{"id":15943,"date":"2026-02-07T15:46:28","date_gmt":"2026-02-07T02:46:28","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=15943"},"modified":"2026-02-07T15:46:28","modified_gmt":"2026-02-07T02:46:28","slug":"beyond-endpoint-protection-what-is-itdr","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=15943","title":{"rendered":"Beyond Endpoint Protection – What is ITDR?"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

Your Microsoft 365 environment is where your business happens. It’s also where attackers want to be.<\/p>\n

Most New Zealand businesses have invested in endpoint protection such as antivirus, EDR, or even MDR, but are they leaving a critical attack surface completely exposed: their identities?<\/p>\n

Identity Threat Detection and Response (ITDR) for Microsoft 36<\/strong>5 represents the next frontier in business security, protecting the credentials, sessions, and access patterns that traditional endpoint security tools simply cannot see.<\/p>\n

The Identity Attack Surface<\/h2>\n

Microsoft’s Digital Defense Report 2024<\/a> reveals a staggering 600 million identity attacks every single day. These aren’t attacks against devices\u2014they’re attacks against the people and service accounts that access your Microsoft 365 environment.\u00a0 That will only have inreased in the year since that report was published.<\/p>\n

Business Email Compromise (BEC) alone represents a $50 billion problem according to the FBI’s Internet Crime Complaint Center. Yet most businesses remain focused exclusively on protecting devices while their identities remain vulnerable.<\/p>\n

Here’s why identity attacks are so effective: they don’t need to break through firewalls or bypass antivirus. They simply use legitimate credentials to walk right through the front door.<\/strong><\/p>\n

\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_3,1_3,1_3″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”1_3″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.5″ _module_preset=”default” custom_padding=”10px|10px|10px|10px|false|false” border_width_all=”1px” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

What ITDR for Microsoft 365 Actually Does<\/h3>\n

ITDR solutions monitor your Microsoft 365 environment for identity-based threats that endpoint security tools cannot detect. These include session hijacking, credential theft, malicious inbox and forwarding rules, and account takeover attempts.<\/p>\n

Leading ITDR platforms provide several critical capabilities:<\/p>\n

24\/7 Identity Monitoring<\/strong>: Continuous surveillance of all authentication attempts, login patterns, and user behavior across your Microsoft 365 environment. This includes monitoring for impossible travel scenarios (when accounts appear to log in from geographically distant locations within impossible timeframes), unusual access patterns, and legacy authentication attempts that bypass modern security controls.<\/p>\n

Rogue Application Detection<\/strong>: Proactive detection and remediation of potentially malicious OAuth applications installed in Microsoft 365 environments. Attackers frequently use legitimate-looking “OAuth apps” to maintain persistent access to your environment without needing passwords.<\/p>\n

Shadow Workflow Protection<\/strong>: Detection of malicious inbox rules and email forwarding configurations that attackers create to intercept sensitive communications. These attacks use Microsoft’s built-in email processing capabilities to automatically move emails containing payment information or credentials to hidden folders or external mailboxes, with users remaining completely unaware.<\/p>\n

Session Hijacking Prevention<\/strong>: Identification of stolen session tokens that allow attackers to bypass multi-factor authentication entirely. Even with MFA enabled, session hijacking lets attackers impersonate legitimate users.<\/p>\n

Human-Validated Alerts<\/strong>: Unlike automated systems that generate overwhelming volumes of false positives, mature ITDR platforms provide human-verified threat intelligence. Every alert is actionable, human-validated, and designed to address real threats while minimizing noise.<\/p>\n

Rapid Incident Response<\/strong>: When threats are confirmed, ITDR platforms provide clear remediation guidance and can automatically disable compromised accounts to prevent further damage.<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.5″ _module_preset=”default” custom_padding=”10px|10px|10px|10px|false|false” border_width_all=”1px” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

How ITDR Complements MDR<\/h3>\n

If you’re already running Managed Detection and Response (MDR) for your endpoints, ITDR isn’t a replacement.\u00a0 It is a critical complement. Here’s why both are essential:<\/p>\n

MDR protects devices. ITDR protects identities.<\/strong> An attacker who compromises a user’s Microsoft 365 account doesn’t need to touch any endpoint device. They can access email, SharePoint, Teams, and OneDrive from anywhere in the world using stolen credentials or hijacked sessions.<\/p>\n

MDR sees endpoint activity. ITDR sees cloud authentication and access patterns.<\/strong> When someone logs into Microsoft 365 from an unusual location or sets up a malicious forwarding rule, there’s no endpoint event to detect\u2014the activity happens entirely in the cloud.<\/p>\n

MDR stops malware. ITDR stops Business Email Compromise.<\/strong> BEC attacks don’t use malware. They use social engineering, credential theft, and legitimate Microsoft features weaponized for malicious purposes.<\/p>\n

Think of it this way: MDR is your security guard watching your physical office. ITDR is your security guard watching who’s accessing your cloud workspace. You need both.<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.5″ _module_preset=”default” custom_padding=”10px|10px|10px|10px|false|false” border_width_all=”1px” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

The Security Evolution: Antivirus \u2192 EDR \u2192 MDR<\/h3>\n

To understand where ITDR fits, it helps to understand the evolution of endpoint security:<\/p>\n

Antivirus<\/strong> was the foundation\u2014signature-based detection that identifies known malware by comparing files against a database of malware signatures. It effectively identifies well-known threats but struggles with more advanced, rapidly evolving attacks.<\/p>\n

Endpoint Detection and Response (EDR)<\/strong> represented a significant advancement. Instead of focusing on preventing threats using known malware definitions, EDR uses technology to analyze behaviors of workstations through Artificial Intelligence. EDR can identify suspicious behavior patterns even when the specific threat is unknown.<\/p>\n

Managed Detection and Response (MDR)<\/strong> adds the critical human element. While EDR relies on sophisticated technology to monitor, detect, and respond to threats, it can only operate within its programmed parameters. MDR combines the technology of EDR with human expertise and instinct.<\/p>\n

MDR isn’t just one tool but a combination of systems including EDR, Security Operations Center (SOC), Security Information and Event Monitoring (SIEM), and Threat Intelligence Discovery.<\/p>\n

The progression is clear: each level adds more sophisticated detection capabilities and, critically, more expert human oversight.<\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

\n

Why This Matters for New Zealand Businesses<\/h2>\n

Most New Zealand businesses run their operations through Microsoft 365. Email, document collaboration, customer communications, financial data all flow through this environment. Yet many businesses protect their endpoints comprehensively while leaving their Microsoft 365 identities exposed.<\/p>\n

The strategic question isn’t whether identity attacks will target your business. It is is whether you’ll detect them when they do.<\/p>\n

\n

[\/et_pb_text][et_pb_text _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

Kinetics’ 2026 Strategic Security Enhancement<\/h2>\n

Understanding this evolving threat landscape, Kinetics is currently implementing a comprehensive security upgrade across our KARE Foundation service:<\/strong><\/p>\n

All PCs upgraded to MDR (Managed Detection and Response)<\/strong>, providing:<\/p>\n