ThreatDown has launched an identity threat detection and response product and introduced an Ultimate MDR Plus bundle.
The new ITDR offering is designed to monitor identities for suspicious activity, misconfigurations and attacks targeting user accounts and privileges. It integrates with Microsoft Entra ID, Okta and Active Directory, giving customers visibility across hybrid identity environments without requiring an additional agent.
The launch expands ThreatDown's portfolio beyond endpoint detection and managed detection and response at a time when identity-based attacks have become a central concern for security teams. Stolen credentials are now a common entry point in breaches, and attackers increasingly exploit the period after authentication rather than trying to defeat the initial login process.
The product is built into ThreatDown's existing EDR and MDR platform, allowing identity activity to be viewed alongside endpoint telemetry in a single investigation timeline. That is intended to reduce the manual work of matching identity events with suspicious behaviour on devices across separate tools.
Its detection focus includes account compromise, privilege abuse, MFA fatigue and persistence techniques. It also aims to surface identity posture issues and misconfigurations before they are exploited, while helping security teams investigate incidents affecting users, sessions and access across directory services and identity providers.
Alongside the launch, ThreatDown unveiled Ultimate MDR Plus, which combines the new ITDR product with MDR Plus and Premium Support in one package. The bundle is aimed at customers that want identity monitoring, managed response and an expanded support tier under a single stock keeping unit.
Identity focus
Identity security has become a bigger battleground as organisations spread applications and workloads across cloud services, software-as-a-service platforms, and a mix of managed and unmanaged devices. In that environment, conventional identity and access controls such as passwords, MFA and conditional access can still leave gaps when an attacker uses a valid credential, session token or hijacked authenticated session.
ThreatDown positioned the new product as a way to monitor malicious activity after a user has already passed authentication. This is where threats such as token abuse, privilege escalation and lateral movement can develop without being caught quickly by traditional access management systems.
According to ThreatDown, identity incidents often take longer than many other forms of compromise to detect, contain and remediate. That delay has increased demand for tools that combine endpoint, identity and managed monitoring in a single workflow, particularly for smaller IT teams and managed service providers that may not have dedicated identity security staff.
"Attackers have shifted from breaking in to logging in, which means the most dangerous activity now happens after authentication," said Kendra Krause, General Manager, ThreatDown.
"Identity threat detection is the natural next layer of our platform, extending the same unified visibility and guided response our customers rely on for endpoints into the identity systems they use every day. By building ITDR directly into our platform, we're giving lean IT teams and MSPs a practical way to close this gap without a new tool, a new console, or added overhead," Krause said.
Channel route
The new product is available through partners and managed service providers. It is included in the Ultimate MDR Plus bundle and can also be added to ThreatDown's Advanced EDR and Elite MDR packages, while MSPs can attach it to their own services on an a la carte basis.
For Elite MDR and Ultimate MDR Plus customers, ThreatDown's managed services team will handle identity detection and remediation around the clock. That approach is likely to appeal to smaller organisations that want broader monitoring but do not plan to increase in-house security headcount.
The company's pitch rests in part on operational simplicity. Customers can manage endpoint, identity and email security through a unified console and use a single agent deployment, which ThreatDown argues can shorten response times and lower operating costs compared with stitching together multiple standalone products.
That positioning aligns with a broader trend in cyber security, where vendors are trying to consolidate functions that were once bought separately. Buyers have increasingly pushed for fewer consoles, simpler deployment models and more direct links between detection and response as attack surfaces widen and skilled security staff remain in short supply.
ThreatDown, previously the corporate business unit of Malwarebytes, said the launch is intended for both direct customers and the service provider channel. Its managed coverage option is designed to support resource-constrained teams that need continuous monitoring of identity activity alongside endpoint incidents.
ITDR is now available as an add-on to Advanced EDR and Elite MDR bundles, and is included in Ultimate MDR Plus.