Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Confused By ITDR Washing? Real-Time Detection Matters Most

"ITDR" is the new industry buzzword and predictably, vendors are jumping on the bandwagon. They claim they do “ITDR" by bending the definitions of solutions to capabilities that already exist, and still fail to address the root problems.
Written by
Mark Batchelor
Published on
March 31, 2025

If you’ve been paying attention to the identity space lately, you may have noticed a buzzword increasingly tossed around: Identity Threat Detection and Response (ITDR). Predictably, almost every identity vendor, endpoint vendor, and several adjacent players are jumping on the bandwagon to claim they do “ITDR”.

Spoiler alert: most of them don’t.

ITDR Washing: Rushing To Claim A Newest Feature

ITDR is important—critically so. As identity attacks become the top vector for breaches, security teams need real-time visibility and response capabilities to address limitations with identity management systems that can’t detect fast growing attacks. But instead of building meaningful ITDR capabilities, vendors are slapping the term onto weak or even existing features—“hey, we detect anomalous logins, right?”—let’s claim that as ITDR and upsell customers for it. There are a growing number of examples of this in the market:

  • Weak risk signaling with post authentication alerting. That’s not ITDR
  • Repackaging of IAM vendor’s existing risk engine? That’s not ITDR.
  • An EDR vendor adding in a few simplistic identity signals? Still not ITDR.
  • A dashboard that shows risky logins but does nothing to respond? Definitely not ITDR.

ITDR washing follows an unfortunately common pattern of vendor “washing” to stake claim to a faster growing category, but results in yet more market confusion and ultimately some customers left with fragmented, incomplete solutions.

What Makes Pure Play ITDR Stand Apart

Verosint was purpose-built ITDR architected around AI behavioral analytics, curated identity intelligence signalling including OSINT, and real-time automated response workflows. Only by detecting and responding to identity-based attacks in real-time can you prevent the near immediate downstream damage that often occurs. We also believe ITDR should be address threat to both workforce and customer identities in the same platform. It should also be able to work across multiple identity providers (IDPs) and any endpoint detection (EDR/XDR) systems because organizations with heterogeneous environments hate being forced to make rip-and-replace decisions or locking uncomfortably into a single vendor stack.

Key ITDR Differences:

Real-Time Correlation and Response – We aggregate, normalize, and act on identity threats in real time, not after the fact.

IDP-Agnostic – Integrate with Okta, Azure AD, Ping, or anything else in your stack.

Endpoint-Agnostic – Pull risk signals from any endpoint platform, not just one vendor’s.

For all Identities – Implement fast with APIs calls that address both workforce and customer identity threats.

Cutting Through The Product Marketing Noise

You may have heard this one before - “Identity is the new perimeter”. It’s actually true that identity-based attacks are now the most common security breach attack vector. It’s also true that marketing can be useful to educate the market and provide awareness of solutions to growing challenges.

However, vendor product marketing that willfully bends the definition of solution categories to fit existing capabilities that don’t address the root problem are less than helpful and can confuse and mislead customers. Focus on ITDR solutions that deliver what security teams actually need: unified visibility, advanced identity intelligence and correlation, AI behavioral analytics, and real-time response across the entirety of your identity and endpoint landscape.

Subscribe to Our Newsletter
No spam. Just the latest releases and tips, interesting articles, industry news and event updates delivered to your inbox.
Mark Batchelor

As the CTO and co-founder of Verosint, Mark leads with a contagious passion for cybersecurity and team building. Before coming to Verosint, Mark served as the VP of Business Development at Chainalysis enabling partners and building strategic alliances for the company. Prior to Chainalysis, he served on the executive team at Ping Identity as the Chief Solution Architect for the global sales engineering team and leading the Innovation Lab initiatives.