This month our CISO was made aware of a new acronym..... ITDR and now I've been tasked with identifying who provides "ITDR" *sigh* to that end I found CrowdStrike Identity and the Identity module.

However, we are not a CrowdStrike customer yet (Windows Defender - Ex licenses), but the identity module looks like it may cover some aspects of what we are looking for, can anyone confirm:

• detecting password/brute force spray attacks

• auto remediation of attacks if successful i.e. reset passwords/disable account

• detecting of kerberoasting or suspicious attacks leading to kerberoasting attacks

• mfa step up for anomalous type logons (i've seen this in a youtube video) - but what MFA providers?

• block authentication from non-domain joined devices (i.e employees tryin to use own devices)

• can you buy just "identity"?

Does Identity (or is there another module) that does anything similar to pingcastle to look at "identity security weaknesses", I did notice they partner with Trimarc who have their own tool for this?

Is there anyway to identify if a compromised account made any changes inside Entra or AD? Did they reset passwords, implant backdoors?

We are not yet at the demo/trial stage just looking at who offers what and then will narrow it down for some kind of comparison (we are not adverse to moving from Defender...)

Sorry for so many questions if anyone can help answer any of these it would be much appreciated.

Like the title says. How many of you are using it, how well has it worked for you? What problems have you had?

Edit: how long has Crowdstrike had the identity product?