What is ITDR?
ITDR (Identity Threat Detection and Response) is a security category focused specifically on threats targeting identity infrastructure, credential theft, account takeover, privilege escalation, and identity-based lateral movement.
Updated 2026-05-19
ITDR emerged in 2022-2023 as identity attacks became the dominant initial access vector. Microsoft, Okta, CrowdStrike, and dedicated ITDR vendors (Silverfort, Authmind, Permiso) have entered the category. ITDR products combine identity telemetry, behavior analytics, and response actions targeted at identity systems. The category overlaps with EDR (which sees endpoint identity activity) and UEBA (which baselines user behavior).
How Command Zero handles ITDR.
Identity is one of Command Zero's primary investigation lanes. The platform connects to Okta, Microsoft Entra, Ping Identity, and other identity providers through the Federated Data Model, and runs expert questions against identity events alongside endpoint, email, and cloud data. Cross-IdP correlation, common in environments with multiple identity systems, is supported by default. ITDR alerts feed into Command Zero investigations alongside other signal types.
Book a Command Zero demo.
Live in under an hour. No migration. Zero training data required.
Book a Demo