OpenText™ Core Threat Detection and Response delivers adaptive, AI-native detection of insider threats, novel attacks, and advanced persistent threats (APTs). Built with behavioral analytics and unsupervised machine learning, it identifies high-risk, easily missed anomalies while integrating natively with Microsoft Defender for Endpoint, Entra ID, and Copilot.

Key Benefits

• Detect Insider Threats Early
  Identify and respond to misuse of credentials, privilege escalation, and other subtle insider behaviors with behavioral threat indicators that learn from your environment and surface hidden risks in context.
• Eliminate Blind Spots
  Automatically build baselines for each user, machine, and process, then flag deviations. Detect threats that evade rules, signatures, and SIEM correlation.
• Prioritize What Matters
  Behavioral risk scoring ranks threats by severity and business impact using mathematically principled models rooted in expected utility theory. Avoid alert overload and focus on critical risks.
• Strengthen Your Microsoft Stack
  Integrate directly with Microsoft Defender for Endpoint, Entra ID, and Microsoft Security Copilot. Analyze and summarize behavioral telemetry from these tools to uncover novel threats and reduce investigation time.
• Reduce SOC Fatigue
  Automatically suppress false positives by understanding organizational context and behavior. High-context alerts with AI-generated summaries allow junior analysts to act confidently and accurately.
• Accelerate Threat Hunting
  Turn billions of raw events into a handful of actionable leads with no manual tuning. Leverage unsupervised learning, automated baselines and advanced risk scoring to streamline advanced threat detection.

Key Features

• AI-Driven Behavioral Analytics
  Learns what’s normal across users, devices, and processes to detect anomalous behavior - no rules or signatures required.
• Unsupervised Machine Learning
  Continuously updates baselines as your organization evolves; adapts to user behavior without manual configuration.
• Risk Scoring for Prioritization
  Uses probabilistic modeling and utility theory to score threats by risk enabling smarter detection and quicker action.
• High-Context Alerts with AI Summaries
  Delivers plain-language narratives that tie user actions to MITRE ATT&CK techniques reducing analysis time and error.
• Seamless Microsoft Integration
  Works natively with Microsoft Defender for Endpoint and Entra ID for fast deployment and enhanced detection using existing telemetry.
• OpenText Cybersecurity Aviator
  AI-generated summaries and context for every high-risk alert so even junior analysts can take fast, informed action.

Insider Security Program

Add one of the following optional tiers for managed detection, threat hunting services, SOC-as-a-Service, and expert support tailored to your maturity level:

• Essential Insider Security
  Benefit from continuous advice and guidance from a Cyber Concierge backed by OpenText Field Engineering to ensure you are on the fastest path to value. This service is designed to help you align your Core Threat Detection and Response subscription to your threat landscape and Governance, Risk and Compliance business requirements.
• Proactive Insider Security
  All the benefits of Essential Insider Security plus 24x7 monitoring of potential threats and risky behaviors by our team of Threat Hunters. Complement your team with skilled and certified threat hunting resources amid the current cyber skills human capital crisis.
• Elite Insider Security
  Realize the benefits of the Proactive Insider Security service and leverage our outsourced Security Operations Center. Our Managed XDR service combines behavioral analytics with endpoint detection, network detection, and cloud detection. Be ready for breaches or incidents with our on-call DFIR team. All delivered by our trusted OpenText Cyber Resilience Program.

Contact us for more information on Core Threat Detection and Response and the Insider Security Program.