ManageEngine named a Market Leader in the KuppingerCole Leadership Compass 2025 for Identity Threat Detection And Response (ITDR)
As digital identities have become the primary attack vector in modern cybersecurity incidents, identity threat detection and response (ITDR) has emerged as a vital complement to traditional identity management.
Modern enterprises face an interconnected web of identity-driven threats that move freely across users, systems, and machines. Human and non-human identities intertwine across cloud platforms, business apps, and AI agents, creating an attack surface that is dynamic, fragmented, and often invisible. With identities as evolving risk entities that demand continuous observation, a blind spot between prevention and detection was discovered.
IAM systems manage who gets access, while SIEM tools monitor what happens afterwards. This results in neither seeing the full identity story. To close this gap, organizations must converge around identity as both a control plane and a detection surface. That means unifying IAM, SIEM and privileged access management to continuously map relationships, correlate behaviors, and detect misuse in real time.
ManageEngine’s approach to ITDR
ManageEngine has been recognized by KuppingerCole Analysts AG as a Market Leader in the Leadership Compass 2025 for Identity Threat Detection and Response (ITDR)
ManageEngine provides a modular, tightly integrated stack, where identity governance, privileged access, and SIEM work together without requiring third-party integrations.
As mentioned in the KuppingerCole report:
"This in-house alignment reduces operational friction and provides organizations with a unified approach to ITDR."
"The solution is well-suited for industries with strict compliance requirements, such as healthcare, finance, and government, where auditing, reporting, and privileged access control are essential."
ManageEngine’s addresses ITDR through its AD360, PAM360, and Log360 software solutions, which together address identity governance, privileged access, auditing, detection, and remediation across hybrid IT environments.
As identities become the primary control point in enterprise security, organizations need to keep them under continuous control. AD360 enables this by embedding security into identity management through enabling continuous discovery of risks, preventive and visibility controls, ongoing monitoring of identity activity, and sustained posture management across hybrid environments.
"ManageEngine's identity strategy aligns with the evolving needs of enterprise IT management by consolidating identity management and security into a converged platform. Its modular design and interoperability with other ManageEngine solutions enable organizations to maintain unified oversight and adapt to increasingly complex and hybrid IT environments."
- Alejandro Leal, Senior Analyst, KuppingerCole
Making identity observable
AD360 helps organizations visualize how identities accumulate and misuse privileges over time. The Risk Exposure Management module maps nested groups, delegations, and inherited rights across Active Directory and Microsoft 365, exposing escalation paths that traditional IAM tools often miss.
For hybrid environments, the Attack Surface Analyzer extends this view across Azure, AWS, and Google Cloud, identifying misconfigured service accounts, unconstrained delegations, and over-privileged entities that expand the identity attack surface.
Complementing this visibility, AD360’s Identity Risk Assessment engine continuously evaluates inactive accounts, unsafe configurations, and weak password policies, assigning each issue a contextual risk score. Each issue is scored by severity and impact to guide remediation priorities.
Detecting misuse and rationalizing access with ML
AD360 embeds ML-based behavior analytics that baseline normal user and entity activity. Deviations such as logins from new geographies, unexpected privilege elevation, or unusual access patterns are correlated across identity sources to highlight potential insider misuse or credential compromise.
Its ML-based access recommendations analyze historical provisioning data and peer entitlements to suggest appropriate privileges during onboarding. These recommendations are advisory, enabling administrators to validate and apply them manually—reducing over-provisioning while maintaining operational flexibility.
Sustaining control through automation and continuous governance
AD360 automates identity life cycle operations so that onboarding, modification, and deprovisioning remain consistent across HR, IT, and cloud systems. Multi-level approval workflows and predefined templates ensure policies are applied uniformly, minimizing orphaned or stale accounts.
For authentication, AD360 supports context-aware MFA and SSO that evaluate sign-ins based on configurable conditions such as IP range, device type, or time of access. These controls allow conditional enforcement and cover passwordless login (FIDO2), biometrics, offline MFA, and MFA for local Windows accounts.
An essential component of ITDR is remediation and incident response, which closes the identity security loop from monitoring to detection to response, ensuring every identity remains under continuous control. This is where Log360 and PAM360 play a critical role in detecting identity-driven threats and orchestrating swift response actions across systems.
Privileged access and remediation intelligence
PAM360 secures and monitors all privileged accounts through centralized vaulting, password rotation, and just in time access. Every privileged session is recorded for full traceability, helping enforce least privilege, prevent credential misuse, and maintain accountability across critical systems. It also provides granular approval workflows, real-time session shadowing, and automated credential resets to contain potential privilege abuse faster.
Log360, the SIEM and UEBA layer, completes the ITDR loop by detecting and correlating identity-related anomalies across endpoints, servers, and applications. Beyond visibility, it supports automated and semi-automated remediation, such as disabling compromised accounts and revoking access tokens to triggering alerts and workflows within AD360 or PAM360. By linking detection to action, Log360 helps security teams contain identity-based incidents quickly and maintain real-time control across the identity life cycle.
Watch how AD360 secures identities
Schedule a one-on-one session with our product experts to see how AD360 strengthens governance, streamlines identity operations, and embeds identity-first security across your enterprise.