Why security needs to get smarter

I have a problem with rules. They’re simply not good enough on their own. Imagine you’re the security guard of an office building. To keep intruders out, you create a rule: anyone without a badge gets stopped at the door. Seems effective — until someone figures out, they can clone a badge or tailgate behind an employee.

So, you add another rule: employees must scan in one at a time. But what if an attacker steals someone’s identity? Or an employee goes rogue and scans in at night to steal equipment? Add another rule that blocks any scanning after 5 pm? You’d need an exception and then a way to evaluate that exception. Then the VPs and above demand a permanent exception for themselves, so another rule is added. HR then hands over the name of someone they suspect is up to no good. So you write a rule to alert them when that individual enters and leaves, which they ignore after a while because the alert keeps pinging them over and over and over.

Don’t worry, I’m getting a bit bored with the analogy too. The point is that no number of rules – no matter how sophisticated and attentively updated – will protect an organization from insider threats. What the office really needs is a guard who knows every person in the building personally. A guard that can recognize when someone is acting strangely, even if they’re technically acting normally. A guard whose subconscious can catch a slew of minor things and correlate them to reveal a big red flag. That “something’s off” feeling we all occasionally get without a single “smoking gun” to back it up.

That’s where OpenTextTM Core Threat Detection and Response comes in. It’s an intelligent solution that doesn’t just follow rules but also understands behavior.

Announcing OpenText Core Threat Detection and Response

OpenText Core Threat Detection and Response, coming May 2025, is built to do what legacy security tools can’t—it learns from behavior, not just rules. Using AI-driven behavioral analytics, it detects insider threats, credential misuse, and anomalies in real-time, making security smarter, more efficient, and more effective.

Unlike standalone products that force teams to rip and replace existing tools, OpenText Core Threat Detection and Response is built as an Open XDR solution, augmenting security infrastructure instead of competing with it. It integrates seamlessly into your environment, working alongside Microsoft Defender, Entra ID, and other security investments to provide deeper insights without adding complexity. Initially, we focused the seamless integration on Microsoft’s ecosystem, but future releases will expand to support additional security platforms.

Why traditional security falls short

Most security solutions operate like an overzealous alarm system – triggered by every small deviation from the rules. This can overwhelm security teams with false positives (insert an analogy about people living in cities ignoring car alarms that ages me). OpenText Core Threat Detection and Response, on the other hand, acts like an experienced investigator, correlating multiple behaviors and identifying real threats, while filtering out the noise. It’s a boon to CISOs currently tackling overloaded SOC teams and talent shortages.

Here’s how it changes the game:

Adaptive threat detection: Instead of static rules, our AI continuously learns from your environment. It detects anomalies in real-time—like an employee accessing sensitive files at odd hours when they never have before. It doesn’t just flag an unusual login. It sees the full picture—who logged in, where, what they accessed, and whether that matches their past behavior.

Fewer, smarter alerts: Instead of drowning SOC teams in false alarms, we deliver precise, context-rich alerts that highlight real risks, helping teams focus on what matters most. And by context-rich, we mean the AI explains itself in a clear manner as to why it has raised the alert. It gives SOC teams the ability to prioritize and determine the best course of action, if it's not already automated based on the threat.

Seamless integration: Initially built for deep integration with Microsoft Defender and Entra ID, our roadmap includes expanding these seamless connections to more security ecosystems. This will mean more organizations can leverage Core Threat Detection and Response without disrupting their existing investments.

Stronger security, smarter investments

We know security budgets aren’t unlimited. That’s why OpenText Core Threat Detection and Response isn’t designed to replace your existing security stack – it enhances it. Think of it like upgrading from a dashboard full of warning lights to an advanced driver -assistance system that predicts and prevents accidents before they happen.

By adding behavioral analytics and anomaly detection on top of existing security investments, organizations get more value out of the tools they already use – without the complexity of managing yet another siloed solution (no swivel chair!). Yes, costs will increase slightly, but the return on investment is exponentially greater.

What’s next?

Early adopters are already testing OpenText Core Threat Detection and Response, helping refine and optimize its capabilities before launch. By partnering with OpenText, these organizations are shaping the future of insider threat defense – and you can too. If you’re ready to take a smarter approach to security, we’d love to hear from you.

