Page 3 – OpenText Blogs

AI-Driven cognitive boost for cyber threat hunting
Every day, threat hunters navigate an overwhelming sea of data, sifting through countless logs from various sources. These logs, even after getting translated into alerts by various analytical tools, demand constant attention and scrutiny. Security analysts need to manually investigate thousands of alerts while frequently referencing external threat intelligence sources such as BrightCloud. Despite the availability of sophisticated analytics platforms, the sheer volume and complexity of data make efficient threat detection a daunting task.

By integrating AI into the threat-hunting process, alerts can be enriched with deeper contextual insights thereby reducing the manual workload. AI-driven summarization can distill vast amounts of information into concise, actionable summaries and narratives, helping analysts focus on critical threats faster. Additionally, AI can automate report generation and even suggest response strategies, streamlining incident resolution.

Reducing alert fatigue with AI-powered enrichment

Nearly every security tool on the market today can generate alerts after analyzing logs. These alerts may be rule-based or derived from machine learning models and help to reduce the burden from millions of log events to a more manageable number of alerts. However, even at this reduced scale, investigating these voluminous alerts remains a time-consuming challenge for threat hunters.

Each alert requires a deep dive into underlying raw events to extract contextual details. Analysts also must manually cross-reference multiple sources, looking up information such as process hashes or remote IP addresses in threat intelligence databases to determine if they appear in known blacklists. After all this effort, most alerts often turn out to be false positives, leading to wasted time and analyst fatigue.

Generative AI can play a powerful role in automatically enriching security alerts with contextual intelligence, significantly easing the burden on threat hunters. For instance, when the execution of an unusual process triggers an alert, analysts typically need to investigate manually. They look up the process hash to determine if it’s linked to known malware, examine the parent and grandparent processes for anomalies, and analyze the command-line arguments used during execution.

Organizations can automate much of this investigative work with recent advancements in generative AI. AI can generate enhanced alert descriptions incorporating critical details. These include process lineage, command-line inputs, and real-time reputation lookups for hashes and IP addresses. This enriched information empowers analysts to make quicker, more accurate judgments about which alerts warrant deeper investigation. It also allows them to identify which are likely false positives. By minimizing manual effort and improving decision quality, AI-driven enrichment helps security teams cut through the noise and focus on genuine threats.

Enhancing entity-based threat analysis with AI-driven summarization

User and Entity Behavior Analytics (UEBA) tools, such as Core Threat Detection and Response, take threat detection further by aggregating alerts based on associated entities such as users, machines, IP addresses, and more. Instead of analyzing individual alerts in isolation, these tools compute a risk score for each entity based on their associated alerts, allowing threat hunters to assess security incidents holistically. This approach helps identify patterns that might otherwise go unnoticed, including connections between seemingly low-severity alerts that, when correlated, reveal a more significant security threat.

In this approach, threat hunters typically prioritize their investigations on entities based on risk scores and manually review their corresponding alerts to reconstruct an entity’s activity timeline. However, this process still requires significant time and effort to stitch together multiple alerts and build a coherent story.

Streamlining with Generative AI

Generative AI can streamline this process by automatically summarizing anomalous activities for each high-risk entity, providing a concise yet comprehensive overview alongside the risk score. The workflow typically involves the following steps:
- Identifying high-risk entities and relevant time windows: Focus is placed on entities that accumulate higher risk scores based on their associated alerts in a given period.
- Ranking anomalies: Anomalies are prioritized based on their contribution to the entity’s risk. This ranking considers factors such as the importance of associated entities, the weight of the anomaly model, the nature of the suspicious activity, etc.
- Selecting and compressing top anomalies: To ensure a holistic view, a curated set of significant anomalies is chosen across various behavioral dimensions—such as access patterns, authentication patterns, or access anomalies.
- Constructing the anomalous narrative: A large language model (LLM) generates a human-readable summary that stitches these anomalies into a coherent story. This narrative contextualizes scattered alerts into a meaningful threat storyline, helping analysts understand what happened immediately.
By highlighting key behaviors and tying them to the broader risk picture, these AI-generated summaries enable analysts to focus their time and expertise on the entities that matter most. This approach accelerates decision-making and minimizes the risk of missing critical security threats hidden within alert noise. This narrative is further enhanced by associating potential MITRE ATT&CK techniques that map to the entity’s observed activities—a topic we’ll explore in more detail in an upcoming blog post.

From entity insights to organizational summaries

While entity-level summaries help threat hunters analyze individual users, machines, or IPs efficiently, they can extend the same AI-driven approach to provide a broader view of an organization’s overall security posture. By aggregating risk scores, anomalous activities, and trends across multiple entities, AI can generate a high-level summary of an organization’s security state at any given moment.

This organizational-level visibility enables security teams to identify larger attack patterns, persistent threats, and areas of concern that might not be evident from individual alerts. More importantly, AI can automate the generation of executive summaries and detailed security reports, offering CISOs and other stakeholders clear insight into the company’s threat landscape.

Smarter AI-driven responses

Security teams often rely on past experiences and documented response strategies to handle recurring threats effectively. However, manually searching through past cases, incident reports, and response playbooks can be time-consuming and inefficient. Fine-tuned Large Language Models (LLMs) integrated with Retrieval-Augmented Generation (RAG) can take incident response to the next level by learning from an organization’s historical security incidents.

This approach speeds up incident resolution and improves response accuracy by reducing reliance on manual research. Security teams can focus on executing the best course of action rather than spending valuable time piecing together historical data. Ultimately, AI-powered response recommendations transform threat hunting from a reactive process into a proactive and adaptive cybersecurity strategy.

Address key challenges in AI-driven threat-hunting solutions

While AI significantly enhances threat-hunting workflows, its adoption comes with several challenges that organizations must address to ensure security, accuracy, and usability.

Data security

Security logs could contain highly sensitive information crucial to an organization’s defense strategy. Allowing these logs to leave a secure environment for AI processing poses a risk that many organizations are unwilling to take. To mitigate this, AI models must be hosted within an organization’s Virtual Private Cloud (VPC), ensuring that all data remains in a controlled and protected environment. This approach allows organizations to leverage AI’s benefits while maintaining compliance with data security policies.

Data representation

Security data exists in various schemas, often containing unique terminologies and abbreviations specific to an organization. This inconsistency makes it challenging for AI models to interpret and process the data effectively. The retrieval mechanism must be designed to extract meaningful information while normalizing in-house terminologies into a format understandable by the AI model. Standardization ensures accurate insights and prevents misinterpretation due to data structure inconsistencies.

Prompting and output consistency

Ensuring that AI-generated outputs adhere to a consistent structure is critical for usability. For instance, if a UI engine expects responses in a specific JSON format with predefined keys, deviations from this standard could break the interface. Similarly, reports and summaries must follow a uniform structure and language to maintain clarity and usability. Establishing strong prompt engineering practices ensures that AI outputs remain predictable and seamlessly integrate into existing security workflows.

Addressing these challenges is key to successfully integrating AI into threat-hunting operations.

Conclusion: The future of AI-augmented threat hunting

Fusing human expertise with AI-powered efficiency is not just an advantage—it’s becoming necessary in the ever-evolving threat landscape. As cyber threats grow more sophisticated, the demand for real-time analysis, rapid decision-making, and precise incident response is higher than ever. While AI has already demonstrated its value in enriching alerts and summarizing security events, its role in proactive threat defense utilizing mechanisms such as agentic AI is still expanding. By autonomously analyzing patterns, detecting emerging threats, and taking predefined defensive actions, agentic AI transforms cybersecurity from a reactive model into a proactive and adaptive defense strategy.

Join OpenText Cybersecurity data scientists @ RSA 2025 where my colleagues and fellow data scientists, Nakkul Khuraana, and Hari Manassery Koduvely, will discuss ‘How to Use LLMs to Augment Threat Alerts with the MITRE Framework.’
Asad Narayanan

April 14, 2025

Line of Business, Security, Security, Technologies

AI, alert fatigue, LLM, RSA2025, threat hunting
Messaging just got a major glow-up
Let’s face it: plain old SMS is starting to feel… well, a little 2005. Customers today expect more from their omnichannel messaging experiences — and guess what? OpenText™ Core Messaging is stepping up in a big way.

We’re excited to announce that rich communication channels such as WhatsApp and RCS are on the horizon — and they’re bringing with them a whole new world of interactive, secure, visually rich business messaging.

What’s new? It’s not just text anymore

Say goodbye to boring SMS text threads. With WhatsApp and RCS (Rich Communication Services) Business Messaging, you’ll be able to deliver:
- Media-rich content (images, videos, maps!)
- Location sharing
- Quick reply buttons
- Cards and carousels that let users browse, book, or buy — all in one chat
It’s not just messaging. It’s an interactive experience. Whether you’re confirming an appointment, promoting a new product, or helping someone book a service — everything happens inside one sleek, seamless conversation.

Security? It’s built right in

Worried about spam or sketchy senders? Don’t be.
- WhatsApp Business requires strict Meta-verified registration — you have to prove you’re legit before you can message at scale.
- RCS, backed by Google, has its own vetting standards to keep bad actors out.
- And while OpenText Core Messaging gives you seamless access to both platforms — we just make sure you’re plugged into the right, verified ecosystem.
Your messages? Safe. Your brand? Trusted. Your customers? Confident.

Why it matters — especially to Gen Z (and the rest of us)

Let’s be real: Gen Z doesn’t just want to receive a message — they want to interact with it. Scrollable carousels, tappable replies, media-rich previews… it’s the new standard.

These upcoming features are purpose-built for the next generation of digital customer experiences — and businesses that adopt them early will stand out in a sea of static text.

TL;DR: Messaging, but make it awesome

With WhatsApp and RCS channels, OpenText Core Messaging will help you:
- Engage customers where they are
- Create richer, smarter, automated conversations
- Build trust with verified, secure interactions
- Drive better outcomes (and look really good doing it)
So go ahead — ditch the dusty SMS templates and step into the future of omnichannel messaging. Your customers (and your ROI) will thank you.

Want to be among the first to roll out rich messaging at scale? Stay tuned — the future of business messaging is arriving soon, and it’s looking very good.
Mina Rohani Tabatabai

April 11, 2025

Banking, Consumer Goods, Customer Experience, Customer Service, Healthcare, Industries, Information Technology, Insurance, Line of Business, Marketing & Communications, Retail, Sales, Technologies, Utilities

business messaging, messaging, omnichannel messaging, OpenText Core Messaging, RCS, rich communications services, SMS marketing, SMS messaging, WhatsApp, WhatsApp Business
Why cost-effective IT observability matters: OpenText’s approach to affordable monitoring at scale
IT observability costs are spiraling out of control. According to recent industry research, 98% of organizations experience unexpected cost spikes, with 84% believing they pay too much for their monitoring solutions. This financial pressure comes at a time when complete visibility across systems has never been more critical for maintaining reliable operations.

The observability cost crisis

Organizations face a difficult dilemma in today’s monitoring landscape. Comprehensive visibility requires capturing and analyzing massive volumes of data—which have grown 5x over the past three years for the average company. Yet traditional observability platforms employ consumption-based pricing that creates unpredictable expenses as data volumes increase.

This financial reality forces IT teams to make problematic compromises:
- 98% of organizations report limiting data collection
- Teams must choose which systems to monitor, creating blind spots
- Critical security and compliance information may be discarded
- Root cause analysis becomes more difficult with incomplete data
These compromises ultimately undermine the core purpose of observability: providing complete system visibility for faster problem resolution.

OpenText’s approach: Cost-effective observability at scale

OpenText™ has developed an observability strategy that focuses on affordability without sacrificing visibility. Our solution addresses the key challenges facing IT operations teams:

1. OpenTelemetry-based observability

OpenText Application Observability uses the OpenTelemetry standard to deliver logs, metrics, and traces for both cloud-native and traditional applications at a reasonable cost. This vendor-neutral approach enables portability across toolsets, expanding observability coverage without the vendor lock-in that drives up costs.

According to Travis Greene, OpenText’s Sr. Director of Product Marketing for OpenText Observability and Service Management solutions.: “With Application Observability, IT admins have visibility into traces to find the module of code that’s the culprit of an application issue. This empowers IT admins to provide vital context to the developer to ultimately solve the problem faster.”

2. Domain-spanning visibility without cost penalties

Unlike siloed monitoring tools that force choosing between cost and coverage, OpenText’s observability platform provides a flexible observability toolset that detects and resolves performance issues across:
- Cloud environments
- On-premises infrastructure
- Applications (cloud-native and traditional)
- Network performance
This cross-domain visibility facilitates accurate root cause analysis and reduces mean time to repair (MTTR).

3. Affordable licensing models

OpenText recognizes that unpredictable costs create significant budget challenges. Their approach includes:
- Transparent pricing designed to eliminate surprise bills
- Flexible licensing that doesn’t penalize data growth
- Deployment options including SaaS, private cloud, or on-premises
The full-stack observability advantage

OpenText delivers comprehensive visibility across the entire IT estate:

Application observability

Using OpenTelemetry instrumentation, OpenText provides detailed visibility into application performance, allowing teams to visualize transaction dependencies, identify bottlenecks, and correlate logs to pinpoint issues.

Infrastructure observability

Teams can quickly identify causes and impacts of infrastructure problems across cloud and on-premises environments with guided troubleshooting that accelerates root-cause analysis.

Network observability

OpenText Core Cloud Network Observability discovers and monitors physical and virtual networks, delivering unified visibility into network performance—essential for maintaining service levels in hybrid environments.

Real-world benefits: Cost savings and performance gains

Organizations using OpenText’s observability solutions report significant improvements:
- Turk Telecom: Reduced service outages by 49%
- Verizon: Reduced MTTR from hours to seconds
These outcomes demonstrate that cost-effective observability isn’t just about saving money—it improves overall IT performance and reliability.

Why limiting observability due to cost is a false economy

When organizations restrict monitoring to control costs, they create dangerous blind spots. A single undetected issue can lead to:
- Revenue loss from service disruptions
- Damaged customer relationships
- Inefficient resource allocation as multiple experts struggle to diagnose problems
- Increased compliance and security risks
Our approach recognizes that true cost efficiency comes from comprehensive, affordable observability that prevents these expensive outcomes.

Integration with the broader IT operations ecosystem

OpenText’s observability solutions integrate with their complete OpenText Observability and Service Management Cloud, allowing organizations to:
This comprehensive approach creates a closed loop between observing, analyzing, and resolving issues—maximizing the value of observability investments.

Getting started with affordable observability

If you’re concerned about monitoring costs spiraling out of control, OpenText offers a path forward:
1. Evaluate your current observability coverage and cost structure
2. Explore how OpenTelemetry can help avoid vendor lock-in
3. Consider OpenText’s domain-spanning solutions for complete visibility without surprise bills
By partnering with OpenText, you can build high-speed, reliable IT operations that deliver the performance modern businesses demand—without the unpredictable costs that plague traditional observability approaches.

Contact us to learn more about our cost saving observability solutions.

Learn more about IT Operations Management
Jon Kies

April 10, 2025

IT Operations, Technologies

Application Observability, Infrastructure Observability, Network Observability, observability
Elevate customer service with intelligent document processing
To gain and retain customers, organizations must continually improve efficiency and enhance customer satisfaction. In response, intelligent document processing (IDP) emerged as the solution to deliver the speed and accuracy that are critical in customer service workflows. By leveraging advanced technologies like artificial intelligence (AI) and automation, intelligent document processing solutions transform how organizations handle customer interactions and manage information.

The role of intelligent document processing solutions in customer service

Intelligent document processing solutions automate the capture, classification, data extraction of various document types, and then deliver process automation based on the actionable data. IDP is vital in customer service scenarios where timely and accurate information is crucial. When a customer submits a question or a complaint, imagine how much quicker your response will be when you automatically process the relevant documents—such as emails, forms, or scanned images—and route them to the appropriate department!

IDP is valuable across industries. A financial services company can use IDP to automate the processing of loan applications to reduce the time required to approve loans and improve customer satisfaction. Similarly, a healthcare provider can use IDP to manage patient records more efficiently and ensure that critical information is available when needed.

Streamline customer interactions

Traditional customer service processes often involve manual data entry and document handling, which can be time-consuming and prone to errors. IDP automates these tasks to reduce the workload on customer service representatives and allow them to focus on more complex and value-added activities.

For example, OpenText intelligent document processing solutions integrate seamlessly with Salesforce to enable automated data capture and customer service workflow management. This integration ensures that customer information is accurately captured and readily available, enhancing the overall customer experience.

Improve response times and accuracy

Delays in processing customer requests lead to dissatisfaction and lost business. IDP speeds up response times and improves the accuracy of the processed information. Consider a scenario where a customer submits a support ticket with attached documents. An IDP solution can quickly analyze the content of these documents, extract relevant data, and update the customer service system or CRM. This allows customer service representatives to access all necessary information instantly, enabling them to resolve issues more efficiently.

Enhance compliance and security

Customer service departments often handle sensitive information that they must manage in accordance with regulatory requirements. To help maintain compliance and build customer trust, IDP solutions accurately classify documents and enrich them with metadata to enable secure storage and easy retrieval.

Real-world impact of intelligent document processing solutions

Many organizations have successfully implemented intelligent document processing solutions to elevate their customer service and customer support. Plus, they supported their organizational sustainability programs by reducing the use of paper! Here are a few notable examples who use OpenText IDP solutions:
- ENGIE Italia: To delight their energy customers and foster long-term loyalty, this company automated the processing of almost 500,000 pages of energy contracts, customer claims, payment instructions, and more. They accelerated delivery of documents to customer service agents from three days to 30 minutes, enabling faster support.
- Department of Social Development, Republic of South Africa: This public sector organization transformed its social assistance appeals processes from manual, paper-based workflows to intelligent document processing. As a result, they accelerated their case handling rate from less than 50% to over 98%, reduced case resolution time to meet targets, and earned citizen trust and confidence.
- National Bank for Agriculture and Rural Development: This government-owned bank digitally transformed its case management processes from manual, paper-based workflows to efficient digital workflows. They saved over 2.4 million pages of paper, reduced CO2 emissions by 10 tons, and processed more than 120,000 digital cases
These examples highlight the tangible benefits of adopting IDP to accelerate and better support customer service workflows, showcasing reduced resolution times and better customer experiences.

Are you ready to learn how intelligent document processing solutions can help your organization focus on delivering world-class customer service and support, not chasing customer data?
Explore intelligent document management solutions
Sabra Goldick

April 10, 2025

Content Services, Customer Service, Line of Business, Technologies

Customer Service, intelligent document processing, Transform with IDP series
KuppingerCole recognizes OpenText as a Leader in data security
Data is the engine behind innovation and the top prize in every breach. By 2028, experts predict that the world will generate 394 zettabytes of data. For context, one zettabyte equals a trillion gigabytes. This is more than enough to store every movie made millions of times. As the volume of data continues to explode and spread across various systems, platforms, and geographies, organizations are struggling to keep up with the increasing complexity. This growing data sprawl is making them more vulnerable to breaches.

At OpenText, we are proud to help organizations safeguard their most valuable asset: data. We are excited to announce that OpenText earned recognition as an overall Leader in the 2025 KuppingerCole Leadership Compass for Data Security Platforms. We achieved this recognition in all three categories: product leadership, innovation leadership, and market leadership.

This recognition reflects our commitment to delivering intelligent, integrated, and scalable data security solutions that meet the evolving needs of the modern data landscape.

A smarter, data-centric approach to security

OpenText’s data security platform combines data discovery, protection, and governance technologies to secure information throughout its lifecycle. Our portfolio includes:
These solutions give organizations the tools they need to locate sensitive data, assess risk, apply protection, and stay compliant. And it allows them to do this across on-premises, cloud, and hybrid environments.

OpenText offers comprehensive data lifecycle management and security solutions as well as integrations within existing enterprise ecosystems, all supported by a global reach and a wide range of further products within its cybersecurity portfolio.”

2025 KuppingerCole Leadership Compass

Get the KuppingerCole Report

Recognized across product, innovation, and market leadership

In the 2025 Leadership Compass, OpenText stands out in three key areas:

Product leadership: Our solutions provide comprehensive data security coverage, including data discovery, encryption, masking, tokenization, auditing, access management, and activity monitoring. We support various environments, from traditional databases to cloud-native platforms like Snowflake and Google BigQuery.

Innovation leadership: We continue to invest in the future of data security. KuppingerCole highlighted our use of format-preserving encryption, strong authentication, and privacy-enhancing technologies built for current and emerging threats.

Market leadership: With a global presence, a strong partner network, and the integration of the Micro Focus security portfolio, OpenText brings the scale and experience needed to support large and complex enterprises.

Built for today’s hybrid and multi-cloud environment

The KuppingerCole report highlights the importance of platforms that support diverse deployment models and complex data ecosystems. OpenText delivers flexible security solutions that organizations can deploy as cloud-based services, on-premises infrastructure, or fully managed offerings.

Our platform integrates with identity and access management tools, supports centralized auditing, and works seamlessly within existing authentication systems. Combined with our content management and information governance capabilities, organizations can embed security into business operations from the start.

Turning data security into a competitive advantage

When data is secure, accessible, and well-managed, it becomes a source of insight, efficiency, and innovation. OpenText helps organizations meet regulations such as GDPR, CCPA, HIPAA, and PCI DSS, while embedding privacy and protection into everyday workflows. With advanced security technologies and improved data visibility, we help close gaps, reduce risk, and give you the confidence to move forward in a complex data landscape.

Want to learn more?

Download the full report to explore why KuppingerCole names OpenText a Leader.
Valerie Mayer

April 10, 2025

Line of Business, Security, Security, Technologies

cybersecurity, DataSecurity, KuppingerCole, OpenText
Generative AI in digital asset management

Two years ago, soon after the public release of ChatGPT, I wrote about How AI is transforming digital asset management (DAM) solutions from passive to active. The advances in AI since then have been nothing short of astonishing. In 2025, the choice is not whether to use AI in DAM, it is which game-changing capability to incorporate first.

It took at least five years for AI image analysis for descriptive metadata to start fulfilling early promises of increased productivity. In contrast, the impact of generative AI has been almost immediate, and the rate of improvement has exceeded expectations. In particular, text-to-image generation and AI-powered searching are business-ready capabilities, if they are implemented under the appropriate governance rules.

Text to image generation

Despite its problems when counting fingers, AI image generation is astonishingly powerful. Just describe the scene you envision and receive a high-quality image within seconds – what you say is what you get. While many organizations are hesitant to publish AI-generated images externally, they are ideal for providing inspiration for human creativity. Using OpenText™ Experience Aviator within a creative request process enables the requestor to attach AI-generated images to a creative brief. The designer understands exactly what is expected, which reduces the number of approval cycles needed to develop the final version.

AI-powered searching

A common question from DAM admins is how to improve users’ ability to find the right assets, particularly after migrating poorly-tagged files from a legacy system. A new way to enhance asset discovery is retrieval-augmented generation (RAG), which uses a large language model (LLM) to allow users to search using their own words, without knowledge of tagging conventions. OpenText Knowledge Discovery™ includes advanced RAG functionality that powers natural language searching in a DAM.

Governance

While generative AI is undeniably powerful, it isn’t without problems. Many employees are already using some form of AI in their daily tasks, but their employers want to manage the use of AI for business processes. DAM has always offered governance tools for use of assets, and that is now extended to governing the use of AI. The best DAM solutions allow admins to establish rules for the usage of AI-generated images.

Availability

Text-to-image generation from OpenText Experience Aviator is available in OpenText™ Digital Asset Management (previously OpenText Media Management) and OpenText™ Core DAM. AI-powered searching from OpenText Knowledge Discovery™ is available in OpenText Digital Asset Management.  Discover why OpenText was named a Leader in the IDC MarketScape: Worldwide Intelligent Digital Asset Management 2024 Vendor Assessment.

Get the excerpt

Download your excerpt copy of the IDC MarketScape: Worldwide Intelligent Digital Asset Management 2024 Vendor Assessment.

Read the excerpt

Conrad Henson

April 9, 2025

Analytics, Aviator AI, Customer Experience, Line of Business, Marketing & Communications, Technologies

AI in DAM, dam, DAM SaaS, digital asset management
Not ready for ITDR? You can still go adaptive
A couple of weeks ago, Harley Adams and I reviewed Dark Reading’s state of identity threat detection and response (ITDR) report, walking through several of the more interesting stats. OpenText commissioned Dark Reading to survey executives and hands-on security professionals, and this report is the result of that survey. It includes responses from individuals from 117 organizations in the U.S. The report intends to learn from the decision-makers and implementers how much of a footing ITDR concepts and practices have gained since Gartner designated it as a distinct category just a few years ago.

At a high level, the two most significant ITDR components are XDR (extended detection and response) and IAM (identity and access management). Combining those two technology categories makes delivering a higher level of threat recognition precision and response adaptability possible. Unlike broader security frameworks that scan for generalized anomalies, ITDR zeroes in on behaviors and signals that indicate identity compromise—unusual login patterns, access requests from unfamiliar devices or geographies, and sudden privilege escalations.

Often overlooked in conventional monitoring, these indicators can be early signs of an attacker attempting to exploit stolen credentials or manipulate legitimate access. The effective use of that approach is further magnified when it’s correlated with identity-related events that build a holistic threat profile, enabling faster, more informed responses. This integration helps security teams isolate compromised accounts before they cause damage and provides actionable insights to refine access policies and harden identity systems over time.

The IAM road to ITDR

While ITDR provides a new level of protection against identity-based attacks, it doesn’t mean that IAM isn’t without its advanced protection. In fact, even on its own, IAM has some effective heuristics that teams can leverage to help identify the need for a security response. While no one pretends that adaptive access management is the end game for organizations with serious (mandates, stringent risk controls, or cyber insurance requirements) security needs, it can be a path leading to it. Regardless of the heuristics used to indicate risk, there are some approaches that you can take to mature IAM infrastructure’s ability to recognize and respond to breach threats that actually prepare your organization to move into ITDR configuration.

Continuous recognition and response

The most common moment when access request risk levels are measured is when a user’s/program’s session is first established, and the identity claim is made. Then, the access management infrastructure determines and enforces access conditions. The most common criteria for stepping up authentication at the point of authentication are just a couple:
- Are you inside or outside the firewall?
- Is the device known (device ID or browser cookie)?
Historically, these have been the most common criteria for determining whether authentication must be “stepped up.” While this approach has been the standard for the past decade, it falls short of what is needed for an ITDR level of security. The mindset shift is that risk-based access is more than an initial control for invoking multifactor authentication. Instead, it is a continual access control process.

While access gateways are not firewalls and thus can’t drop a session at any point in time, they do have the ability to interrupt a session at the point when a user makes a new access request. Based on the bump or rise measured risk, potential action scenarios could be:
- Confirm the requestors’ identity through some type of authentication request
- Restrict the types of information and services the user can access
- End the session and block further access
It’s worth noting that while IAM technology cannot drop the session at any moment, XDR technology can trigger an automated response action to a firewall to do just that. The key point is that session security is more than just measuring user/API context at the point of authentication; it is to do so continually. Access management’s limitation is that it can only gather snapshot heuristic information at each request point. ITDR offers a valuable set of continuous access monitoring metrics, but on the way to achieving that level of security, it’s a noteworthy step to prepare IAM to recognize threats and react continually.
Get the ITDR Report
Adaptive access for security

For an adaptive security infrastructure to be effective, security needs to move beyond prescriptive risk policies and lean more on deeper user context and behavior analysis. Security groups may find that using a hybrid approach in which they enforce prescriptive access policies by default. This approach also means that these are given less weight individually as behavioral information is accumulated to high confidence levels for a specific user. To accommodate diverse scenarios, organizations may need a mix of strong and passive authentication methods to apply the best fit based on the situation and risk, i.e., how sensitive the information is and the context of access.

Adaptive access for usability

One of the key challenges of expanding access control beyond the simplest heuristics is the ability to maximize usability while limiting higher security verification for higher-risk situations. Or, in other words, focus access policies on usability and productivity while reserving disruptive intrusions like additional authentication steps or paring back authorization levels to times when risk levels (or in Access Manager’s world, risk scores) reach a defined trigger point. So, while a higher level of contextual intelligence is the lifeblood of adaptive access management, low friction access is what makes it valuable to the business.

While IAM heuristics on its own isn’t in the same league as an ITDR implementation, it does offer basic metrics that are straightforward to implement yet too many IT and security teams haven’t configured. The reality is that they can go a long way towards protecting against outsider attacks. Below are most of the available metrics taken from Access Manager’s documentation. Please check the documentation directly for additional information and scenarios. There are a few more parameters not included because they’re more complex to use:

IP Address – Use this rule to define a condition to track login attempts from an IP address, range of IP addresses, an IP subnet range, or a list of IP addresses from an external provider. For example, if you are aware that login attempts from a specific range of IP addresses are riskier, you can define a rule to watch for such login attempts. When a request originates from the specified IP address range, you can prompt for additional authentication.

Cookie – Use this rule if you want to track login attempts from a browser-based application that has a specific cookie value or name. For example: You have a financial application and a user accessing this application has cookies stored on the browser. The user is granted access without additional authentication if the cookie has a specific value or name. If the user accessing the application has no cookies stored, you can request additional authentication to validate the user.

HTTP Header – use this rule to track the HTTP header of requests based on the name or the value contained in the HTTP header. For example, if you want to track HTTP requests containing custom HTTP header information, you can define the action to be performed on the evaluation of this rule.

User Last Login—This rule creates a cookie in the browser after a successful step-up authentication. Subsequent login verifies this cookie. Use this rule to define the validity duration for the cookie. After the specified time, the user is prompted for additional authentication. For example, you can use this rule to evaluate whether a user logs in using a device that was used earlier for login. You can define the risk level and request additional authentication if necessary.

User profile—Use this rule to define a condition based on the user’s LDAP attribute. For example, you can define a rule to deny access if the employee ID of the user matches a specific string. You can use this feature to identify power users who present a greater risk to the organization if their credentials get compromised.

User time of login—Use this rule to define a condition based on the user’s attempts to log in at a specific time. For example, if an employee’s usual login pattern is between 9 a.m. and 5 p.m., you can define a rule that takes action if the login pattern differs from the observed pattern.

Device fingerprint—because the ID cannot be transferred or copied, it’s more reliable than using a browser cookie as an indicator that a device has been used before by a verified user. Depending on how you configure Access Manager, you can also use this metric to control access based on whether or not the device is a work-managed device.

Geolocation—Use this rule to track login attempts based on a user’s geographical location. You can track details ranging from a wide area, such as a country, to a smaller area, such as a region.

Geo-velocity tracker – use this rule to check a user’s current time and location compared to the time and location of the last login. Access Manager supports only the country as the location for this rule. The previous login details are picked from the history database. For example, a user logged in at 2 p.m. IST in Bangalore and tries to re-login at 5 p.m. IST from Hong Kong. Reaching Hong Kong in three hours from Bangalore is not possible. To mitigate such malicious login attempts, you can configure a policy using this rule to ask for additional authentication or deny access altogether, whichever makes more sense for the resource.

Geofencing—If you have OpenText Advanced Authentication and are using the mobile client, you can also use geofencing to control the authentication and access experience.

While the above-listed heuristics can be effective in adaptive access security based on the context of the request, there is a risk of going overboard by defining too many rules based on various criteria for different types of services. At some point, you may have so many access rules defined that you’re unable to calculate their effective results when a user accesses protected resources. This is the advantage of passive behavioral-based analytics available in ITDR environments. It lets you keep your prescribed rules to a minimum as you depend on passive ones to protect you from your security blind spots.

The payoff of going adaptive today

Even when organizations can make their transaction to ITDR, there is still a lot of value in building up the adaptive IAM capabilities available in modern solutions. Regardless of the level of passively driven responses that IT can build into its infrastructure, prescriptive IAM rules are still among the best ways to enforce risk management-driven business and organizational policies. They also let you lower access friction and are designed to optimize productivity and user satisfaction.
Kent Purdy

April 9, 2025

Line of Business, Security, Security, Technologies

Extended detection and Response, IAM, identity and access management, Identity Threat Detection and Response, ITDR, XDR
Unlock the power of AI integration with OpenText and Salesforce
OpenText and Salesforce have been innovating together since 2016, integrating our leading content management solutions for Salesforce to empower Sales and Customer Service teams with 360-degree customer view and process automation. Now, we’re elevating our solutions with GenAI to deliver smarter, more efficient workflows.

AI adoption surges, driving the need for trustworthy data

AI is transforming Sales and Service: 83% of AI-powered sales teams saw revenue growth, and 93% of service teams report time and cost savings [1]. But with AI adoption surging, 98% of Sales leaders stress the need for accurate, secure, and compliant data [1]. OpenText Content Cloud solutions provide the foundation for trustworthy AI, further strengthening our integrated solutions with Salesforce.

OpenText and Salesforce: Advancing AI innovation

Last year, we integrated OpenText™ Content Management for Salesforce and OpenText™ Core Content Management for Salesforce with OpenText™ Content Aviator, delivering AI-driven insights. At Dreamforce 2024, OpenText was selected as a launch partner for the Agentforce Partner Network, showcasing how Content Aviator integrated with Agentforce speeds up claims processing. Now OpenText is proud to lead as an AI innovation partner with our solution available on Salesforce’s new AgentExchange marketplace to deploy AI agents easier than ever.

Uncover AI insights to drive Agentforce actions

OpenText Content Aviator for Agentforce AI integration empowers Sales and Customer Service teams with AI-driven actionable insights to boost productivity and accelerate processes.

OpenText Content Aviator extracts valuable AI-driven insights from unstructured data such as documents, contracts, emails and other sales and customer content in OpenText Content Management which is accessed directly in Salesforce. Agentforce then leverages this locked away critical business information to make informed, data-driven AI Actions to maximize efficiency.

Key benefits:
- Find, summarize, and translate business workspace content, directly with Agentforce. For example, Sales representatives can summarize a customer buying trends and upsell products that resonate or a Customer Service agent can easily summarize and resolve a claim.
- Seamlessly update your Salesforce information with Content Aviator insights, reducing manual entry and errors.
- Interact with customers more intelligently: Personalize email responses with Content Aviator AI insights; then create and send it from Agentforce.
Results:
- Sales teams close deals faster with AI-powered insights.
- Customer Service delivers more accurate, personalized support to keep customers.
- Claims processing becomes seamless and efficient.
OpenText Content Aviator for Agentforce is integrated with OpenText Content Management CE 25.1 and will expand to OpenText Core Content Management SaaS in CE 25.3.

Integrate OpenText Content Aviator actionable insights, directly in Salesforce Agentforce.

Future AI integration strategy

AI innovation is accelerating, and we’re just getting started. Salesforce is a key strategic partner in OpenText’s overall AI-to-AI integration strategy, and this integration is the first phase.

OpenText is expanding AI-driven Agent actions across the entire content lifecycle—from capture to management to delivery. Future enhancements will also include:
- Additional AI agents for Sales and Service.
- Industry-specific solutions, starting with banking and insurance use cases.
- Bi-directional AI responses, blending insights from both AI systems for superior automation and data quality.
The future of AI-driven customer engagement is here, and OpenText is proud to lead this transformation alongside Salesforce.

Experience AI-powered efficiency

Explore OpenText Content Aviator for Agentforce on Salesforce AgentExchange, and visit the Salesforce AppExchange to see all our joint solutions.
Visit the Salesforce AppExchange
1. [1] Salesforce, State of Service and State of Sales, 6th Edition, 2024
Ellen Hannigan

April 9, 2025

Content Services, Customer Service, Information Technology, Integration, Line of Business, News, News & Events, Sales, Technologies

AI, AI integration, Content Cloud, content integrations, Content management, Customer Service, Sales, Salesforce integration
Generative AI – Supercharging malware and vulnerability detection
Generative AI, particularly Large Language Models (LLMs) are finding important applications in many industries including cybersecurity. Organizations are using LLMs and other Generative AI models effectively for the detection of Malware and Software Vulnerabilities.

Generative AI can be used in different ways for Malware and Vulnerability detection. Organizations use them for generating very powerful features for existing machine learning (ML) based detection methods. Use of LLMs for code analysis and discovering malicious intent or vulnerabilities in the code is another approach. Finally, Generative AI models, capable of generating new datasets, are effectively utilized for generating synthetic datasets to train and make the detection models more robust against adversarial attacks. We will dwell into each of these scenarios in the remaining part of the article.

Traditional detection methods

State of the art methods to detect malware and software vulnerabilities primarily make use of static and dynamic code analysis. In static analysis, developers and others examine a code without executing it. By analyzing its syntactic structure, data flow and control flow, they can discover patterns or instructions indicative of malicious intent. In dynamic analysis, the code is executed in a controlled environment and its behavior is analyzed for malicious actions.

Both these methods suffer from low recall (not able to detect all the bad code) and are easily evaded by skilled adversaries.

Large language model (LLM) based feature engineering

Due to the above-mentioned limitations of static and dynamic analysis methods, researchers had started using machine learning based detection methods for malware and vulnerability detection. The initial attempts were using hand crafted features which were found to be time consuming and less effective. LLMs offer a powerful alternative due to their unique capabilities:
- LLMs excel at understanding the context and relationships between different parts of a source code. This allows them to automatically extract meaningful features that might be missed by manual feature engineering.
- LLMs can process various data types, including source code, assembly code, and even behavioral logs, such as API call sequences or system call logs. This makes them versatile tools for feature engineering in different cybersecurity tasks.
Smaller LLMs, like BERT and its variants, are proving very useful for feature engineering ML models designed for malware and vulnerability detection. Some specific examples of this are:
- BERTroid: This Android malware detection model uses BERT to generate embeddings from sequences of permissions requested by applications. These embeddings are then used to train a classifier that can distinguish between malicious and benign apps. BERTroid has shown promising results in detecting and classifying Android malware [1].
- BERT-Cuckoo15: This model leverages BERT to analyze relationships between 15 different feature types derived from dynamic analysis of malware samples in the Cuckoo sandbox. By capturing the complex interdependencies between these features, BERT-Cuckoo15 achieves high accuracy in malware detection [2].
- VulDeBERT: This vulnerability detection tool uses BERT to analyze C and C++ source code and identify vulnerable code patterns. It extracts abstract code fragments and uses BERT to learn representations that can effectively detect vulnerabilities [3].
- XGV-BERT: This framework combines BERT with a Graph Neural Network (GCN) to detect software vulnerabilities. It leverages both code semantics, captured by BERT, and graph structures, captured by GCN, to achieve higher accuracy in vulnerability detection [4].
These smaller LLMs offer the advantages of reduced computational cost, faster inference, inhouse hosting for IP protection, and the ability to fine-tune with custom data for better performance.

Join us at RSAC 2025!

April 28-May 1 at the Moscone Center, San Francisco. Visit us at Booth N-4535 to see live demos or speak to our experts.

Get the details!

Code analysis using large language models

LLMs are trained using data containing code samples in various programming languages. Because of this they are inherently capable of analyzing code snippets and discovering hidden functionalities, malicious intent and potential attack vectors. However, one limitation is the input token limit of LLMs. Due to this, cybersecurity analysts need to fragment the code into snippets before sending to LLMs. This could result in missing detection of the overall functionality and behavior of the code. This is particularly true in when analyzing binary files.

First, we need to convert a binary code into its corresponding assembly language code, which are usually very large code bases. Then they are decompiled to generate the original source code, which is often only approximate. Manually reverse engineering malware has been one of the successful approaches to their detection. However, this requires deep expertise and is very time consuming.

Thanks to the recent advancements in LLM training, which enable input token numbers to exceed millions of tokens, and incorporation of massive code base, including assembly languages into the training data, it is now possible to scale and automate reverse engineering to detect malwares from binaries in minutes instead of days or weeks [4]

Prevent adversarial attacks using synthetic datasets

Another use of Generative AI in malware and vulnerability detection is in making the existing models more robust. Models such as GANs (Generative Adversarial Networks) and even LLMs can generate adversarial examples to test the robustness of malware detection models. By slightly modifying existing malware samples, these models can create variations that can evade detection. This helps researchers identify weaknesses in existing models and develop more resilient detection systems [5]

What’s next

The rise of the Generative AI paradigm has provided very powerful tools for cybersecurity professionals to combat cyber terrorism. We have now LLMs whose size ranging from a few hundred million parameters to a few hundred billion parameters. Depending on the use case one can select the appropriate Generative AI model, whether it is for feature engineering in Deep Learning model for malware detection or for reverse engineering a malware binary, or for making a detection model more robust. Inevitably, adversaries are going to use the same tools for creating new malware or for exploiting undetected vulnerabilities. Hence it is crucial that cybersecurity professionals be ahead of the curve and start incorporating Generative AI based tools in their practice to fight cyber-attacks.

Join us @ RSA 2025 where my fellow data scientist, Nakkul Khuraana, and I will be speaking about – ‘How To Use LLMs to Augment Threat Alerts with the MITRE Framework.’

Sources
Hari Manassery Koduvely

April 8, 2025

Line of Business, Security, Security, Technologies

GenAI in Cybersecurity, large language models (LLM), LLM, RSA, RSAC
Evaluating cloud content management solutions?

When it comes to content management solutions, organizations can agree on one thing: cloud is the way to go. A survey by Foundry Research found that 96% of technology decision-makers rated the importance of the availability of a SaaS option as a “7” or above (on a 10-point scale), with 61% rating the availability as “critical.”

The search for the right cloud content management solution is underway, with 74% of organizations currently in the market. What’s most appealing about moving content management to the cloud depends on who you ask. Line of business owners and departments cite efficiency and productivity improvements, such as improving customer experiences and boosting collaboration. And for IT, the motivation stems from cost efficiency (62%) and ease of management and maintenance (52%).

With cloud content management platforms continuing to evolve and become more intelligent, it’s important to keep pace with the latest stand-out features and compelling business drivers to select a solution that fits your organization. To help solidify a must-have requirement checklist, below are six questions to consider.

#1: Will a single vendor meet your needs?

When evaluating cloud content management systems, it’s important to think about the entire content lifecycle and what capabilities are built in versus sold separately or may require a separate solution. Some platforms require add-on solutions to address various use cases, line of business needs, or industry-specific content requirements, leading to multiple products from multiple vendors, which adds complexity and offsets the desired cloud benefits of IT ease and efficiency. Partnering with a single cloud content management vendor allows you to scale with ease, tapping into additional capabilities to manage business processes end-to-end in the cloud.

#2: Will the entire content lifecycle be supported?

Content management platforms simplify users’ interactions with content, yet the lifecycle of content—from creation through to archiving or disposition —can be quite complex. In addition to managing how information is distributed, used, and analyzed across the organization, a comprehensive cloud content management approach brings the same level of intelligence, automation, and control to the entire content lifecycle. Some questions to ask vendors: Can we unify content capture across departments and locations? Can we securely store all content in the cloud? Do we have the flexibility to add capabilities to existing business workflows, such as digital signatures?

#3: Is metadata consistently applied to cloud-based content?

When considering moving content management to the cloud, determine whether metadata is a native capability within the platform. Why does this matter? The ability to automatically identify and extract metadata from content increases its usability, making it easier to capture, process, organize, and find—providing much-needed structure and control. In addition, a platform using multiple classification technologies to enrich content leverages metadata tags to identify the right information within unstructured content and enable AI-powered analysis and summarization.

#4: Is the platform GenAI-ready?

The Foundry Research survey revealed that 98% of decision-makers want to leverage GenAI with a cloud content management solution. Ask vendors whether they offer out-of-the-box functionality to make GenAI available to users from day one? And consider whether they use a built-in GenAI assistant to help with tasks like search and content discovery. Plus, ask about the evolution of AI capabilities and roadmap plans for new ways to visualize, understand, and utilize data, such as chart creation and agentic AI.

#5: What pre-built and custom integrations are available?

Foundry Research found that the top concern holding companies back from adopting cloud content management solutions is technology integrations. With enterprise processes spanning multiple business systems, like CRM and ERP, integrating cloud content management with leading apps is a must. Ideally, content services solutions integrate with the applications users are already working in, such as Salesforce, SAP, and Microsoft—surfacing content in context. Ask vendors about prebuilt integrations for common business applications, as well as custom connector options via APIs. The focus should be on deepening integrations to make day-to-day work simpler and more efficient, bringing together all aspects of content management (user experience, data, content, roles/permissions, and change events,) with a real-time and bidirectional flow.

#6: Is governance automated and defensible?

For your organization’s content, robust security and information governance are non-negotiable—requiring data protection from document generation and capture through to long-term storage. A cloud content management solution should deliver comprehensive content lifecycle management for all corporate records while ensuring transparent governance. Plus, to leverage GenAI to the fullest, well-managed content services and information management should properly classify content and apply policy and permissions controls for secure GenAI access.

A content management leader

OpenText was recently recognized for innovation in content platforms, named a Leader in TheForrester Wave™: Content Platforms, Q1 2025, with the report stating, “Customers seeking a robust set of AI-enhanced content governance and automation capabilities with flexible cloud deployment options should consider OpenText.”

Discover how OpenText™ Core Content Management helps organizations stop information chaos and secure information across its lifecycle to address even the most complex use cases.
Give it a try with a 30-day free trial

Cassandra Tilson

April 8, 2025

Content Services, Technologies

cloud content management, Content Cloud, content services, OpenText Core Content Management

Reducing alert fatigue with AI-powered enrichment

Enhancing entity-based threat analysis with AI-driven summarization

Streamlining with Generative AI

From entity insights to organizational summaries

Smarter AI-driven responses

Address key challenges in AI-driven threat-hunting solutions

Data security

Data representation

Prompting and output consistency

Conclusion: The future of AI-augmented threat hunting

What’s new? It’s not just text anymore

Security? It’s built right in

Why it matters — especially to Gen Z (and the rest of us)

TL;DR: Messaging, but make it awesome

The observability cost crisis

OpenText’s approach: Cost-effective observability at scale

The full-stack observability advantage

Real-world benefits: Cost savings and performance gains

Why limiting observability due to cost is a false economy

Integration with the broader IT operations ecosystem

Getting started with affordable observability

The role of intelligent document processing solutions in customer service

Streamline customer interactions

Improve response times and accuracy

Enhance compliance and security

Real-world impact of intelligent document processing solutions

A smarter, data-centric approach to security

Recognized across product, innovation, and market leadership

Built for today’s hybrid and multi-cloud environment

Turning data security into a competitive advantage

Want to learn more?

Text to image generation

AI-powered searching

Governance

Availability

Get the excerpt

The IAM road to ITDR

Continuous recognition and response

Adaptive access for security

Adaptive access for usability

The payoff of going adaptive today

AI adoption surges, driving the need for trustworthy data

OpenText and Salesforce: Advancing AI innovation

Uncover AI insights to drive Agentforce actions

Key benefits:

Results:

Future AI integration strategy

Experience AI-powered efficiency

Traditional detection methods

Large language model (LLM) based feature engineering

Join us at RSAC 2025!

Code analysis using large language models

Prevent adversarial attacks using synthetic datasets

What’s next

Sources

#1: Will a single vendor meet your needs?

#2: Will the entire content lifecycle be supported?

#3: Is metadata consistently applied to cloud-based content?

#4: Is the platform GenAI-ready?

#5: What pre-built and custom integrations are available?

#6: Is governance automated and defensible?

A content management leader