Skip to content
    Back to Security Operations (SecOps)
    Security Operations (SecOps)StartupITDR

    Oort (Cisco)

    Identity threat detection and response acquired by Cisco

    Mkt Cap / ValDiv. of Cisco
    Dedicated identity threat detection and response backed by Cisco's security infrastructure and GTM reach.
    Analyst take · Competitive edge

    SWOT Analysis

    Strengths
    • Cisco backing provides credibility, resources, and integration pathways with enterprise security stacks
    • Focused ITDR positioning fills a specialized gap between IAM and threat detection
    • Acquired talent and methodology embedded into larger security ecosystem
    Opportunities
    • Identity compromise increasingly recognized as primary attack vector; enterprises seeking specialized ITDR
    • Expand beyond Cisco ecosystem to multi-vendor identity security stories across healthcare, finance, tech
    • Package ITDR with Cisco incident response and Zero Trust capabilities for bundled positioning
    Weaknesses
    • As a standalone product within Cisco, differentiation from other Cisco security modules unclear to buyers
    • Limited public visibility compared to integrated identity platforms or pure-play EDR vendors
    • Potential overhead of integrating ITDR signals into broader Cisco security orchestration
    Threats
    • Large IAM vendors (Okta, Azure AD) adding threat detection natively, eroding specialized ITDR demand
    • Pure-play EDR/XDR vendors expanding into identity, commoditizing ITDR as table-stakes feature

    User Sentiment

    Synthesized from G2, Gartner Peer Insights, and analyst review data.

    What users love
    • Tight integration with Cisco security products and existing infrastructure
    • Fast, focused detection of suspicious identity activities without false positives
    • Expert threat research directly backed by Cisco's incident response teams
    Common complaints
    • Documentation and onboarding process assumes deep Cisco security knowledge
    • Limited ability to work standalone or in non-Cisco-heavy environments
    • Pricing often bundled into Cisco packages, making per-module ROI difficult to isolate

    Customer Profile

    Who buys this

    Typical segments

    Large enterprises with Cisco security investmentsOrganizations with mature IAM deployments seeking identity threat layer

    Typical buyer

    Chief Information Security Officer or Head of Identity Security

    Top use cases
    1. 1Detect compromised identity credentials and lateral movement via identity abuse
    2. 2Monitor and alert on anomalous user behavior indicating account takeover or insider threat
    3. 3Enforce adaptive risk-based access controls based on identity threat signals

    Future Focus Areas

    1

    Expansion to cover non-human identity threats (service accounts, API keys, certificates)

    2

    Deeper behavioral analytics to predict identity-based threats before exploitation