Detection engineering for identity-driven attacks

Identity Threat Detection & Response.

ITDR focused on the attack paths attackers actually use today — credential stuffing, session hijacking, MFA fatigue, OAuth abuse, lateral movement and privilege escalation in identity providers like Entra, Okta and Google Workspace.

The Basalt Identity Threat Detection & Response portfolio gives organisations a way to provide ongoing security skills and knowledge to their initiatives. We meet teams at every level of the stack — from infrastructure to application layer — with senior operators who can read both the engineering and the regulatory context.

  • Catch account takeover in hours, not days
  • Cut OAuth and federation blind spots
  • Tested IR playbooks for identity compromise
  • Continuous validation against current attacker tradecraft

Services

Identity-focused detections for your SIEM/XDR

We deliver this work as part of the broader Identity Threat Detection & Response engagement — scoped to your real environment, mapped to the controls your auditors and board already use, and shipped with reproducible artefacts your engineering team can act on.

IdP hardening review across Entra, Okta and Workspace

We deliver this work as part of the broader Identity Threat Detection & Response engagement — scoped to your real environment, mapped to the controls your auditors and board already use, and shipped with reproducible artefacts your engineering team can act on.

Service principal and OAuth app risk inventory

We deliver this work as part of the broader Identity Threat Detection & Response engagement — scoped to your real environment, mapped to the controls your auditors and board already use, and shipped with reproducible artefacts your engineering team can act on.

Account compromise playbooks and tabletop exercises

We deliver this work as part of the broader Identity Threat Detection & Response engagement — scoped to your real environment, mapped to the controls your auditors and board already use, and shipped with reproducible artefacts your engineering team can act on.

Red-on-blue identity attack simulations

We deliver this work as part of the broader Identity Threat Detection & Response engagement — scoped to your real environment, mapped to the controls your auditors and board already use, and shipped with reproducible artefacts your engineering team can act on.

Approach

We start with an initial face-to-face (or remote) meeting which will:

  • Understand what your business does and where the key areas of risk are
  • Discuss the services that we deliver under the Identity Threat Detection & Response offering
  • Understand the scope of the engagement, single project / application / entire identity threat detection & response environment or somewhere in between
  • Select the best services for the stage of development for the solutions in scope

Inside Identity Threat Detection & Response

Identity Threat Detection & Response

Detection and response engineering focused on identity-driven attacks — credential stuffing, session hijacking, MFA fatigue, lateral movement and privilege escalation in identity providers.

Explore Identity Threat Detection & Response →

Incident Response

Incident response and retainer services for the moments where minutes matter — containment, forensics, communications and lessons-learned, on call when the page fires.

Explore Incident Response →

Managed Detection & Response

Managed detection and response with our engineers operating inside your stack — your SIEM, your EDR, your cloud — with engineering-grade detections, escalation that respects your on-call, and exit-friendly knowledge transfer.

Explore Managed Detection & Response →

What a great team. Easy to work with and so knowledgeable. — Managed Services Provider

Take the next stepTalk to us today

Say hi!