ITDR-LP_Hero-Image

Quest State of ITDR Report 2026

This year’s Quest State of ITDR Report examines how today’s threats are evolving, the growing requirements for effective identity threat detection and response, and what organizations can do to align with a more complete security and resilience strategy.
Read the full report

ITDR Maturity Assessment
 

Evaluate your identity security posture across the full NIST CSF lifecycle.
Take the assessment

ITDR is evolving

As identity becomes the primary attack surface, expectations for identity threat detection and response (ITDR) are expanding. Leading industry advisory firms such as Gartner now align ITDR more closely with the National Institute of Standards and Technology (NIST) Cybersecurity Framework, reflecting a broader, lifecycle-based approach to identity security that extends beyond prevention and detection to include response and recovery.

At the same time, AI-driven attacks, hybrid environments, and the rapid growth of non-human identities are increasing complexity and risk, raising the bar for how organizations must approach their identity security and resilience strategies.

Disaster recovery risk

75%

of organizations undertest disaster recovery

NHI security concern

51%

list NHIs as biggest security concern

Proactive threat management

78%

say proactive threat management drives ITDR

AI and ITDR

79%

believe AI can improve ITDR effectiveness

Top recommendations from the 2026 State of ITDR Report

Treat identity recovery as a core component of ITDR, not a contingency plan. Regularly test and validate recovery across ransomware and identity compromise scenarios to ensure readiness. Build operational muscle memory to reduce downtime during incidents, and maintain flexible recovery options so teams can respond appropriately, from granular object restoration to full domain recovery.

Establish continuous discovery across hybrid Active Directory and Entra ID environments to maintain a complete, up-to-date view of both human and non-human identities. Use this visibility to define the identity attack surface, reduce blind spots, and ensure all identities are properly understood, governed, and secured.

Identify and formally classify Tier 0 identities, then apply focused protections, auditing, and alerting to safeguard these critical assets. Limit unnecessary privilege and trust relationships to reduce identity blast radius, and address misconfigurations that expose high-impact identities to compromise.

Continuously monitor identity activity across hybrid environments and use AI to surface suspicious behavior, reduce alert noise, and prioritize high-risk events. Correlate identity signals with broader security telemetry to add context, and automate analysis to compensate for identity and Active Directory skills gaps. 

Key Benefits

Identity visibility and posture management

Quest offers security-grade visibility across hybrid AD to identify Tier 0, privileged paths, and human and non-human identities. Benchmark configurations to surface critical vulnerabilities and compromises.

Instant threat defense

Quest allows teams to proactively freeze critical objects, preventing compromise. Contain threats with Shields Up capability, stopping attacker movement and techniques in real time.
102686

Deep AD auditing

Quest provides human-readable auditing, capturing who changed what, when, where, and from which workstation, providing clear context to reduce alert fatigue and accelerate mean time to respond (MTTR) by 44%.

AI-driven insight and remediation

Quest’s integrated AI translates identity telemetry into actionable security insights and remediation guidance to accelerate threat analysis and response.

Restore identity quickly and with confidence

Quest recovers identity services up to 90% faster after ransomware, cyberattacks, or operational failures, minimizing downtime with secure, malware-free recovery across hybrid AD and Entra ID.

Achieve security and resilience across the full identity lifecycle

Quest empowers organizations to align to the NIST Cybersecurity Framework, ensuring they identity, protect, detect, respond, and recover across AD and Entra ID from a single platform.