This new solution for Sophos XDR and Sophos MDR continuously monitors customer environments for identity risks and misconfigurations and scans the dark web for compromised credentials.

It enables organizations to detect and respond to identity-based attacks rapidly and identify risky user behaviour that could pose a threat to their business.

This launch is a significant milestone building on the Secureworks acquisition, broadening Sophos’ portfolio and is the first Secureworks solution that has been fully integrated into the Sophos Central platform, further enabling comprehensive security operations outcomes for its 600,000 customers.

Sophos ITDR addresses identity-based attacks, one of the fastest-growing threat vectors globally. Sophos X-Ops observed a 106 percent increase in stolen credentials for sale on the dark web between June 2024 and June 2025, underscoring the growing risk.

The Sophos Active Adversary Report further found that compromised credentials were the number-one root cause of attacks across MDR and incident response cases for the second year in a row, with 56 percent of incidents involving attackers logging into external remote services with valid accounts.

“Cloud and remote work have expanded the identity attack surface and created new opportunities for attackers,” said Rob Harrison, SVP, product management, Sophos. “Complex identity and access management systems with constantly changing settings and policies create gaps that attackers target. Sophos ITDR helps close those gaps by giving customers faster visibility into identity risks, monitoring for compromised credentials, and integrating with Sophos XDR and Sophos MDR for rapid, analyst-led response.”

Sophos ITDR uncovers identity risks and is designed to protect and detect against all known MITRE ATT&CK Credential Access techniques with detection rules for all of the techniques The solution performs more than 80 cloud identity posture checks, monitors for compromised credentials on the dark web, and uses AI-driven detections to identify identity-based attacks such as kerberoasting, privilege escalation, account takeover, brute force, and lateral movement. Response playbooks within Sophos ITDR, enable automated remediation actions, including account lock, password reset, multi-factor authentication refresh, and session revocation.

Key Features and Benefits in Sophos ITDR

• Identity Catalog: Gain complete visibility across all identities across systems to reduce blind spots.
• Identity Posture Dashboard: Get a single, prioritized view of identity risks, including compromised credentials on the dark web, to act faster.
• Continuous Assessments: Strengthen security posture with ongoing detection of misconfigurations, dormant accounts, vulnerabilities, and MFA gaps.
• Compromised Credential Monitoring: Protect users by detecting and alerting when stolen credentials surface in breach databases.
• Dark Web Intelligence: Stay ahead of attackers with proactive monitoring of underground markets for leaked credentials.
• User Behavior Analytics (UEBA): Spot insider threats and anomalous activity early to prevent account takeover and lateral movement.
• Advanced Identity Detections: Detect sophisticated identity attacks such as kerberoasting, account compromise, stolen credentials, password spray, brute force, and impossible travel.
• Identity Response Actions: Take immediate action on identity threats with integrated response actions to disable accounts, reset user sessions, reset passwords, or mark users as compromised in Microsoft Entra ID.

The Sophos ITDR solution integrates with Sophos XDR and Sophos MDR, automatically generating cases when identity-based threats or high-risk findings arise. With Sophos MDR, Sophos security analysts then investigate and take response actions on behalf of customers, accelerating remediation and reducing risk.

 “Sophos ITDR has improved visibility into our identity risks and streamlined how we manage them,” said an Information Security Director at a financial services firm. “Having identity risk data available within Sophos XDR is a game changer for strengthening our overall security posture.”

“Identity has become the new frontline of cyber defense, and Sophos ITDR delivers the visibility and automation needed to stay ahead of attackers. By covering the full spectrum of identities from users to service accounts and applications, it closes blind spots, strengthens our overall security posture, and provides clear remediation actions that help my team address risks quickly and effectively,” said a CISO at a financial services firm.

Cybercriminals are getting craftier daily. Phishing emails, intended to fool customers into divulging private information, are getting more and more convincing. Ransomware attacks, in which hackers lock down your data and demand a ransom to unlock it, can cause operational disruption and leave the business in a bind. Data breaches, reveal private customer information and can undermine confidence and harm any business.

By understanding the risks and implementing cybersecurity best practices, entrepreneurs can readily safeguard themselves and their clients. Businesses can mitigate the risk of cyberattacks and safeguard their operations by investing in cybersecurity solutions.

Unprecedented capabilities for detecting, preventing, and responding to cyber threats are provided by the incorporation of Artificial Intelligence (AI) and Machine Learning (ML) into cybersecurity practices. These are more than simply a technological breakthrough. AI and ML provide tools for businesses to stay ahead of cybercriminals by revolutionizing the ways in which threats are identified, anticipated, and countered. In today’s digital world, these technologies’ advantages—increased consumer trust, cost-effectiveness, scalability, and efficiency—are priceless

The benefits and potential applications for Nigerian businesses, as well as examples of efficient AI-powered cybersecurity tools, are examined by me in this article.

AI and ML are revolutionizing cybersecurity by enabling frameworks to learn and adapt to new threats in real-time. These innovations can examine immense measures of information to identify patterns and anomalies that might indicate a cyberattack. AI and ML technologies have the unique ability to process vast amounts of these data at incredible speeds, and make decisions with minimal human intervention. These capabilities make them particularly well-suited for enhancing cybersecurity in several ways.

Secondly, when a cyberattack happens, AI-powered systems can rapidly analyze the situation, isolate the affected systems, and contain the threats. This quick reaction can limit harm and speed up recovery efforts.

Thirdly, for Nigerian SMEs, which often lack the resources to invest heavily in cybersecurity, AI and ML offer a compelling solution. Advanced security measures can be implemented in an accessible and cost-effective manner through AI services hosted in the cloud. These services can protect SMEs from a wide range of threats, including phishing, ransomware and malware.

Examples of AI-powered cybersecurity platforms include; Security Information and Event Management (SIEM) systems, Endpoint protection platforms (EPPs), User and entity behavior analytics (UEBA) and Incident response platforms. The integration of AI and ML into cybersecurity is not just a technological advancement; it is a necessity for Nigerian SMEs and enterprises aiming to protect their digital assets.

In conclusion, though machine learning (ML) and artificial intelligence (AI) have enormous potential, it is essential to acknowledge that they are not a sliver bullet.  Human expertise remains crucial in mitigating and preventing cyberthreats. A mix of tech and human intelligence remain the best way to deal with issues that may arise. Training employees on how to identify phishing emails, use secure passwords, and protect devices should be provided to employees. These trainings can help raise awareness about cyber threats and how to prevent them.

About the Author

Chukwuka is an enthusiastic and high-achieving cloud professional with years of experience in cloud computing, cybersecurity, and IT infrastructure management. He is passionate about leveraging technology to drive innovation and growth, particularly within Nigeria’s cloud computing sector.

He is also dedicated to revolutionizing how businesses operate by providing tailored cloud solutions that enhance sales, security, and productivity.