OpenText enhances threat detection and response capabilities with AI

The AI-powered threat defense is capable of processing billions of machine events and seamlessly integrate with existing security solutions to boost detection response and reduce risks for users of Microsoft Security tools.

OpenText has now enhanced its OpenText Threat Detection and Response Solution with AI-powered capabilities. Expected to be generally available on Microsoft Azure, the OpenText Core Threat Detection and Response is deeply integrated with Microsoft Defender for Endpoint, Microsoft Entra ID, and Microsoft Security Copilot to empower organizations to stop attacks quickly and efficiently before damage occurs.

Threat detection and response capabilities are continuing to see significant increases, especially with threats becoming increasingly sophisticated as well. With cybercriminals also now leveraging AI to launch more powerful cyberattacks, the Canadian cybersecurity vendor has also expended its cybersecurity portfolio in recent years, ensuring it remains capable of helping organizations gain the strongest defense postures possible, in a machine-to-machine attack world.

Increasing costs from breaches and disruption to businesses as well as the shortage of talent in cybersecurity have also made it harder for organizations to fully manage their cybersecurity. Serving over 7,500 global enterprise customers, OpenText delivers cutting-edge solutions that safeguard organizations of all sizes. The OpenText Core Threat Detection and Response, combined with OpenText’s threat hunting services and integration toolkits, is expected to deal with the challenges organizations face in cybersecurity today.

In Southeast Asia, OpenText continues to build its presence in the region, supporting customers in both the public and private sectors. To understand more about the opportunities, growth and challenges in the region, CRN Asia caught up with Kapil Kaul, Regional Vice President, Solution Consulting, Asia Pacific at OpenText.

How is OpenText supporting customers in their cybersecurity in the region?

There are multiple different things which are coming into play at the moment. Currently, its machine versus machine through AI, which a lot of customers are dealing with. And customers are trying to secure their organizations, especially with the changing landscape, ensuring that they have the right parameter security and so on. That's where we come in with our SIEM solutions and so on.

But there is more than that. There is a whole lot of data being produced, generated today, which humanly is not possible for anyone to deal with. We announced our enhance offerings, the OpenText Core Threat Detection and Response, a threat detection response that is an AI-based solution and enhances our portfolio from classic SIEM to actually using AI and analytics to identify and detect anomalies.

We are very focused on this. But on the regulatory side, where customers are trying to keep themselves ahead of the changing regulatory environment, we support them with very advanced data privacy and data security solutions as well.

Apart from that, we are also helping our customers secure the software supply chain. In today's interconnected, you not only have your own software and applications to serve your consumers, but you also depend on multiple third parties, which is your entire ecosystem. And that's where we help our customers detect vulnerabilities in not only their own application landscape but also identify vulnerabilities in their software supply chain so that they're always secured.

Which areas in cybersecurity are businesses challenged with the most today?

The biggest challenge to me is that bad actors always seem to be ahead. And because there is so much data to deal with it, especially on the hybrid cloud, customers face multiple challenges.

Number one is trying to fight machines with machines, which is analytics. As far as the machine vs machine is concerned, that's where we introduced our advanced threat detection response.

Number two is the shortage of services and skilled staff. This second area is where there are big issues our customers are facing. And we are providing managed services to our customers to identify threats for them.

Number three is trying to understand the overall landscape, which is identities, and how to manage them across multiple different domains, which essentially means working in a zero-trust environment. And that's where we see customers also having challenges.

How can AI help deal with these challenges?

I think we generally term AI as enhancing human potential. In the past, you had capabilities where you're securing using classic SIEM. But now that we are talking about billions of events per day, you don't have many SOC specialists who understand.

With AI, we are applying hundreds of algorithms that we have built over a decade to find and detect anomalies within these heaps of or mountains of data, multiple haystacks and bringing them together and proactively publishing to the SOC analysts' areas where they really need to focus on.

Basically, instead of them having to go looking for information, AI is actually throwing it back to them and identifying not just external threats but also threats on account of internal users watching behavior.

For example, user authentication when a user is suspected to be a bad actor, but also then having to capability to take quick remediation all through the ability to understand a particular threat. That's the kind of remediation action we should take. So, we use AI in all of these areas from detect all the way to remediate.

A lot of companies are also looking at taking a platformized approach towards cybersecurity. How is OpenText enabling this?

We believe that customers will have a whole lot of software out there, and they just can't replace. We call it the consumable security solution and that's where the threat detection platform becomes very important.

When customers are not just on-premises, but a hybrid cloud, there are solutions which we ingest from all of them as we have hundreds of integrations. The intent here is that there could be up to 80 solutions, we ingest from all of them and then provide the ability to do anomaly detection and use machine learning on top of that. So, they could have best in breed in which other areas they believe they have invested in.

We complement them by providing the analytics capability across all of their solutions in the form of consumable security. And there is no problem with integration.

How important is identity security?

Identity is embedded with everything. Information is the proprietary records that an organization has. Ensuring that right people have right access to the information becomes the number one challenge that every organization has. And information is sprawled everywhere, in different forms.

And identity, therefore, becomes the most important transformation that every organization is taking. We are not just helping organizations secure information, but also making sure identity is managed in every application that accesses information.

Be it human or machine identity, any form of identity that accesses information needs to be ensured that it’s the right on identity.

With AI capabilities in threat detection and response, where do you see the future headed to for businesses and cybersecurity?

Our CEO likes to quote from the film The Matrix, “you cannot bring humans to a machine fight.”

And this is important as we've got to fight machines with machines. I think in the future; AI analytics will play a significant role in controlling or managing the way security is delivered within organizations and beyond.

Also, as privacy of information is becoming even more important than before, securing information in any form would be paramount. This includes securing identities, which will become more significant for organizations and will see more spending in the future.