"Identity has become the most common entry point for cyberattacks," Lumos declared in February through a report that put numbers to what most in the security industry have been saying for a few years.
Lumos, in its report,
AI, Automation, and Risk in 2026: Identity at a Breaking Point, found that 96% of organizations have been hit with identity-based security incidents. Among those organizations surveyed, 43.6% reported that stolen credentials were used in attacks, while 48.1% said bad actors got in through multifactor authentication (MFA) fatigue techniques.”
“The reality of the new threat landscape is that identity has become a core driver for organizational security, at a time when the job of managing identities has become harder than ever,”
Tristan Morris, senior product marketing manager for the agentic AI-based autonomous identity platform startup,
wrote in a blog post.
This is a key challenge for MSSPs, MSPs, and corporate security teams, as the ongoing adoption of AI, cloud, SaaS, and other advanced technologies has led to an explosion of identities, most of them non-human identities (NHIs) like those connected to AI agents and service accounts.
ITDR on the Front Burner
The rapid growth of human and non-human identities, along with rising identity-based attacks, is expanding demand for tools that help organizations, MSSPs, and MSPs better protect themselves and their clients. In recent months, security vendors such as
Huntress and
Blumira have bolstered their endpoint detection and response (EDR) and identity threat detection and response (ITDR) offerings.
ThreatDown is now muscling into the crowded space with its own ITDR offering, unveiled this month. It allows security teams, MSPs, and MSSPs to monitor identities so they can detect suspicious activity, misconfigurations, and attacks against user accounts and privileges. It includes native integrations with Okta and Microsoft’s Entra ID and Active Directory for hybrid identity environments and is integrated with its own EDR and managed detection and response (MDR) platform, giving users greater identity visibility, guided response capabilities, and attack path hardening.
Built for MSSPs, MSPs, SMBs
A key differentiator for ThreatDown, the former corporate business unit of Malwarebytes, is that most ITDR products are built for enterprise security teams with unlimited resources, according to General Manager
Kendra Krause.
“We built ThreatDown ITDR for the reality of the resource-constrained environment that MSPs often operate in,” Krause, who was
Sophos’ top channel executive before joining ThreatDown last year, told MSSP Alert. “By providing guided response playbooks and one-click Security Advisor recommendations, we eliminate the need for specialized identity experts.”
In addition, the native integration with ThreatDown’s EDR and MDR platform means security teams don’t have to move between consoles or deploy additional agents. Instead, they get a unified solution.
“For those who want full hands-off protection, our MDR service extends this coverage with 24/7 managed monitoring, ensuring that identity threats are contained even when your team is offline,” she said.
A Channel-First Approach
Such capabilities fall in line with ThreatDown’s channel-focused approach that includes MSPs and MSSPs and kicked off last year with the rollout of its Nexus Partner Program, which brought with it such features as strict deal protection and margin retention. The company saw the share of business transacted through distribution
grow from about 1% to 40%.
The introduction of the ITDR is a nod to the needs of SMBs and the MSSPs and MSPs that serve them, Krause said.
“The reality for MSPs today is that they are the ultimate target,” she said. “Because they maintain access to their customers' environments, a single compromised MSP credential can trigger a waterfall of data breaches across hundreds of clients. This risk is compounded by the explosion of non-human identities ... which operate in the background and are impossible to track manually.”
Meshing ITDR with MDR
If they’re going to stay ahead of the threat, security services providers need to bridge the gap between endpoint and identity telemetry, she said. That means a unified and cost-effective way to correlate suspicious behavior with anomalous events in real time.
“By including post-authentication monitoring and automated response, they can stop an identity breach before it has the chance to move laterally across a client’s network,” Krause said. “For service providers, this [new ITDR] solution is about shifting from reactive to proactive identity management.”By using it, MSSPs and MSPs gain operational efficiency by having the tool available through ThreatDown’s OneView console, so they don’t have to pivot between siloed tools or add overhead or headcount. In addition, it delivers instance containment.
By using it, MSSPs and MSPs gain operational efficiency by having the tool available through ThreatDown’s OneView console, so they don’t have to pivot between siloed tools or add overhead or headcount. In addition, it delivers instance containment.
New Revenue Streams
“Attackers increasingly target companies after hours – weekends, holidays, and the early morning hours – when fewer people are watching,” she said. “In this industry, time is everything. MSPs can use our one-click response features to suspend accounts or revoke sessions the moment a threat is identified, stopping a breach in its tracks before it reaches the client's sensitive data.”
ThreatDown’s ITDR also opens up new revenue streams for MSSPs and MSPs by enabling them to offer the vendor’s MDR and ITDR bundled together and use its Attack Path Discovery tool to map and close routes that attackers can exploit to move laterally through clients’ environments.
“They can show clients organization-wide risk trends – identifying vulnerable users due to MFA gaps or dark web exposure – and provide proactive and continuous hardening of those paths, while ensuring threats are detected and remediated,” she said.