OpenText added a threat detection module to its core platform that makes use of artificial intelligence to more accurately surface anomalies.
Currently being made available to a limited number of organizations, the OpenText Core Threat Detection and Response requires organizations to be running the Cloud Editions 25.2 edition of its core information management platform.
Stephan Jou, senior director of security analytics for OpenText Cybersecurity, said initially OpenText Core Threat Detection and Response will target threats in Microsoft environments, including providing integrations with Microsoft Defender for Endpoint, Microsoft Entra ID, and Microsoft Security Copilot tools and platforms.
OpenText is also making available a threat integration studio tool that enables OpenText Core Threat Detection and Response to ingest telemetry from other networks, applications, security tools and platforms.
The overall goal is to provide cybersecurity teams with a threat detection platform that leverages machine learning algorithms and generative AI capabilities based on open source Llama models from Meta to continuously monitor IT environments as they change and evolve, said Jou. Those Meta models are being used to, for example, provide summarizations of threats that make it simpler to understand the specific natures of a cybersecurity threat, he added.
It’s not clear how widely cybersecurity teams are relying on AI to identify threats, but as the cyberattacks increase in volume and sophistication, it’s become apparent that security analysts need more advanced tools. There are simply not enough security analysts to examine every potential threat in an era where cybercriminals are also employing AI to create and launch attacks. Given the already chronic shortage of cybersecurity expertise, the only way to level that playing field is to rely more on AI, said Jou.
Ultimately, AI should enable cybersecurity teams to reduce both the mean time to detection and, ultimately, the mean time to remediation of cyberattacks in a way that contains the scope of a breach faster. Once cybercriminals gain access to an IT environment, the amount of potential damage that can be inflicted increases with each passing minute.
Of course, AI tools and platforms require some initial funding but over time they can also reduce the total cost of cybersecurity. One of the reasons that organizations should replace individual cybersecurity tools with more integrated platforms is to make it simpler to collect the telemetry data needed to better train AI models. That approach also makes it simpler to invoke cloud services to provide cybersecurity teams with access to additional tools and capabilities as needed.
Each organization will need to determine to what degree they will augment their cybersecurity teams with AI, but given the overall level of stress experienced, there will come a day soon when many of them will no longer want to work for organizations that don’t provide them with the tools they need to succeed. After all, AI isn’t going to replace the need for cybersecurity professionals any time soon. As such, the issue as always remains finding a way to attract and retain the best and brightest.
