Identity‑Driven Attacks Are Forcing MDR Upstream — But Many ITDR Tools Aren’t Built For The Midmarket

For midmarket IT leaders, the takeaway isn’t that identity threats are new, but now, the way they are handled is changing

As organizations deploy more automated systems and service accounts, identity security has come under scrutiny as credential-based attacks grow more sophisticated and become more frequent.

Why MDR And Identity Security Are Colliding

In response, more identity threat and detection response (ITDR) solutions are integrating managed detection and response (MDR) capabilities into their offerings.

Analyst reports from firms including Gartner and IDC have noted particularly strong MDR uptake among midmarket organizations facing security talent shortages.

As MDR becomes more integrated into ITDR platforms, there are concerns that many ITDR solutions are often too big for midmarket organizations – creating a gap in the market.

“While enterprises often have the budgets and teams to implement full-scale ITDR solutions, mid-market organizations face a different set of challenges. They are just as vulnerable to identity threats but often lack the financial resources and technical expertise to deploy and manage complex ITDR platforms,” read one industry report from Verosint.

“Many cybercriminals are realizing that mid-market companies lack sufficient security resources and are now actively targeting them as well,” the report cautions.

Many identity threat detection platforms were designed for large security operations teams with the time and staff to tune complex alerts, said Kendra Krause, general manager at ThreatDown, in a statement to MES Computing.

The company built its ITDR capability with a focus, it said, on resource-constrained environments using an interface that includes guided response playbooks and one‑click recommendations instead of requiring dedicated identity specialists.

ThreatDown, which emerged from Malwarebytes’ business unit as part of a broader rebrand in 2023, is extending its MDR platform into identity monitoring as credential‑based attacks increasingly bypass perimeter defenses.

This week, the company announced the launch of its own identity threat detection and response platform. ThreatDown said in a press release that its new ITDR offering supports native integrations with Microsoft Entra ID, Okta, and Active Directory.

Krause said the key difference with ThreatDown’s ITDR is operational, not conceptual.

While many ITDR tools add another layer of alerts for security teams to manage, ThreatDown’s approach ties identity events directly into existing EDR and MDR workflows. “Security teams get a unified attack solution without having to pivot between consoles or deploy additional agents,” she said, adding that managed MDR services can take over identity monitoring when internal teams lack 24/7 coverage

“Most ITDR products assume enterprise‑level resources,” said Kendra Krause, general manager at ThreatDown. “We built ITDR for teams that need guided response and unified visibility without adding more tools or specialists.”

Krause also spoke about the shifting identity threat landscape.

“Attackers have shifted from breaking in to logging in, which means the most dangerous activity now happens after authentication,” she added.

For midmarket IT leaders, the takeaway isn’t that identity threats are new, but now, the way they are handled is changing. As MDR becomes embedded into identity security platforms, the question is shifting from “Can we detect identity abuse?” to “Can we actually respond to it with the resources we have?” In that context, the growing gap between enterprise‑designed tools and midmarket operational reality may shape which ITDR approaches gain traction next.