Why are organizations struggling to adopt identity threat detection and response?

In Aliso Viejo, California, on December 4, 2024, Quest Software, a leading provider of systems management and security software, revealed findings regarding the rising adoption of Identity Threat Detection and Response (ITDR). The popularity of ITDR is driven by the urgent need for organizations to defend against an increasing number of identity-based attacks, specifically targeting infrastructure such as Microsoft Active Directory and Entra ID, which are utilized by over 90% of businesses, according to Gartner. With the rise of these threats, organizations recognize ITDR as a critical framework for preventing, detecting, investigating, and responding to identity threats, which have become the new perimeter in cybersecurity efforts. Despite the increasing attention given to ITDR, many organizations encounter significant challenges during implementation. The survey identified major hurdles, including integration with existing systems, budget constraints, and a lack of expertise in identity management practices. Specifically, 69% of respondents cited integration issues, while 61% mentioned insufficient budget as a barrier to adopting ITDR, and 59% indicated they lack the necessary expertise in this area. These constraints are exacerbated by a general underestimation of the importance of identity threat prevention and response, resulting in minimal focus from internal Identity and Access Management (IAM) teams on ITDR initiatives. Only half of the organizations surveyed implement an identity infrastructure security solution, and a mere 31% actively test their identity disaster recovery plans. Furthermore, only 34% of companies have access management teams primarily responsible for ITDR efforts. A significant number of organizations also expressed that their executives do not fully understand the business case for ITDR, leading to inadequate financial support. One study participant noted that their leadership considers multifactor authentication sufficient, misunderstanding the broader scope of ITDR, which encompasses comprehensive identity security beyond just general access management. Due to these factors, education on the importance of ITDR is paramount, involving efforts to ensure that identity and security teams receive the attention and funding necessary for effective implementation. The need for organizations to actively engage with experts and resources is further emphasized by Quest Software's involvement in the upcoming Gartner Identity and Access Management Summit, which will address these pertinent topics and discuss strategies for integrating ITDR within existing frameworks, particularly through best practices associated with Active Directory. Ultimately, the goal is to enhance organizations' defense capabilities and resilience against evolving identity threats.