OpenText has announced a new AI-powered threat detection capability that finds both internal and external security threats to an organization.

According to OpenText, companies often focus against external threats when planning and executing their security strategy, but insider threats also remain a costly danger, whether they are intentional, accidental, or the result of stolen credentials. A 2023 study from Ponemon and Sullivan showed that the average annual cost of insider incidents is $16.2 million. 

OpenText Core Threat Detection and Response works by learning the behavior of an organization’s environment, rather than implementing static rules. This allows it to detect anomalies such as an employee accessing files at an hour they never have before. “It doesn’t just flag an unusual login. It sees the full picture—who logged in, where, what they accessed, and whether that matches their past behavior,” OpenText wrote in a blog post

According to OpenText, this behavior analysis is important, because otherwise there would be no amount of static rules a company could set to combat insider threats. 

“To keep intruders out, you create a rule: anyone without a badge gets stopped at the door. Seems effective — until someone figures out, they can clone a badge or tailgate behind an employee. So, you add another rule: employees must scan in one at a time. But what if an attacker steals someone’s identity? Or an employee goes rogue and scans in at night to steal equipment? Add another rule that blocks any scanning after 5 pm? You’d need an exception and then a way to evaluate that exception. Then the VPs and above demand a permanent exception for themselves, so another rule is added,” OpenText explained. 

The company explained that what’s really needed is a “guard” who knows every person in the building, who can recognize if someone is acting strangely and raise a red flag. 

Core Threat Detection and Response provides context-rich alerts that offer an explanation as to why an alert was raised, enabling security teams to prioritize and act on alerts. 

It also integrates seamlessly with other systems and applications that may already be in use, such as Microsoft Defender and Entra ID, with more integrations to come. This allows organizations to use the solution without disrupting their investment in other tools. 

“By adding behavioral analytics and anomaly detection on top of existing security investments, organizations get more value out of the tools they already use – without the complexity of managing yet another siloed solution,” the company wrote.

The solution is available in early adoption, and will be generally available in OpenText Cloud Editions 25.2.