MDR firm claims solution is the industry’s only vendor-agnostic open XDR solution that supports identity threat detection and response. Credit: Laurence Dutton / Getty Images Managed detection and response (MDR) service provider Proficio has launched ProSOC Identity Threat Detection and Response to protect businesses from identity-based attacks and credential abuse. The firm claimed the service is the industry’s only vendor-agnostic Open XDR solution that supports identity threat detection and response and works with existing security tools without proprietary agents or sensors. The release comes at a time when identity-based threats are one of the top cybersecurity risks faced by organizations.Service aims to increase visibility, quicken responses, reduce ransomwareIn a press release, Proficio stated that its new service leverages advanced technology combined with human-led investigations to detect threats to an organization’s identity and access management (IAM) infrastructure. “The fact that identity compromises are present in most ransomware and supply chain attacks is a major concern for our clients,” said Brad Taylor, CEO, Proficio. “Traditional approaches to security monitoring with manual incident response are often too slow to react to these attacks and compromises.”The vendor agnostic service delivers several advantages in identity threat detection and response, Proficio said, including: Increased visibility: Identity threat use cases, cross-correlation rules, machine learning models, telemetry from security devices, and threat intelligence data are combined to detect identity-based attacks and compromises more accurately. Clients receive prioritized alerts aligned with the MITRE ATT&CK framework and can view identity threat activity in Proficio’s ProView portal.Fast response: Active Defense supports automated and semi-automated functions, allowing incident responders to perform a double validation of a threat before initiating an account suspension.Reduced ransomware risk: Solution helps to prevent ransomware attackers stealing privileged credentials to propagate ransomware across business applications and cloud instances.When a high-fidelity threat is detected the automated response solution, Active Defense, can quickly suspend or reset a user account for one or more applications, Profico added. ProSOC Identity Threat Detection and Response is offered as an optional extension to Proficio’s MDR service. Identity-based threats a significant risk for organizationsIdentity-based threats are a top risk to organizations with attackers increasingly attempting to steal credentials, escalate privileges, and move laterally across an organization’s infrastructure. What’s more, The CyberArk 2022 Identity Security Threat Landscape Report cited the rise of human and machine identities as driving a buildup of identity-related cybersecurity debt exposing organizations. Across businesses assessed in the research, the vendor identified 30 digital identities for every staff member with 68% of non-human/bot identities having access to sensitive data which, if unmanaged and unsecured, represent significant cybersecurity risks.Speaking to CSO, Gartner Research Director Analyst Henrique Teixeira says that, as evidenced in the 2021 Verizon Data Breach Investigations Report, credential misuse is a primary attack vector with 61% of all breaches involving credentials either stolen via social engineering or hacked using brute force. “The more-sophisticated attackers are now actively targeting the IAM infrastructure itself. For instance, the SolarWinds breach used administrative permissions to gain access to the organization’s global administrator account or trusted SAML token signing certificate to forge SAML tokens for lateral movement,” he says. Forrester VP and Principal Analyst Andras Cser adds that, as most businesses now rely on and manage various digital identities, more robust detection and response capabilities are required to address identity-driven threats. “Protecting identity and identity context is very important,” he says. “Ditching the password is probably the best thing you can do and using adaptive authentication around devices is another key element to consider.” Related content news DocGo says hackers stole patient data in a recent cyberattack The attack compromised some healthcare data with no material or financial losses, the company said. By Shweta Sharma May 08, 2024 3 mins Data Breach Hacking news Google, Meta, Spotify accused of flouting Apple’s device fingerprinting rules Security researchers allege that several apps are collecting data from iOS devices, violating Apple’s policy on device fingerprinting. By Gyana Swain May 08, 2024 7 mins Mobile Security Application Security news analysis Kinsing crypto mining campaign targets 75 cloud-native applications Five years after being discovered, the Kinsing cryptojacking operation remains very active against organizations, employing daily probes for vulnerable applications using an ever-growing list of exploits. By Lucian Constantin May 08, 2024 6 mins Cryptocurrency Malware Application Security feature How to future-proof Windows networks: Take action now on planned phaseouts and changes Microsoft has telegraphed its desire to start shuttering some legacy Windows systems. Here’s how to get ahead of the security changes that will inevitably come to the platform. By Susan Bradley May 08, 2024 6 mins Windows Security Threat and Vulnerability Management Network Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe