{"id":2986,"date":"2025-04-29T15:00:00","date_gmt":"2025-04-29T15:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2986"},"modified":"2025-04-29T15:00:00","modified_gmt":"2025-04-29T15:00:00","slug":"huntress-expands-itdr-capabilities-to-combat-credential-theft-and-bec","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2986","title":{"rendered":"Huntress expands ITDR capabilities to combat credential theft and BEC"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Cybersecurity outfit Huntress, known for its threat detection solutions, has announced expanding identity-specific offerings\u2013including protection from credential theft and business email compromise (BEC)\u2013on its existing managed identity threat detection and response (ITDR) offering.<\/p>\n<p>Announced on the first day of the <a href=\"https:\/\/www.csoonline.com\/article\/3965415\/10-key-questions-security-leaders-must-ask-at-rsa-2025.html\">RSA conference 2025<\/a>, the enhancements are aimed at equipping organizations with proper tooling to defend against the growing threat of identity-based attacks.<\/p>\n<h5 class=\"wp-block-heading\"><strong>[ Related: <a href=\"https:\/\/www.csoonline.com\/article\/3972623\/rsa-conference-2025-news-and-analysis.html\">RSA Conference 2025: News and insights<\/a> ]<\/strong><\/h5>\n<p>\u201cWe\u2019ve expanded our Managed Identity Threat Detection and Response (ITDR) capabilities to stop credential theft, session hijacking, and VPN and location-based anomalies before they escalate,\u201d said Prakash Ramamurthy, chief product officer at Huntress. \u201cOur Unwanted Access technology monitors for suspicious login behaviors, detects anomalies like unexpected VPN use or impossible travel, and isolates compromised identities in real time.\u201d<\/p>\n<p>\u201cUnwanted Access\u201d is among the multiple capabilities added on Huntress ITDR, an offering launched in November 2023 to safeguard Microsoft 365 environments against identity-based threats like credential theft and BEC.<\/p>\n<h2 class=\"wp-block-heading\"><a><\/a>Detection for Rogue Applications added<\/h2>\n<p>Huntress told CSO that they have observed the majority of identity abuses coming &gt;from<a href=\"https:\/\/www.huntress.com\/resources\/managed-itdr-report-2025?utm_source=pr_media&amp;utm_medium=press_release&amp;utm_campaign=CY25-04-CAMP-ITDR-Global-Broad-All-x-Managed_ITDR_Launch\" target=\"_blank\" rel=\"noopener\">\u00a0rogue<\/a><a href=\"https:\/\/www.huntress.com\/resources\/managed-itdr-report-2025?utm_source=pr_media&amp;utm_medium=press_release&amp;utm_campaign=CY25-04-CAMP-ITDR-Global-Broad-All-x-Managed_ITDR_Launch\"> and\/or malicious applications<\/a> in the past year. These applications refer to the ones designed by attackers to exploit Microsoft\u2019s OAuth protocol to gain unauthorized access to sensitive environments.<\/p>\n<p>Detecting and removing these rogue applications is another upgrade ITDR received.<\/p>\n<p>\u201cOur Rogue Apps detection engine works by continuously analyzing OAuth application metadata across our customer base (over 20 million apps so far) using a combination of behavioral analysis, permission profiling, anomaly detection, and threat intelligence enrichment,\u201d Ramamurthy said. \u201cWe look for rare or over-privileged applications, suspicious publisher behaviors, and uncommon consent patterns that attackers use to hide in plain sight.\u201d<\/p>\n<p>Once a detection is made, Huntress\u2019 ITDR will provide customers with \u201cclear, actionable steps to remove malicious apps,\u201d he said, adding that the solution has already test-caught more than 7000 rogue applications with a false positive rate of 4%.<\/p>\n<p>Additionally, the ITDR will have a \u201cShadow Workflows\u201d offering focused on monitoring and detecting malicious inbox and forwarding rules for protecting emails from BEC scams.<\/p>\n<h2 class=\"wp-block-heading\"><a><\/a>Huntress SIEM is now generally available<\/h2>\n<p>Huntress also announced the general availability of its managed security information and event management (<a href=\"https:\/\/www.csoonline.com\/article\/524286\/what-is-siem-security-information-and-event-management-explained.html\">SIEM<\/a>) solution, with new integrations for log sources and expanded compliance capabilities.<\/p>\n<p>\u201cOrganizations rely on SIEMs to neutralize threats earlier in the attack chain as well as to support their compliance obligations, and to do this, SIEMs need access to security-relevant data from a wide variety of sources,\u201d said Chris Bisnett, CTO and Co-Founder at Huntress. \u201cHuntress has expanded our integrations for the majority of technologies our customers and partners use across systems such as firewalls, password management, and identity.\u201d\u00a0<\/p>\n<p>A capability fully managed by Huntress\u2019 security operations center (SOC), Huntress\u2019 SIEM is adding 20+ new integrations, including brands like 1Password, Keeper Security, Fortinet, Palo Alto Networks, pfSense, SonicWall, Sophos, Ubiquiti, WatchGuard, Barracuda Networks, LastPass, DNSFilter, and CloudGen.<\/p>\n<p>Huntress believes the SIEM being fully integrated and managed by its SOC is an added value to its customers, especially because offerings without the combined technology and services often face challenges.<\/p>\n<p>\u201cWhen the technology and SOC are not treated as one (or worse yet, the SOC utilizes a third-party technology), it introduces delays and unnecessary risk,\u201d Bisnett noted. \u201cAt Huntress, the same team that finds the early indicators is the same team that creates and deploys the vaccination. There\u2019s no waiting for another vendor to address this in their product.\u201d<\/p>\n<p>Huntress managed SIEM has had a limited run through a six-month early availability during which it has already picked up nearly 1000 customers, Bisnett added.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Cybersecurity outfit Huntress, known for its threat detection solutions, has announced expanding identity-specific offerings\u2013including protection from credential theft and business email compromise (BEC)\u2013on its existing managed identity threat detection and response (ITDR) offering. Announced on the first day of the RSA conference 2025, the enhancements are aimed at equipping organizations with proper tooling to defend [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":2950,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2986","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2986"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2986"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2986\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2950"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2986"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2986"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2986"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}