News
Identity Threat Detection and Response (ITDR) Adoption Grows Despite Organizational Hurdles
December 2024 by Quest Software
Quest Software released insights into the adoption of an increasingly popular approach to security - Identity Threat Detection and Response (ITDR). According to a survey of 373 IT professionals across various industries, organizations that have started their ITDR journeys are reaping its security benefits, but many are running into roadblocks to unlock its full potential.
The growing prominence of ITDR is driven by organizations’ need for a comprehensive and effective approach to combat the consistent deluge of attacks against identity infrastructure – especially Microsoft Active Directory and Entra ID, which are used in more than 90% of organizations[1], according to Gartner. Microsoft reports that credential misuse is a factor in 99% of the 600 million[2] daily identity attacks against Entra ID. ITDR strengthens organizations’ ability to prevent, detect, investigate and respond to identity-based threats – the new perimeter for defense and the foundation upon which all other defense layers sit.
Key insights outlined in the report include:
• ITDR measures are effective. More than eight in ten (84%) of organizations are reaping benefits from their ITDR efforts, even if ITDR has not been fully implemented. Over one in three (36%) say their expectations have been fully met or exceeded.
• Implementation complexity remains a significant challenge. The top three hurdles identified are integration with existing systems (69%), lack of budget (61%) and insufficient expertise (59%).
• Low ITDR maturity persists. This is attributed to a lack of strategic focus on identity threat prevention, identity disaster recovery, and the involvement of internal IAM teams in ITDR efforts. Only half of companies use an identity infrastructure security solution, less than a third (31%) test their identity disaster recovery plans, and only 34% cite their access management teams as being primarily responsible for ITDR.
• Executive understanding is a roadblock. Nearly half of organizations point to a lack of executive understanding of the ITDR business case as a challenge, as it leads to inadequate funding of the effort.
"One study participant mentioned that their executives believe multifactor authentication alone is sufficient for ITDR. However, ITDR extends far beyond general access management, encompassing all aspects of identity security," said John Hernandez, President, and General Manager at Quest Software. "Our research demonstrates that an ITDR strategy is proving highly effective in addressing identity-based threats. The challenge now is to educate organizations so that identity management and security teams receive the attention and funding they need."
