* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* Detection and Response fo...

# Detection and Response for Identity Threats

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fdetection-and-response-for-identity-threats%2F)  
[](https://twitter.com/share?text=Detection+and+Response+for+Identity+Threats&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fdetection-and-response-for-identity-threats%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fdetection-and-response-for-identity-threats%2F&title=Detection+and+Response+for+Identity+Threats&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/detection-and-response-for-identity-threats/&ts=markdown)  
\[\](mailto:?subject=Detection and Response for Identity Threats)  
Link copied  
By [Greg Smith](https://www.paloaltonetworks.com/blog/author/greg-smith/?ts=markdown "Posts by Greg Smith")  
Mar 10, 2023  
4 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[AI](https://www.paloaltonetworks.com/blog/tag/ai/?ts=markdown)  
[Automation](https://www.paloaltonetworks.com/blog/tag/automation/?ts=markdown)  
[Cortex XSIAM](https://www.paloaltonetworks.com/blog/tag/cortex-xsiam/?ts=markdown)  
[data](https://www.paloaltonetworks.com/blog/tag/data/?ts=markdown)  
[Data Analytics](https://www.paloaltonetworks.com/blog/tag/data-analytics/?ts=markdown)  
[Identity Threat](https://www.paloaltonetworks.com/blog/tag/identity-threat/?ts=markdown)  
[Insider Risk Analytics](https://www.paloaltonetworks.com/blog/tag/insider-risk-analytics/?ts=markdown)  
[Machine Learning](https://www.paloaltonetworks.com/blog/tag/machine-learning/?ts=markdown)  
[ML](https://www.paloaltonetworks.com/blog/tag/ml-2/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/tag/product-features/?ts=markdown)  
[Security Automation](https://www.paloaltonetworks.com/blog/tag/security-automation/?ts=markdown)  
[UEBA](https://www.paloaltonetworks.com/blog/tag/ueba/?ts=markdown)  
[user behavior analytics](https://www.paloaltonetworks.com/blog/tag/user-behavior-analytics/?ts=markdown)  
[XDR](https://www.paloaltonetworks.com/blog/tag/xdr/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/security-operations/detection-and-response-for-identity-threats/?lang=ja "Switch to Japanese(日本語)")

The common assumption in security is that threats come from the outside. However, as outer defenses became more difficult to breach, malicious actors began targeting the humans on the inside, giving rise to two significant threat vectors: identity threats and malicious insiders.

### **What are Identity-Based Threats?**

Identity threats involve unauthorized access to user accounts, while malicious insiders are individuals who abuse their authorized access to conduct fraudulent or illegal activities. Organizations expect modern threat detection solutions to deliver identity and behavioral based threat detection, seamlessly, in order to detect covert security threats. Unfortunately, Identity threat detection is extremely challenging because in both cases the threat actors are using legitimate credentialed access.

Insider threat, behavioral and identity threat detection are often separately addressed by disparate solutions that are not well integrated.

* **Lack of threat and data science expertise** leads to security analytics unable to get ahead of threats
* **Overconfidence in identity solutions** can give a false sense of security while threat actors operate undetected
* **Insider threat continues to be one of the hardest security outcomes**to address because a trusted insider is authorized and authenticated

Traditional security approaches are insufficient to protect against these threats, and organizations require special learning algorithms to accurately identify and respond to potential threats.

### **Introducing Cortex Identity Threat Detection and Response Module**

Built from the ground up, the Cortex Identity Threat Detection and Response Module provides proactive protection against identity-related threats. By leveraging the power of AI and automation, the module provides advanced detection capabilities that enable organizations to quickly identify, investigate, and ultimately respond to identity threats.

The new module empowers our customers to:

* **Combine the detection capabilities** of Identity Threat Detection and Response (ITDR) with analytical and risk based detections and [user and entity behavior analytics](https://www.paloaltonetworks.com/cyberpedia/what-is-ueba) (UEBA)
  * Reduce a disparate technology stack and lower cost.
  * Replace existing UEBA capabilities.
  * Replace some ITDR vendor capabilities.
* **Eliminate the need for internal advanced detection engineering** to support complex analytic and risk-based detection.
  * Take advantage of Unit 42 and Cortex research driving analytic detections.
  * No longer require long-term maintenance by folks on staff.
  * Offload complicated and prolonged security research activities and let your internal teams focus on what really matters.
* **Risk-based profiles help focus investigations** on the higher priority incidents.
  * Deliver valuable insights via peer grouping and show users' and hosts' historical trends and patterns.
  * Gain automated insights from designated classification analytics based on the applied data sources.
  * Replace risk profiling and peer grouping found in adjacent solutions today.
* **Faster detection and response** for historically challenging security outcomes.
  * Deliver out-of-the-box detection analytics designed to uncover the stealthiest threat vectors, such as compromised accounts and insider threats.
  * Automatically apply learnings from your environment to pinpoint suspicious events that deviate from baselines.
* **Continuous monitoring and safety net** for authentication and identity solution failures.
  * Support ZTNA architectures to extend capabilities and detect violations of trust.

The new Identity Threat Detection and Response Module provides protection for identity threats earlier in the kill chain. By combining this with the advanced detection capabilities of Identity Analytics, Cortex delivers superior protection against identity-related threats across the attack lifecycle., reducing the risk of data breaches and other security incidents.
![Figure 1: High-level oriented dashboards providing risk statistics and trends](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/03/word-image-180879-1.png)
Figure 1: High-level oriented dashboards providing risk statistics and trends

### **The Cortex Identity Threat Detection and Response Module is Available for Both Cortex XSIAM and Cortex XDR**

With the launch of [Cortex XSIAM 1.4](https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Release-Notes) and [XDR 3.6](https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Release-Notes) we continue to advance our mission to help customers protect their organization. The new advanced Identity Threat Module from Cortex XSIAM and XDR provides proactive coverage for stealthy identity threat vectors, including compromised accounts and insider threats, allowing you to protect your organization without slowing down the business.

Connect with your account manager to set up a demo to see this module in action.

Learn more about this module. Read the [***Cortex Identity Threat Detection and Response Module Solution Brief***](https://www.paloaltonetworks.com/resources/techbriefs/identity-threat-detection-and-response-module)today!

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### What's Next in Cortex - Expanded Visibility and Enhanced Protections with Latest Cortex Innovations](https://www2.paloaltonetworks.com/blog/security-operations/whats-next-in-cortex-expanded-visibility-and-enhanced-protections-with-latest-cortex-innovations/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)

[#### Made for Taiwan: New Palo Alto Networks Cloud Location Includes Cortex](https://www2.paloaltonetworks.com/blog/security-operations/made-for-taiwan-new-palo-alto-networks-cloud-location-includes-cortex/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Understand and Protect Your Environment with Cortex 3.7](https://www2.paloaltonetworks.com/blog/security-operations/understand-and-protect-your-environment-with-cortex-3-7/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### What's Next with Cortex](https://www2.paloaltonetworks.com/blog/2023/03/whats-next-in-cortex/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### NL2XQL: Turning Natural Language into Powerful Cybersecurity Querying](https://www2.paloaltonetworks.com/blog/security-operations/nl2xql-turning-natural-language-into-powerful-cybersecurity-querying/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### The Role of AI in Reshaping Cybersecurity Careers](https://www2.paloaltonetworks.com/blog/security-operations/the-role-of-ai-in-reshaping-cybersecurity-careers/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language