ThreatDown Expands Into Identity Security With ITDR Platform

ThreatDown on Tuesday announced the launch of its new Identity Threat Detection and Response (ITDR) platform, designed to help organizations detect and respond to attacks targeting user identities and credentials after authentication.

The California-based cybersecurity vendor said the product is built to monitor suspicious identity activity across hybrid environments, including Microsoft Entra ID, Okta, and Active Directory. 

The platform integrates directly into ThreatDown’s endpoint detection and managed detection and response ecosystem, giving security teams visibility into both endpoint and identity-based threats from a single console.

Identity attacks move beyond password theft

ThreatDown said identity-based attacks have become one of the most difficult threats for organizations to detect because attackers increasingly rely on legitimate credentials rather than traditional malware techniques.

According to the company, attackers are now “logging in” instead of “breaking in,” using stolen credentials, session hijacking, and token abuse to bypass traditional access controls and multi-factor authentication systems.

“Identity threat detection is the natural next layer of our platform, extending the same unified visibility and guided response our customers rely on for endpoints into the identity systems they use every day. By building ITDR directly into our platform, we’re giving lean IT teams and MSPs a practical way to close this gap without a new tool, a new console, or added overhead,” said Kendra Krause, General Manager of ThreatDown.

The company said that identity breaches now take an average of more than 8 months to detect, contain, and remediate.

ThreatDown connects endpoint and identity visibility

ThreatDown said one of the platform’s key features is native correlation between endpoint telemetry and identity events, allowing security teams to investigate suspicious behavior through a single timeline instead of manually cross-checking multiple security tools.

The ITDR platform also includes capabilities to detect account compromise, privilege abuse, MFA fatigue attacks, persistence techniques, and suspicious session activity. 

Other features include continuous identity posture assessments designed to flag risky misconfigurations before attackers can exploit them.

ThreatDown said the product deploys without requiring additional agents or consoles, a move the company says is aimed at smaller IT teams and managed service providers that may lack dedicated identity security staff.

Ultimate MDR Plus targets managed security demand

Alongside the ITDR rollout, ThreatDown introduced Ultimate MDR Plus, which it describes as its most comprehensive managed security offering so far.

The bundle combines ITDR, MDR Plus, and Premium Support into a single SKU for organizations looking for broader protection and managed response services. 

ThreatDown said its managed services team will provide around-the-clock identity detection and remediation support for Elite MDR and Ultimate MDR Plus customers.

Channel strategy supports ThreatDown’s ITDR rollout

ThreatDown’s announcement comes as identity-based attacks continue to rise across enterprise environments. Attackers increasingly rely on stolen credentials, hijacked sessions, and token abuse to bypass traditional security layers such as passwords and multi-factor authentication.

It also comes as ThreatDown, formerly Malwarebytes’ corporate business unit, continues to expand its channel-first approach globally. We spoke with GM Kendra Krause in 2025 as she was expanding the program.

“We heard from partners that they loved our technology but wanted more support from us, so we came to the table to determine how we could provide more incentives, specific protections, margins, and the resources they need to be competitive,” Krause told us at the time.

Figures reported by the company in April show momentum across the solution portfolio. Bundle deals in the Advance, Elite, and Ultimate tiers grew 14% in the second half of 2025, while MSP customers increased usage of ancillary products, including DNS, MDR, and Cloud for Business, by 12% over the same period.

Krause told Channel Insider she continues to focus on building trust and unlocking growth amongst the partner base.