MDR firm claims solution is the industry’s only vendor-agnostic open XDR solution that supports identity threat detection and response. Credit: Laurence Dutton / Getty Images Managed detection and response (MDR) service provider Proficio has launched ProSOC Identity Threat Detection and Response to protect businesses from identity-based attacks and credential abuse. The firm claimed the service is the industry’s only vendor-agnostic Open XDR solution that supports identity threat detection and response and works with existing security tools without proprietary agents or sensors. The release comes at a time when identity-based threats are one of the top cybersecurity risks faced by organizations.Service aims to increase visibility, quicken responses, reduce ransomwareIn a press release, Proficio stated that its new service leverages advanced technology combined with human-led investigations to detect threats to an organization’s identity and access management (IAM) infrastructure. “The fact that identity compromises are present in most ransomware and supply chain attacks is a major concern for our clients,” said Brad Taylor, CEO, Proficio. “Traditional approaches to security monitoring with manual incident response are often too slow to react to these attacks and compromises.”The vendor agnostic service delivers several advantages in identity threat detection and response, Proficio said, including: Increased visibility: Identity threat use cases, cross-correlation rules, machine learning models, telemetry from security devices, and threat intelligence data are combined to detect identity-based attacks and compromises more accurately. Clients receive prioritized alerts aligned with the MITRE ATT&CK framework and can view identity threat activity in Proficio’s ProView portal.Fast response: Active Defense supports automated and semi-automated functions, allowing incident responders to perform a double validation of a threat before initiating an account suspension.Reduced ransomware risk: Solution helps to prevent ransomware attackers stealing privileged credentials to propagate ransomware across business applications and cloud instances.When a high-fidelity threat is detected the automated response solution, Active Defense, can quickly suspend or reset a user account for one or more applications, Profico added. ProSOC Identity Threat Detection and Response is offered as an optional extension to Proficio’s MDR service. Identity-based threats a significant risk for organizationsIdentity-based threats are a top risk to organizations with attackers increasingly attempting to steal credentials, escalate privileges, and move laterally across an organization’s infrastructure. What’s more, The CyberArk 2022 Identity Security Threat Landscape Report cited the rise of human and machine identities as driving a buildup of identity-related cybersecurity debt exposing organizations. Across businesses assessed in the research, the vendor identified 30 digital identities for every staff member with 68% of non-human/bot identities having access to sensitive data which, if unmanaged and unsecured, represent significant cybersecurity risks.Speaking to CSO, Gartner Research Director Analyst Henrique Teixeira says that, as evidenced in the 2021 Verizon Data Breach Investigations Report, credential misuse is a primary attack vector with 61% of all breaches involving credentials either stolen via social engineering or hacked using brute force. “The more-sophisticated attackers are now actively targeting the IAM infrastructure itself. For instance, the SolarWinds breach used administrative permissions to gain access to the organization’s global administrator account or trusted SAML token signing certificate to forge SAML tokens for lateral movement,” he says. Forrester VP and Principal Analyst Andras Cser adds that, as most businesses now rely on and manage various digital identities, more robust detection and response capabilities are required to address identity-driven threats. “Protecting identity and identity context is very important,” he says. “Ditching the password is probably the best thing you can do and using adaptive authentication around devices is another key element to consider.” Related content news analysis SEC rule for finance firms boosts disclosure requirements Amendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers. By Evan Schuman May 17, 2024 5 mins Data Breach Financial Services Industry Data Privacy feature DDoS attacks: Definition, examples, and techniques Distributed denial of service (DDoS) attacks have been part of the criminal toolbox for over twenty years, and they’re only growing more prevalent and stronger. By Josh Fruhlinger May 17, 2024 10 mins DDoS Cyberattacks news FCC proposes BGP security measures Protecting the Border Gateway Protocol is as important as protecting the border. By Gyana Swain May 17, 2024 1 min Regulation Network Security news US AI experts targeted in cyberespionage campaign using SugarGh0st RAT Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence. By Lucian Constantin May 16, 2024 4 mins Phishing Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe