Indeed Identity Threat Detection and Response (ITDR)

Main article: Security Information and Event Management (SIEM)

2025: Version 2.0 with Routing and Remote Access built-in

Indid On November 17, 2025, the company "" announced the release of Indeed Identity Threat Detection and Response (ITDR) 2.0, a product for timely detection and response to threats related to compromise of accounts. data

The number of attacks on identity is increasing annually. Countering these threats requires a comprehensive and proactive approach. Indeed ITDR is a solution that allows you to detect, deter and prevent attacks on identity in real time, reducing the risk of unauthorized access and compromise of IT resources.

Indeed ITDR continuously monitors the activity of user and service accounts, analyzing network interactions. If anomalies are detected, it can block suspicious actions and stop the development of the attack. The innovative technology integrates security directly into the infrastructure, providing multi-factor authentication for all compatible applications without installing additional agents on both client devices and applications themselves.

The first public version of Indeed ITDR 2.0 includes significant functionality that provides comprehensive protection for authentication and access control systems. This makes the product an important element of the comprehensive identity safety approach.

In particular, the system intercepts and analyzes network traffic redirected from domain controllers. To do this, use the built-in component of Windows Server - Routing and Remote Access. This approach makes it possible to analyze events and respond to them in real time without installing binary components on domain controllers and without modifying client devices or applications.

In addition, Indeed ITDR allows you to audit access requests, thanks to which SOC analysts and domain administrators can quickly investigate incidents, identify abnormal activities and control access policies. All authentication and resource access events are recorded in the request log. Records contain information about the user, resource, request source, protocol, and validation result.

Indeed ITDR is able to detect signs of attacks on various authentication protocols: kerberos, LDAP, providing protection for Active Directory-based domains. For example, detect a large range of threats and vulnerable configurations, including: Kerberos Weak/Unknown Encryption, Bruteforce, Password Spraying, Kerberoasting, AS-REP Roasting, Golden Ticket and others. When suspicious activity is detected, the system reacts in real time, preventing the development of an attack: it can block access or request an additional authentication factor. Blocking decisions are made based on rules including subject, protocol, resource, and IP address. Access policies allow you to implement the principle of least permissions, Conditional Access and multifactorial authentication. Push notification in the Indeed Key application is used as an additional factor.

Version 2.0 supports working with multiple domain controllers in different forests, applying uniform security policies. The incremental synchronization algorithm ensures the correct determination of accounts, and the health check mechanisms, automatic disabling of redirection in case of errors, switching to backup nodes and data storage in case of disconnection - fault tolerance and stable operation even in distributed infrastructures with limited connectivity.

Developing our portfolio, we primarily focus on customer needs and market needs. In conditions where compromising identity becomes one of the main vectors of attacks, we have created a solution of the ITDR class that can detect in real time characteristic sequences of events and patterns indicating their preparation or conduct. An important quality of Indeed ITDR is that it implements two key functions at the same time - detection and counteraction of threats, which allows not only to record incidents, but also to prevent their development in the early stages. Thus, the product provides information security professionals with tools to monitor, analyze and respond to threats, helping build a sustainable security system for credentials and access.