Identity-based cyberattacks have rapidly emerged as one of the most pressing security challenges facing organizations in 2024 and beyond. As digital transformation accelerates, shifting workforces to remote and hybrid models and driving deeper cloud adoption, the boundaries that once defined corporate security perimeters are dissolving. In their place, the user identity—represented by credentials, session tokens, and access permissions—has become the new front line, and for both attackers and defenders, the stakes have never been higher.
Today, attackers are increasingly bypassing traditional security controls by targeting identities instead of endpoints or networks. Huntress’s latest research, published in their 2025 Managed ITDR Report: Identity Is the New Security Perimeter, starkly outlines the scope of the problem: a staggering 67% of organizations have seen an uptick in identity-related incidents over the past three years. For over a third of respondents, identity-based threats now account for at least 40% of all reported security incidents.
This surge isn’t just a testament to attacker ingenuity—it’s a reflection of systemic changes in the threat landscape. The proliferation of cloud services, SaaS applications, and the normalization of bring-your-own-device policies have dramatically expanded the identity attack surface. As Huntress Chief Product Officer Prakash Ramamurthy observes, “Hackers are no longer wasting time breaking into networks the hard way. They’re logging in using stolen credentials, session cookies, and access tokens to bypass endpoint protection and exploit weak multi-factor authentication.”
This gap isn’t merely a technical failing; it carries tangible, often severe, business consequences. According to the research, almost a third of afflicted businesses suffered direct financial losses exceeding $100,000 due to identity-based breaches. These costs often snowball—incurring not just immediate remediation expenses, but also regulatory fines, reputational damage, and the long-term pain of lost trust.
Rogue applications typically slip beneath the radar by masquerading as legitimate integrations, requesting excessive permissions, or leveraging benign-seeming functionality to gain covert access to sensitive data. Once authorized, these apps can methodically exfiltrate information, hijack email flows, or escalate privilege without triggering standard alarms. The Huntress team’s identification of over 20 million OAuth applications—and their ability to pinpoint the most likely malicious actors with precision—underscores both the pervasiveness of the problem and the critical need for proactive defense.
Key to Huntress’s proposition is its industry-leading three-minute mean time to respond (MTTR), coupled with a low false positive rate—a crucial factor for security teams already besieged by alert fatigue. By rapidly identifying and acting on threats like phishing, Adversary-in-the-Middle (AitM) attacks, and account takeovers, the solution aims to neutralize attackers before escalation occurs.
Moreover, the combination of broad telemetry (from 1.8 million managed identities), precision analytics (distilling 20 million OAuth applications into actionable intelligence), and actionable reporting ensures that organizations of all sizes can understand and improve their identity security posture without needing a team of in-house experts.
At its core, Huntress’s revamped Managed ITDR platform doesn’t just react to today’s threats; it anticipates tomorrow’s. By harnessing broad telemetry, cloud-native vigilance, and actionable response capabilities, Huntress sets a high bar for what identity-first security can look like in 2024 and beyond. But success also depends on continuous innovation, strong ecosystem partnerships, and committed leadership—elements that must keep pace with the attacker’s relentless creativity.
For security leaders seeking to protect their organizations in this high-stakes, identity-first era, the message is clear: the threats are escalating, the window to respond is narrowing, and the defenders’ toolkit must evolve accordingly. With solutions like Huntress Managed ITDR, the foundations are being laid for a safer, smarter digital future—one where identity is not just a vulnerability, but a source of resilience and control.
Source: IT Security Guru Huntress Unveils Enhanced Identity Threat Detection & Response Solution as New Research Warns of Rising Identity-Based Attacks
Identity is the New Security Perimeter
Today, attackers are increasingly bypassing traditional security controls by targeting identities instead of endpoints or networks. Huntress’s latest research, published in their 2025 Managed ITDR Report: Identity Is the New Security Perimeter, starkly outlines the scope of the problem: a staggering 67% of organizations have seen an uptick in identity-related incidents over the past three years. For over a third of respondents, identity-based threats now account for at least 40% of all reported security incidents.This surge isn’t just a testament to attacker ingenuity—it’s a reflection of systemic changes in the threat landscape. The proliferation of cloud services, SaaS applications, and the normalization of bring-your-own-device policies have dramatically expanded the identity attack surface. As Huntress Chief Product Officer Prakash Ramamurthy observes, “Hackers are no longer wasting time breaking into networks the hard way. They’re logging in using stolen credentials, session cookies, and access tokens to bypass endpoint protection and exploit weak multi-factor authentication.”
The Harsh Reality: Slow Detection and High Cost
One of the most alarming findings from Huntress’s UserEvidence-backed survey of over 600 IT and security professionals is the sluggish pace at which most organizations detect and respond to identity-based incidents. Over half of the survey participants admitted it commonly takes hours to detect these attacks, while nearly 70% struggle to respond before adversaries have established a foothold within their systems.This gap isn’t merely a technical failing; it carries tangible, often severe, business consequences. According to the research, almost a third of afflicted businesses suffered direct financial losses exceeding $100,000 due to identity-based breaches. These costs often snowball—incurring not just immediate remediation expenses, but also regulatory fines, reputational damage, and the long-term pain of lost trust.
Rogue Applications: The Silent Threat Within
Perhaps the most eye-opening insight from Huntress’s new report revolves around the threat posed by rogue or malicious applications—particularly those exploiting OAuth protocols in environments like Microsoft 365. Forty-five percent of organizations encountered at least one rogue app in the past year, with nearly half flagging this vector as a top security concern.Rogue applications typically slip beneath the radar by masquerading as legitimate integrations, requesting excessive permissions, or leveraging benign-seeming functionality to gain covert access to sensitive data. Once authorized, these apps can methodically exfiltrate information, hijack email flows, or escalate privilege without triggering standard alarms. The Huntress team’s identification of over 20 million OAuth applications—and their ability to pinpoint the most likely malicious actors with precision—underscores both the pervasiveness of the problem and the critical need for proactive defense.
Managed ITDR: A New Weapon for a New Era
Huntress’s response is its enhanced Managed Identity Threat Detection and Response (ITDR) solution, which offers “always-on” protection specifically designed to dismantle hacker identity tradecraft. According to Huntress, the ITDR platform is already safeguarding 1.8 million identities and has disrupted more than 28,000 identity attacks in the past six months alone.Key to Huntress’s proposition is its industry-leading three-minute mean time to respond (MTTR), coupled with a low false positive rate—a crucial factor for security teams already besieged by alert fatigue. By rapidly identifying and acting on threats like phishing, Adversary-in-the-Middle (AitM) attacks, and account takeovers, the solution aims to neutralize attackers before escalation occurs.
Rogue Apps Protection
In a first for the industry, Huntress has equipped its platform with the ability to proactively defend against malicious OAuth application threats. The Rogue Apps module continuously scans Microsoft 365 environments, actively detects risky or nefarious OAuth apps, and provides straightforward, actionable remediation steps for IT teams. This capability closes a critical gap in most organizations’ defensive postures, which have hitherto relied on reactive or manual processes ill-suited to the pace and stealth of modern attacks.Unwanted Access Detection
Recognizing that not all threats originate from malware or external compromise, Huntress’s Unwanted Access feature monitors for unusual login behaviors, suspicious location or VPN patterns, and other anomalous activity indicative of session hijacking or credential theft. When such events are detected, the system triggers swift isolation procedures to contain damage and protect the integrity of the organization’s identity estate.Shadow Workflows: Countering Business Email Compromise
Business email compromise (BEC) attacks and internal data theft often exploit inbox rules, mail forwarding, or shadow IT workflows to siphon off sensitive information. Huntress’s new Shadow Workflows tool is purpose-built to detect these subtle manipulations, alerting administrators to malicious rule creations and setting the stage for the next wave of outbound phishing detection capabilities already scheduled for Q2.Critical Analysis: Strengths and Shortcomings
Unmatched Visibility and Proactivity
Huntress’s approach is rooted in continuous, automated monitoring—a crucial advantage given the sheer scale and speed of modern identity attacks. By focusing on real-time detection, isolating compromised identities, and neutralizing threats within minutes, the platform obviates the need for retrospective investigations that often leave organizations chasing shadows.Moreover, the combination of broad telemetry (from 1.8 million managed identities), precision analytics (distilling 20 million OAuth applications into actionable intelligence), and actionable reporting ensures that organizations of all sizes can understand and improve their identity security posture without needing a team of in-house experts.
Democratizing Enterprise-Grade Protection
Perhaps one of Huntress’s most notable strategic moves is the focus on affordability and accessibility. As Ryan Rowbottom of PCS notes, the pricing model ensures that robust identity protection is not just the domain of Fortune 500 companies, but is within reach for small and midsize businesses—entities frequently targeted precisely because attackers assume they can’t afford sophisticated defense.Ecosystem-Oriented, But Not Yet Fully Cross-Platform
While Huntress’s solution provides deep integration and threat coverage for the Microsoft 365 ecosystem—a dominant SaaS and productivity platform—questions remain about comprehensive protection for organizations running mixed environments. IT security leaders should consider whether comparable coverage is available for Google Workspace, AWS IAM, and other federated cloud identity systems, or if additional tooling will be needed to close any residual gaps.Mitigating False Positives and Alert Fatigue
A perennial challenge for any security platform with automated response capabilities is the management of false positives. Huntress’s emphasis on a low false positive rate is encouraging, yet, as attack tactics evolve and legitimate user behavior grows more complex, ongoing tuning and feedback loops will be essential to maintain both efficacy and the confidence of IT teams.Future-Proofing Against Evolutionary Tactics
Attackers are remarkably adaptive—constantly inventing new ways to exploit human trust, procedural gaps, or nascent cloud technologies. Huntress’s roadmap, including planned enhancements to outbound phishing campaign detection, signals a recognition of this reality. The company’s willingness to publish timely research and adjust its product trajectory based on emerging field intelligence should reassure existing customers and prospective buyers alike.Industry Implications and Emerging Best Practices
The pivot to identity-centric defense strategies is now an operational necessity, not an aspirational goal. For organizations at any stage of digital transformation, several best practices emerge from the latest Huntress research and enhancements:- Treat identity as the new endpoint: Adopt a threat model that prioritizes the monitoring and protection of user accounts, access tokens, and permissioned applications as aggressively as traditional endpoints and servers.
- Automate what you can, but verify everything: Leverage automated ITDR tools for rapid detection and response, while maintaining oversight and regular review of privileges, shadow assets, and third-party integrations.
- Continuously educate and empower users: Human error remains a leading cause of credential compromise. Regular training, phishing simulations, and clear policies around app authorizations can help shrink the attack surface.
- Regularly audit OAuth permissions and connected apps: Given the demonstrated prevalence of rogue applications, organizations must go beyond baseline SaaS security to pinpoint excessive permissions and remove unnecessary integrations.
- Prioritize rapid containment: Reduction in dwell time—the period between compromise and detection/response—directly correlates to smaller breach impacts and faster recovery.
Looking Ahead: Identity-First Security in Practice
The battle for the modern enterprise is now fought on the shifting ground of identity. As Huntress and other forward-thinking vendors retool their offerings, the days of static, perimeter-centric security architectures are fading into obsolescence. Success will go to those who move fastest—not just in detecting attacks, but in neutralizing them before threat actors establish persistence.At its core, Huntress’s revamped Managed ITDR platform doesn’t just react to today’s threats; it anticipates tomorrow’s. By harnessing broad telemetry, cloud-native vigilance, and actionable response capabilities, Huntress sets a high bar for what identity-first security can look like in 2024 and beyond. But success also depends on continuous innovation, strong ecosystem partnerships, and committed leadership—elements that must keep pace with the attacker’s relentless creativity.
For security leaders seeking to protect their organizations in this high-stakes, identity-first era, the message is clear: the threats are escalating, the window to respond is narrowing, and the defenders’ toolkit must evolve accordingly. With solutions like Huntress Managed ITDR, the foundations are being laid for a safer, smarter digital future—one where identity is not just a vulnerability, but a source of resilience and control.
Source: IT Security Guru Huntress Unveils Enhanced Identity Threat Detection & Response Solution as New Research Warns of Rising Identity-Based Attacks
