Huntress expands ITDR capabilities to combat credential theft and BEC

Cybersecurity outfit Huntress, known for its threat detection solutions, has announced expanding identity-specific offerings–including protection from credential theft and business email compromise (BEC)–on its existing managed identity threat detection and response (ITDR) offering.

Announced on the first day of the RSA conference 2025, the enhancements are aimed at equipping organizations with proper tooling to defend against the growing threat of identity-based attacks.

“We’ve expanded our Managed Identity Threat Detection and Response (ITDR) capabilities to stop credential theft, session hijacking, and VPN and location-based anomalies before they escalate,” said Prakash Ramamurthy, chief product officer at Huntress. “Our Unwanted Access technology monitors for suspicious login behaviors, detects anomalies like unexpected VPN use or impossible travel, and isolates compromised identities in real time.”

“Unwanted Access” is among the multiple capabilities added on Huntress ITDR, an offering launched in November 2023 to safeguard Microsoft 365 environments against identity-based threats like credential theft and BEC.

Detection for Rogue Applications added

Huntress told CSO that they have observed the majority of identity abuses coming >from rogue and/or malicious applications in the past year. These applications refer to the ones designed by attackers to exploit Microsoft’s OAuth protocol to gain unauthorized access to sensitive environments.

Detecting and removing these rogue applications is another upgrade ITDR received.

“Our Rogue Apps detection engine works by continuously analyzing OAuth application metadata across our customer base (over 20 million apps so far) using a combination of behavioral analysis, permission profiling, anomaly detection, and threat intelligence enrichment,” Ramamurthy said. “We look for rare or over-privileged applications, suspicious publisher behaviors, and uncommon consent patterns that attackers use to hide in plain sight.”

Once a detection is made, Huntress’ ITDR will provide customers with “clear, actionable steps to remove malicious apps,” he said, adding that the solution has already test-caught more than 7000 rogue applications with a false positive rate of 4%.

Additionally, the ITDR will have a “Shadow Workflows” offering focused on monitoring and detecting malicious inbox and forwarding rules for protecting emails from BEC scams.

Huntress SIEM is now generally available

Huntress also announced the general availability of its managed security information and event management (SIEM) solution, with new integrations for log sources and expanded compliance capabilities.

“Organizations rely on SIEMs to neutralize threats earlier in the attack chain as well as to support their compliance obligations, and to do this, SIEMs need access to security-relevant data from a wide variety of sources,” said Chris Bisnett, CTO and Co-Founder at Huntress. “Huntress has expanded our integrations for the majority of technologies our customers and partners use across systems such as firewalls, password management, and identity.” 

A capability fully managed by Huntress’ security operations center (SOC), Huntress’ SIEM is adding 20+ new integrations, including brands like 1Password, Keeper Security, Fortinet, Palo Alto Networks, pfSense, SonicWall, Sophos, Ubiquiti, WatchGuard, Barracuda Networks, LastPass, DNSFilter, and CloudGen.

Huntress believes the SIEM being fully integrated and managed by its SOC is an added value to its customers, especially because offerings without the combined technology and services often face challenges.

“When the technology and SOC are not treated as one (or worse yet, the SOC utilizes a third-party technology), it introduces delays and unnecessary risk,” Bisnett noted. “At Huntress, the same team that finds the early indicators is the same team that creates and deploys the vaccination. There’s no waiting for another vendor to address this in their product.”

Huntress managed SIEM has had a limited run through a six-month early availability during which it has already picked up nearly 1000 customers, Bisnett added.