ThreatDown ITDR prevents credential-based attacks

ThreatDown, the former corporate business unit of Malwarebytes, launched ThreatDown Identity Threat Detection and Response (ITDR).

ITDR is a new product that helps security teams monitor identities to detect suspicious activity, misconfigurations, and active attacks targeting user accounts and privileges. With native integrations for Microsoft Entra ID, Okta, and Active Directory, security teams gain unified visibility across hybrid identity environments without deploying additional agents.

Natively integrated with the ThreatDown EDR and MDR platform, ITDR delivers correlated endpoint-to-identity visibility, guided response, and proactive attack path hardening. It deploys in minutes with no additional agent or console.

Identities have proliferated across SaaS, cloud workloads, and managed or unmanaged devices. Today, credentials are the most common entry point in data breaches. Attackers no longer break in, they log in using valid, stolen credentials, bypassing IAM and MFA. They operate undetected in the gap between authentication and action.

Identity breaches take the longest to detect, contain and remediate – over 8+ months on average. ThreatDown ITDR closes that gap at a lower total cost of ownership than standalone ITDR products.

“Attackers have shifted from breaking in to logging in, which means the most dangerous activity now happens after authentication,” said Kendra Krause, GM of ThreatDown. “Identity threat detection is the natural next layer of our platform, extending the same unified visibility and guided response our customers rely on for endpoints into the identity systems they use every day. By building ITDR directly into our platform, we’re giving lean IT teams and MSPs a practical way to close this gap without a new tool, a new console, or added overhead.”

ThreatDown is also announcing the Ultimate MDR Plus offering. Ultimate MDR Plus is ThreatDown’s most comprehensive offering to date, a premium bundle that brings together the ITDR product, the enhanced MDR Plus service, and the recently uplifted Premium Support. All are available in a single SKU for customers who want full-stack protection plus the highest level of service and expertise ThreatDown offers.

ThreatDown ITDR capabilities

ThreatDown ITDR monitors identity activity across hybrid environments—Active Directory, Entra ID, and Okta—and correlates it with endpoint telemetry to detect attacks that unfold after authentication.

• Native EDR-ITDR correlation links suspicious endpoint behavior to anomalous identity events in a single investigation timeline, replacing manual cross-referencing across disconnected tools.
• A unified console and single-agent deployment manage endpoint, identity, and email security, improving response time and reducing costs.
• Detect identity-based threats such as account compromise, privilege abuse, MFA fatigue, and persistence techniques.
• Continuously assess identity posture and surface misconfigurations before they are exploited.
• Investigate identity incidents with enriched context across identity providers and directory services.
• Respond faster to suspicious activity affecting users, sessions, and access.

ThreatDown ITDR is available now through partners and managed service providers (MSPs).

ITDR is included in the Ultimate MDR Plus bundle and is available as an add-on product to Advanced EDR and Elite MDR bundles. MSPs can add ITDR to their offerings à la carte. For Elite MDR and Ultimate MDR Plus customers, the ThreatDown managed services team leads identity detection and remediation 24/7, extending coverage without adding headcount.