What’s new in OpenText EnCase Endpoint Security 20.3

As data breaches continue to escalate in both their frequency and severity, it is more critical than ever for security leaders to counter with increased…

OpenText Security Cloud Team profile picture

OpenText Security Cloud Team

September 28, 20203 minutes read

As data breaches continue to escalate in both their frequency and severity, it is more critical than ever for security leaders to counter with increased monitoring and cyber defenses.

To meet this need, our newest release of OpenText™ EnCase™ Endpoint Security now includes new features that drastically improve its MITRE ATT&CK-based detection capabilities useful for threat hunting and incident response use cases. On top of these additions, EnCase Endpoint Security 20.3 will include a unified timeline to visualize threat activity, telemetry options, and expanded continuous monitoring to include the Windows Event log and other relevant threat artifacts.

EnCase Endpoint Security is the market-leading threat detection and incident response solution, enabling security teams to rapidly detect compromised endpoints and remediate non-commodity attacks. Compromised endpoints and environments can quickly and forensically be returned to a trusted state with comprehensive and surgical remediation. Security teams can further automate alert response, add context to detections with embedded threat intelligence and scoring, and completely investigate any threat that may be encountered in the modern SOC.

EnCase Endpoint Security 20.3 features

Expanded Continuous Monitoring & Detection Capabilities

This release contains major improvements to the enhanced agent in terms of continuous monitoring and efficiency (IO reduced 10x) and makes available to the user the full breadth of its capabilities by adding 400+ new fields to the anomaly detection builder – allowing analysts to build powerful detection rules with real-time alerting. New fields available for use in the anomaly builder include the Windows Event log, which is very relevant to deploying MITRE ATT&CK based detections. In addition to the expanded custom capabilities, 20.3 includes many new OOTB detection rules designed to detect TTPs from across MITRE’s ATT&CK framework*.

Real-time monitoring of persistence artifacts was made available in EnCase™ Endpoint Security CE 20.2.

Unified Threat Timeline

In the new release, security teams can visualize threat activity required for DFIR investigations, including root cause analysis, determining incident scope and impact, and visualizing the investigation process.


This release enables IT security teams to stream endpoint data captured by EnCase™ into a data lake for threat hunting use cases. Analysts can also maintain a database of historical data for post-event analysis, and other use cases.

Swimlane integration (SOAR) for orchestrated response (20.2)

Security Orchestration & Automated Response (SOAR) technologies are increasingly important to speed and scale incident response to meet modern demands. Information Security teams can automate response with EnCase via pre-built Swimlane runbooks – which deploy predetermined responses to encountered threats to automate security operations. Leverage the Swimlane UI/UX with EnCase as the trusted endpoint technology for collection, detection, response and investigation.

Visit our website to learn more about OpenText Security 20.3.


*MITRE ATT&CK Round 3 (Carbanak/FIN7) results will be available in February 2021.

Share this post

Share this post to x. Share to linkedin. Mail to
OpenText Security Cloud Team avatar image

OpenText Security Cloud Team

See all posts

More from the author

Dissecting IcedID behavior on an infected endpoint

Dissecting IcedID behavior on an infected endpoint

IcedID, also known as BokDot, is a banking trojan that was first discovered in 2017. It targets a victim’s financial information and it is also…

March 30, 2023 4 minutes read
Technology meets tenacity

Technology meets tenacity

Technology alone won’t defeat cybercriminals. Effective cybersecurity isn’t something you buy off the shelf, set, and forget. To secure your data, you must be proactive,…

November 3, 2022 4 minutes read
OpenText MxDR platform: a team player

OpenText MxDR platform: a team player

There’s a truism in the cybersecurity sector that says enterprise technology stacks are so large because the market demanded big-stack solutions. Convenience, fiscal constraints, and…

November 1, 2022 3 minutes read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.