As threat actors continue to target identity infrastructure with account compromise tactics such as credential stuffing, the ability to swiftly contain and mitigate identity risks at scale is critical in defending crucial data assets and protecting users. In 2023, 39% of incidents investigated by Arctic Wolf Incident Response were initiated via external remote access using compromised, legitimate credentials, underscoring the importance of ITDR capabilities as a core function of security operations, as opposed to a standalone XDR, SIEM, or SOAR solution. “Identity threat detection and response (ITDR) is emerging as a security operations center (SOC) function focus while IAM teams grapple with new tools to address enhancing detection of identity misuse,” according to Gartner® Research.1
The Arctic Wolf Platform updates include:
Active Response for Identity: New capabilities enable immediate action against threats in identity infrastructure, leveraging response actions to quickly disable impacted user accounts, revoking access to potentially sensitive information or systems and reducing risk for organizations.
Microsoft Defender for Identity Integration: New integration with Microsoft Defender for Identity to protect user identities and reduce attack surfaces, increasing visibility into identity infrastructure for earlier detection of identity-based attacks, including Business Email Compromise (BEC).
Okta Impossible Travel Detection: Expanded detection capabilities for the existing Okta integration that will enhance cross-attack surface coverage with detection of compromised accounts using indicators of compromise (IOC) based on velocity alerts from Okta.
“As adversaries increase the use of identity-based attacks, the ability to integrate robust ITDR capabilities into security operations is critical in building business resilience, as containment and mitigation extends beyond the endpoint alone,” said Dan Schiappa, chief product and service officer, Arctic Wolf. “Effective cybersecurity hinges on detecting and remediating threats as quickly as possible. These new capabilities allow us to narrow the detection gap and minimize impact, effectively extinguishing and restricting adversarial account access more completely. As we continue to innovate on our world-class security operations platform, we are excited to continue to deliver on the security outcomes and resilience that have long been promised, yet underdelivered, by the security market at large.”
Through its cloud-native, AI-driven platform, Arctic Wolf empowers organizations of almost any size to achieve security operations at the push of a button. Through hundreds of security and technology integrations available to customers today, the Arctic Wolf Security Operations Cloud ingests, parses, enriches, and analyzes more than 5.5 trillion security events per week from a global base of over 5,700 customers.
