, and have the insight they need to build team confidence and security expertise

Extending security operations across your toolchain

Blumira is also announcing enhancements to its Public API, giving partners and power users new capabilities to assign findings, add comments, resolve incidents, and query evidence programmatically. For MSPs managing security across multiple client environments, these additions make it easier to connect Blumira to existing PSA platforms, RMM tools, and custom workflows, keeping security operations inside the tools teams already use every day.