Identity Detection & Response

Identity Is the
New Perimeter.

Credentials are the most-attacked surface in the enterprise. Void IDR watches every identity -- humans and service accounts -- for the behaviors that signal compromise.

Request a Demo Contact Sales

Real-time Identity Monitoring

Per-Identity Behavioral Baselines

Dynamic Risk Scoring

Native SIEM Integration

Detect Identity Attacks

Purpose-built detections for the techniques that target credentials and accounts

flight

Impossible Travel

Logins from geographically impossible locations within a short window, flagged as soon as the second authentication lands.

password

Brute Force & Credential Stuffing

High-volume authentication failures and password-spray patterns across users, hosts, and applications.

manage_accounts

Account Takeover

Sudden behavioral shifts that indicate a hijacked account, measured against the identity's own baseline.

admin_panel_settings

Privilege Escalation

Unexpected grants of elevated rights and role changes that move an identity outside its normal scope.

lock_clock

MFA Fatigue & Bypass

Repeated MFA prompts and suspicious approval patterns that point to push-bombing or social engineering.

Dormant Account Reactivation

Long-idle accounts suddenly active again -- a classic signal of credential reuse or insider misuse.

Behavioral Baselines Per Identity

Every user and service account gets its own profile of what normal looks like

monitor_heart

Learns Normal

Builds a behavioral profile for every user and service account from authentication and activity telemetry.

group

Peer-Group Comparison

Compares each identity against peers to surface true outliers, powered by UEBA.

trending_up

Continuous Adaptation

Baselines evolve as roles and behavior change, so normal stays accurate over time.

history

Resettable

Re-baseline an identity after a legitimate change such as a role move or new responsibilities.

Risk That Prioritizes Itself

A live risk score per identity tells analysts where to look first

trending_up

Per-Entity Risk Score

Every identity carries a live risk score driven by detections and severity.

list_alt

Severity Breakdown

See exactly which behaviors raised an identity's risk and by how much.

visibility

Watchlists

Flag high-risk or sensitive identities for focused monitoring.

account_tree

Session Tracking

Follow suspicious authentication sessions end to end.

Governed by Policy

Tune detection behavior and triage workflow to match your environment

policy

Detection Policies

Tune which identity behaviors raise detections so the signal fits your environment.

rule

Severity Overrides

Set the severity that matters to you per detection type.

fact_check

Status Workflow

Move detections through investigating, resolved, false positive, and suppressed.

badge

Watchlist Management

Add and remove monitored entities as risk changes.

Part of One Platform

IDR is a native module of the Void platform, not a bolt-on

hub

Feeds the SIEM

Identity detections become correlated alerts and incidents alongside network, endpoint, and cloud signals.

Learn more

person

Powered by UEBA

Shares behavioral analytics and peer grouping across the platform for consistent entity scoring.

psychology

Pairs with AIDR

Identity protection alongside AI-usage protection for full coverage of human and machine actors.