Identity Threat Detection & Response (ITDR) forms the threat detection capabilities in SaaS security. It is a critical layer of the identity fabric, capable of detecting unauthorized access and behavioral anomalies that indicate a threat from across the SaaS stack. ITDR monitors human and non-human account activity, detecting threats that could interfere with operations or lead to data breaches. Once detected, it triggers a response mechanism designed to secure applications.
When ITDR detects a threat, it triggers an automated response. Alerts are immediately sent to relevant stakeholders, and, depending on the threat, actions may be taken through an integrated SIEM or SOAR system.
ITDR monitors SaaS app logs and activity monitors, IP data, and user behavior analytics. Working with the latest in threat intelligence, it looks for Indicators of Compromise (IOC).
Some IOCs are threats in their own right, while others may be innocent. Using our threat detection engine, ITDR looks for clusters of IOCs that indicate a threat is underway.
The combination of a user logging in from a suspicious IP using an atypical operating system or browser is one case where multiple IOCs come together to indicate a threat.
Adaptive Shield uses a rich set of data from across the entire SaaS stack to detect threats. A user logging into Salesforce and Microsoft 365 might seem innocent on its own. However, when viewed holistically, where IP logs indicate that the two logins took place at the same time but Salesforce Login was from North America and the Microsoft Login was from Europe, it paints a different picture. This level of data and analysis is impossible to achieve without deep visibility and understanding of SaaS applications and user behavior. As the only SaaS Security company that integrates with more than 150 applications to cover all attack surfaces, Adaptive Shield’s engines cross-reference and analyze in-context suspicious events from multiple sources, enabling the accurate detection of sophisticated and subtle threats.
SSPM and ITDR are critical components of a successful SaaS security program. SSPM focuses on prevention, ensuring that settings are configured securely, identities have the right level of access, devices used to access the application are managed, and connected third-party apps are monitored and have an appropriate level of permissions. ITDR completes the security program, detecting threats that pop up from those accessing the application. Working together, they offer a powerful measure of prevention and detection.
The Ultimate SaaS Security Checklist 2025 Edition
Identity Threat Detection & Response: Solution Brief
Identity Threat Detection and Response (ITDR) – Rips in Your Identity Fabric
