Cyber Insight expands identity security capabilities with Sophos ITDR

Cyber Insight CEO Deon Smal announces the expansion of the company’s managed security portfolio with Sophos Identity Threat Detection and Response (ITDR) – a major milestone in combating identity-based threats and strengthening protection for South African organisations through enhanced visibility, dark web monitoring and rapid response capabilities.

---

Cyber Insight has announced the expansion of its managed security portfolio with the introduction of Sophos Identity Threat Detection and Response (ITDR) – a next-generation capability designed to help South African organisations combat the surge in identity-based cyber attacks.

The launch comes amid growing concern over the role of compromised user identities in ransomware and data breaches. Sophos research shows that 90% of organisations experienced an identity-related breach in the past year, and 95% of Microsoft Entra ID environments contain at least one critical misconfiguration. These vulnerabilities create ideal conditions for attackers to exploit human access points, escalate privileges and move laterally within corporate systems.

“Identity has become the new battleground in cyber security,” said Deon Smal, CEO of Cyber Insight. “The reality is that attackers no longer need to break down doors – they simply log in using stolen credentials. As digital transformation accelerates and cloud adoption expands, visibility into identity risk has become an essential component of every organisation’s defence strategy.”

Sophos ITDR is purpose-built to address these evolving risks by combining continuous identity posture assessments, dark web credential monitoring and automated response actions into a unified service. Integrated seamlessly into Sophos Extended Detection and Response (XDR) and Managed Detection and Response (MDR), it gives Cyber Insight’s security analysts the ability to monitor identity events in real-time and respond before attackers gain a foothold.

Through this integration, Cyber Insight can provide:

• Continuous scanning of Microsoft Entra ID environments to detect misconfigurations, policy gaps and risky permissions.
• Dark web intelligence that alerts clients when credentials have been leaked or sold online.
• Automated containment actions such as account locking, password resets and session termination to stop attacks in progress.
• Identity posture benchmarking, enabling clients to track improvements over time and align to frameworks like CIS and NIST.

The addition of Sophos ITDR extends the power of Cyber Insight’s MDR service – providing a single operational view of identity, endpoint and network activity. This unified approach enables faster investigation, more accurate threat correlation and stronger incident response outcomes.

“Cyber security is no longer just about blocking malware or patching systems – it’s about protecting digital identities,” added Smal. “Our partnership with Sophos allows us to deliver global-grade technology with local execution. Clients benefit from real-time insights, analyst-led investigations and proactive threat hunting that bridges the gap between prevention and response.”

Cyber Insight’s adoption of ITDR also reflects a wider industry shift towards identity-centric security frameworks. As organisations increasingly operate in hybrid cloud environments, traditional perimeter defences have become less effective. Attackers now focus on exploiting credentials, misconfigured access policies and insufficient multi-factor authentication (MFA).

By offering ITDR as part of its managed services, Cyber Insight provides a practical, measurable way for businesses to reduce identity-related risk and improve compliance posture. The solution’s compatibility with Microsoft Entra ID – the most widely adopted identity platform in the enterprise market – ensures fast deployment and immediate visibility into potential weaknesses.

Since its founding, Cyber Insight has focused on bridging the cyber security skills and technology gap across South Africa by combining world-class tools with local expertise. The integration of Sophos ITDR continues that mission, equipping organisations with advanced identity analytics and automated threat response without adding operational complexity.

“Our goal has always been to help South African businesses build resilience in the face of global cyber challenges,” said Smal. “By introducing ITDR into our managed service offering, we’re empowering our clients to take proactive control of identity protection – turning one of the biggest areas of risk into a strength.”

The new capability is available immediately to existing Cyber Insight MDR and XDR customers and will form part of the company’s broader identity security roadmap for 2026.

Local experts. Global intelligence. Trusted protection.