Identity Threat Detection and Response (ITDR) has quickly emerged as the next frontier of identity security. As attackers increasingly exploit legitimate credentials, tokens, and federated trust paths, traditional IAM controls, even those within mature Zero Trust frameworks, often fail to detect subtle identity misuse until it’s too late.

In this session, Hutch explores how organizations can extend their IAM foundations into a true identity security operations capability, blending signals from IAM, EDR, SIEM, and cloud platforms to identify and respond to identity-based threats in real time. Attendees will learn how to recognize early indicators of compromise within authentication, authorization, and privilege escalation flows and how to operationalize ITDR without waiting for a major vendor or product release.

Drawing on real-world scenarios and implementation lessons, Hutch outlines a practical roadmap for detecting and containing identity attacks before they evolve into full-scale breaches.

Key Takeaways

• Understand what Identity Threat Detection and Response (ITDR) is — and how it complements IAM, IGA, and Zero Trust programs.
• Learn the critical telemetry sources and detection logic required to identify identity abuse across cloud and hybrid environments.
• Explore a reference architecture for integrating ITDR into existing SOC workflows and incident response playbooks.
• See real-world attack paths and detections, including MFA fatigue, token replay, and conditional access bypass attempts.
• Gain a practical maturity roadmap for moving from identity visibility to proactive identity defense.