Netwrix Threat Manager is an identity threat detection and response (ITDR) solution that protects hybrid identity environments across Active Directory and Microsoft Entra ID. It detects and responds to identity-based attacks in real time using behavioural analytics and machine learning to surface high-risk activity and reduce alert noise.
| Product | Mindshare (%) |
|---|---|
| Netwrix Threat Manager | 2.1% |
| Proofpoint Threat Response | 8.7% |
| ServiceNow Security Operations | 8.0% |
| Other | 81.2% |
By focusing on identity as the primary attack surface, Netwrix Threat Manager helps organizations protect sensitive data from the inside out.
The solution enables security teams to identify compromised accounts, privilege misuse, lateral movement, credential abuse, and advanced techniques such as Kerberoasting, DCSync, DCShadow, and Golden Ticket attacks. Automated response actions support rapid containment. Built-in investigation tools correlate related events into a consolidated attack timeline for efficient forensic analysis.
Key use cases
• Detect identity attacks across Active Directory, Entra ID, and file systems
• Investigate incidents faster with correlated attack timelines
• Trigger automated containment actions to block malicious activity
• Detect insider threats using behavioural analytics and anomaly detection
• Deploy deception controls using honeytoken technology
Netwrix Threat Manager integrates with SIEM platforms, ITSM tools such as ServiceNow, and collaboration platforms such as Slack to support coordinated incident response. By combining accurate detection, automated containment, and investigation capabilities, it helps reduce the risk of domain compromise and operational disruption.
Netwrix Threat Manager was previously known as StealthDEFEND.
AIG, Disney, Charles Schwab, Columbia University, Credit Suisse
We have not yet collected reviews for Netwrix Threat Manager. Share your experience with PeerSpot's community.
Share a review
