1 Executive Summary
Identity Threat Detection and Response (ITDR) is a class of security solutions designed to proactively detect, investigate, and respond to identity-related threats and vulnerabilities in an organization's IT environment. ITDR solutions focus on protecting digital identities and infrastructure against a variety of attacks by threat actors.
ITDR is a crucial component of a comprehensive cybersecurity strategy, as identities have become the primary targets of attackers looking to gain unauthorized access to sensitive systems and information. By focusing on the security of identities, ITDR helps organizations protect against a range of threats, including credential theft, account takeovers, and insider threats.
This Leadership Compass covers the dynamics of this emerging market, provides a framework for evaluating ITDR solutions, and offers guidance on how enterprises can select the appropriate technologies for their organizations. To better understand the fundamental principles this report is based on, please refer to KuppingerCole’s Research Methodology.
1.1 Key Findings
In our research on ITDR, we found the following:
- The total market size of ITDR (including revenue, services, labor, fines, lawsuits, ransom payments, etc.) was in excess of $2.4 billion in 2023, with very strong growth in 2024.
- ITDR is a use case, not a product and will likely be called by another name by 2025. In this report we propose “identity defense-in-depth” (IDID), but the market will eventually decide.
- The ITDR market spans the space between identity IT administration and security operations center (SOC) threat detection and response. This dynamic is creating a new type of solution, because protecting identity requires both departments to cooperate in converged products.
- BeyondTrust, CrowdStrike, Microsoft, Securonix, and SentinelOne are market leaders, joined by Gurucul in product leadership.
- Consolidation has heated up in the ITDR market, with Cisco acquiring Oort and Delinea acquiring Authomize.
- All vendors we cover in this report have experienced strong product-market fit, but they are also fairly diverse in their architecture and approaches. As such, selecting a vendor relies primarily on enterprise organizations understanding internal requirements for ITDR.