Cybersecurity has been a constant focus businesses for years. At least it should have been, though we know that, until relatively recently, many companies failed to recognize how critical a powerful cybersecurity posture is, or at least didn’t truly understand the breadth of cyber threats facing their infrastructure, networks, devices, data, users, and customers. It’s been an evolutionary space, for sure. As cyber threats have evolved, cybersecurity solutions have evolved to combat those new threats. New attack vectors are constantly emerging, creating an ongoing game of cat and mouse. In the latest version, we’ve seen a significant shift as identity has emerged as the new perimeter. What it means is that no longer are firewalls and networks the sole focus, but attackers are increasingly bypassing traditional defenses by compromising user identities. This only underscores the need for robust identity security.
In simple terms, identity security refers to the processes, technologies, and policies designed to protect digital identities – that includes users, applications, and – and control their access to sensitive systems and data. With cloud services and remote work having become part of the new standard, user identities, including usernames, passwords, MFA tokens, and API keys, represent the primary entry point into an organization's digital ecosystem. As such, the must be tightly secured to prevent unauthorized access by malicious actors.
The risks aren’t much different than other attack vectors, and they carry equally damaging consequences:
- Data breaches: Compromised credentials are the leading cause of data breaches, allowing attackers direct access to sensitive information.
- Ransomware and malware infection: Once inside, attackers can deploy malicious software, leading to system paralysis and data exfiltration.
- Financial fraud: Unauthorized access to financial systems or accounts can result in direct monetary loss.
- Reputational damage: Breaches severely erode customer trust and damage a company's standing in their respective markets.
- Compliance violations: Weak identity controls can lead to failures in meeting regulatory requirements and, consequently, hefty fines (in addition to other ramifications)
- Business disruption: Account takeovers or insider threats stemming from compromised identities can disrupt critical operations.
It’s a very real threat. According to IBM, lost or stolen credentials were the most common attack vector, playing a role in 16% of breaches last year. What’s more, 60% of all cyber attacks targeted identities – that’s an increase of more than 70% from 2023, so it’s clear attackers are seeing a weakness to exploit – and on businesses and their MSPs need to fortify.
How do identities become compromised? There are several common reasons, in addition to sophisticated phishing schemes that cause users to hand over their credentials (e.g., human error).
- Weak or reused passwords: Not having software that ensures employees can’t use simple or repeated passwords across services.
- Lack of MFA: Failing to implement MFA, or using weak forms of MFA, leaves accounts vulnerable if passwords are stolen.
- Insufficient access controls: Granting users more permissions than necessary allows attackers to cause more damage if an account is compromised.
- Poor lifecycle management: Not promptly deprovisioning access for departed employees, missing devices, or unused applications and services, and not properly managing external contractor accounts.
- Inadequate monitoring: Failing to continuously monitor identity-related logs for suspicious login attempts, impossible travel scenarios, or unusual access patterns.
- Neglecting behavioral analytics: Relying solely on static security rules rather than analyzing user behavior for anomalies that could signal compromise.
Recognizing the severity of the threat, Guardz announced the launch of its new Identity Threat Detection and Response (ITDR) solution (yes, another cybersecurity acronym). This sophisticated capability is now integrated into Guardz's AI-native, unified MDR platform, providing an important layer of identity defense. Guardz's ITDR combines real-time behavioral analytics and agentic AI with human-led threat hunting and automated response, allowing MSPs to detect and stop increasingly advanced identity-based threats that bypass traditional firewalls, email, and endpoint security.
"Attackers don’t need to break down doors anymore; they are quietly walking in through the identities of your users,” said Dor Eisner, CEO and Co-Founder of Guardz. “Our ITDR capability gives MSPs a powerful new layer of defense that goes far beyond login alerts. We’re detecting sophisticated patterns like token theft and session hijacking, cutting through the noise, and helping MSPs take decisive action before damage is done.”
The Guardz Research Unit (GRU), comprising expert threat hunters and Guardz AI agents, plays a pivotal role in this, analyzing large sets of identity and log data from popular platforms, like Microsoft 365 and Google Workspace. This extensive data allows them to detect subtle behavioral anomalies, such as impossible travel scenarios, like a user logging in from two geographically distant locations simultaneously. It also help identify authentication anomalies, token theft, credential abuse, and mailbox takeovers – all signs of identity compromise. The data is further enriched with broader user context, which helps MSPs more effectively identify and fight real threats, rather than wasting time chasing false positives.
To ensure its solution is able to identify the latest threats, the GRU’s ongoing threat research and AI agents continually uncover new identity-based attack techniques, which are then converted into new detection logic and deployed across the platform.
For Guardz Ultimate Plan customers, the incident response process is highly streamlined: Guardz’s AI triages the event, escalating validated incidents to a 24/7 MDR team. Then, human SOC analysts validate the incident and provide MSPs with actionable guidance on containment actions, ensuring swift, effective response and remediation.
Edited by
Erik Linask
