This site is part of the Informa Connect Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

The MSP Summit
Sept 28-30, 2026
Loews Royal PacificOrlando, FL
Register
Menu
Register
ThreatDown Adds ITDR to MDR, EDR Platforms
By Dave RaffoShareshare

ThreatDown, which has been revamping its channel organization over the past nine months, has added an Identity Threat Detection and Response (ITDR) product to its security portfolio.

ThreatDown ITDR helps security teams monitor identities to detect suspicious activity, misconfigurations, and active attacks targeting user accounts and privileges. It is available through MSPs and other partners as an integration with ThreatDown EDR and MDR platforms or can be used as a standalone product. ITDR delivers endpoint-to-identity visibility and proactive attack path hardening. It also includes native integrations for Microsoft Entra ID, Okta, and Active Directory.

ThreatDown, the former corporate business unit of Malwarebytes, is powered by Malwarebytes technology.

ThreatDown GM Kendra Krause said identity protection is a logical addition to ThreatDown’s EDR and MDR products because attackers are increasingly using credentials as entry points in data breaches. They can log in with valid stolen credentials to bypass IAM and MFA. ThreatDown ITDR monitors identity activity across Active Directory, Entra ID, and Okta and correlates it with endpoint telemetry to detect attacks that unfold after authentication.

“Identity is becoming the number one source for where hackers are getting into the networks,” Krause said. “They’re stealing identities and credentials, so this expands that reach of detections to be able to look across identity and find those breaches much faster. Now you're not only looking at your detections across your endpoint, but across identity. Or you can buy it in our managed detection and response services and add it on.”

With ITDR, ThreatDown is introducing the Ultimate MDR Plus offering. Ultimate MDR Plus is a premium bundle combining ITDR, an enhanced MDR Plus service, and Premium Support in a single SKU.

Kendra Krause

How AI Fits Into ITDR, MSPs

Like most cybersecurity vendors now, ThreatDown incorporates AI to help thwart attackers who are also using AI. Krause said ThreatDown’s AI can detect every point of intrusion.

“One of the elements that we are working on is giving end customers visibility into the AI tools they’re using,” she said. “Obviously the endpoint vendors out there are really critical in being able to provide this, because they can see the most information on what AI tools are being used across the network.”

She said AI can also become a huge selling point for MSPs.

“I kept hearing that end customers are looking to MSPs to help them figure out how to use AI internally and how to be more efficient,” Krause said “Everyone's trying to figure it out for themselves. And I think that’s interesting, because that's not a typical role of an MSP. But the MSPs that can figure out how to advise their customers on that are going to become really, really important and successful.”

ThreatDown Pledges No Direct Deals

Krause joined ThreatDown from Sophos last July. She has realigned ThreatDown’s channel teams and regions, giving all partners a channel field manager, an MSP account manager and customer success manager. ThreatDown also added new rebates and market development funds to support partner-led growth. Krause said all ThreatDown’s new business goes through the channel.

“Everything we do is with the channel,” Krause said. “I believe how you manage your deal registration and hold to your rules is what makes a company stand out. And I am a very, very strong believer in always holding to our deal registration rules. We're not taking deals direct. That’s what brings trust back and forth between the channel partners and us.”



cybersecurity