MDR firm claims solution is the industry’s only vendor-agnostic open XDR solution that supports identity threat detection and response. Credit: Laurence Dutton / Getty Images Managed detection and response (MDR) service provider Proficio has launched ProSOC Identity Threat Detection and Response to protect businesses from identity-based attacks and credential abuse. The firm claimed the service is the industry’s only vendor-agnostic Open XDR solution that supports identity threat detection and response and works with existing security tools without proprietary agents or sensors. The release comes at a time when identity-based threats are one of the top cybersecurity risks faced by organizations.Service aims to increase visibility, quicken responses, reduce ransomwareIn a press release, Proficio stated that its new service leverages advanced technology combined with human-led investigations to detect threats to an organization’s identity and access management (IAM) infrastructure. “The fact that identity compromises are present in most ransomware and supply chain attacks is a major concern for our clients,” said Brad Taylor, CEO, Proficio. “Traditional approaches to security monitoring with manual incident response are often too slow to react to these attacks and compromises.”The vendor agnostic service delivers several advantages in identity threat detection and response, Proficio said, including: Increased visibility: Identity threat use cases, cross-correlation rules, machine learning models, telemetry from security devices, and threat intelligence data are combined to detect identity-based attacks and compromises more accurately. Clients receive prioritized alerts aligned with the MITRE ATT&CK framework and can view identity threat activity in Proficio’s ProView portal.Fast response: Active Defense supports automated and semi-automated functions, allowing incident responders to perform a double validation of a threat before initiating an account suspension.Reduced ransomware risk: Solution helps to prevent ransomware attackers stealing privileged credentials to propagate ransomware across business applications and cloud instances.When a high-fidelity threat is detected the automated response solution, Active Defense, can quickly suspend or reset a user account for one or more applications, Profico added. ProSOC Identity Threat Detection and Response is offered as an optional extension to Proficio’s MDR service. Identity-based threats a significant risk for organizationsIdentity-based threats are a top risk to organizations with attackers increasingly attempting to steal credentials, escalate privileges, and move laterally across an organization’s infrastructure. What’s more, The CyberArk 2022 Identity Security Threat Landscape Report cited the rise of human and machine identities as driving a buildup of identity-related cybersecurity debt exposing organizations. Across businesses assessed in the research, the vendor identified 30 digital identities for every staff member with 68% of non-human/bot identities having access to sensitive data which, if unmanaged and unsecured, represent significant cybersecurity risks.Speaking to CSO, Gartner Research Director Analyst Henrique Teixeira says that, as evidenced in the 2021 Verizon Data Breach Investigations Report, credential misuse is a primary attack vector with 61% of all breaches involving credentials either stolen via social engineering or hacked using brute force. “The more-sophisticated attackers are now actively targeting the IAM infrastructure itself. For instance, the SolarWinds breach used administrative permissions to gain access to the organization’s global administrator account or trusted SAML token signing certificate to forge SAML tokens for lateral movement,” he says. Forrester VP and Principal Analyst Andras Cser adds that, as most businesses now rely on and manage various digital identities, more robust detection and response capabilities are required to address identity-driven threats. “Protecting identity and identity context is very important,” he says. “Ditching the password is probably the best thing you can do and using adaptive authentication around devices is another key element to consider.” Related content feature What is IAM? Identity and access management explained IAM is a set of processes, policies, and tools for controlling user access to critical information within an organization. By David Strom May 07, 2024 12 mins Identity Management Solutions IT Leadership Security news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 07, 2024 12 mins RSA Conference Security news Google launches Google Threat Intelligence at RSA Conference The new addition to Google Cloud Security is designed to give security teams information to inform approaches to protecting against external threats, managing attack surfaces, and mitigating digital risks. By Sascha Brodsky May 06, 2024 4 mins Google Cloud Functions Cloud Security Security Software brandpost Sponsored by Elastic Search + RAG: The 1-2 punch transforming the modern SOC with AI-driven security analytics AI is modernizing how SOCs function, triaging countless alerts down to a handful of attacks that matter most. By Mike Nichols, Product for Security at Elastic May 06, 2024 3 mins Artificial Intelligence PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe