Login

OpenText Launches Core TDR, But Can It Stand Out in a Crowded XDR Market?

OpenText Launches Core TDR, But Can It Stand Out in a Crowded XDR Market?

Analyst(s): Fernando Montenegro
Publication Date: February 24, 2025

OpenText has launched Core Threat Detection and Response (Core TDR), an AI-powered security offering to combat insider threats and advanced attacks. The initial release of the SaaS-only offering, built in collaboration with Microsoft, integrates with Microsoft Defender, Entra ID, and Security Copilot to enhance threat visibility.

What is Covered in this Article:

  • OpenText debuts Core TDR, initially integrating with Microsoft Defender, Entra ID, and Security Copilot.
  • Features Interset-powered analytics with ArcSight correlation, MITRE ATT&CK mapping, and risk-based prioritization.
  • Microsoft partnership fuels adoption, with expansion beyond endpoint and identity planned.
  • Competes with Palo Alto Networks, Cisco, CrowdStrike, and others, needing clear differentiation and strong execution.

The News: OpenText has introduced Core Threat Detection and Response (Core TDR), an AI-powered security analytics offering designed to combat insider threats and cyberattacks. Developed in collaboration with Microsoft, this SaaS-exclusive platform integrates with Microsoft Defender for Endpoint, Entra ID, and Security Copilot, using behavioral analytics to enhance threat detection capabilities. With availability on the Azure Marketplace expected for May 2025, Core TDR follows a pricing model aligned with Microsoft’s per-user and per-endpoint structure, making adoption easier for enterprises already invested in the Microsoft ecosystem.

OpenText Launches Core TDR, But Can It Stand Out in a Crowded XDR Market?

Analyst Take: The launch of Core TDR marks a significant step for OpenText as it expands its security portfolio, aligning with its cloud-first, AI-driven strategy. This development was a key focus in OpenText CEO Mark Barrenechea’s Q2 FY 2025 earnings call, where he emphasized the company’s commitment to strengthening its security capabilities.

With Core TDR, OpenText is furthering its bets in the highly competitive Extended Detection and Response (XDR) space, facing off against cybersecurity heavyweights such as Palo Alto Networks, CrowdStrike, Cisco/Splunk, Fortinet, and many others. OpenText is looking to leverage AI-powered behavioral analytics and a batch-based risk detection approach to differentiate itself. According to the company, early testing with design partners has shown positive results – detecting over 80% of red-team attacks – suggesting that Core TDR may identify threats that some XDR offerings may not detect.

AI-Driven Analytics for Smarter Threat Detection

At the core of Core TDR is the analytics engine that MicroFocus – now part of OpenText – initially acquired when it purchased Interset in 2019. OpenText has enhanced it with additional correlation capabilities from ArcSight (another component that is part of MicroFocus), looking to improve the accuracy of threat detection. The platform processes data featuring the following aspects:

  • Entity Resolution – Aggregates multiple data sources to create a unified security profile.
  • Historical Correlation – Uses event comparisons, job code-based anomaly detection, and clustering to refine detection accuracy.
  • Threat Intelligence Feeds – Integrates OpenText Threat Intelligence (formerly BrightCloud) data and bad URL detection to enhance real-time risk assessment.

Additionally, Core TDR maps security incidents to the MITRE ATT&CK framework, offering structured insights and actionable response strategies. To help organizations triage responses, the system applies a risk score, aiming to prioritize the most urgent threats. Its batch-based risk analysis, conducted up to four times a day, balances timely incident detection with operational efficiency.

Integration with Microsoft: A Tactical Go-to-Market Approach

One of Core TDR’s key proposed advantages is its seamless integration with Microsoft’s security ecosystem. By aligning with Microsoft Defender for Endpoint, Entra ID, and Security Copilot, OpenText aims to make it easier for enterprises to deploy Core TDR without overhauling their existing infrastructure. The per-user and per-endpoint pricing model further lowers adoption barriers.

According to the company, this launch represents the first phase of Core TDR’s rollout, with plans to extend its capabilities beyond endpoint and identity data to additional security sources. OpenText’s collaboration with Microsoft can potentially strengthen its market position. It also points to possible deeper collaborations in AI-driven security – particularly in addressing insider threat detection gaps that many enterprises struggle to manage.

Competitive Positioning in a Crowded XDR Market

Despite Core TDR’s proposed strengths, OpenText faces fierce competition in the XDR market, competing against better-known technology providers such as Palo Alto Networks, Cisco/Splunk, CrowdStrike, and others. Many of these established players already integrate AI-driven threat detection into their platforms, making differentiation critical for OpenText’s success. To gain traction, the company must demonstrate Core TDR’s effective detection capabilities, particularly in insider threats and advanced attacks, proving its proposition that it is able to uncover threats that other XDR offerings might miss.

A key challenge for OpenText lies in its broader cybersecurity strategy, which is largely driven by acquisitions – particularly Micro Focus and Carbonite/Webroot. While these acquisitions have broadened its security portfolio for both large enterprises and smaller organizations, the company still faces hurdles in capitalizing on a broader message. OpenText is among the few companies offering cybersecurity capabilities alongside broader enterprise information management offerings. How well the company can explore the possible connections between these portfolios can also be a significant factor in its success with enterprise buyers.

Specifically in relation to this offering, OpenText should prove the benefits of detection accuracy, real-world threat mitigation, and simpler enterprise integration. Ultimately, success will depend on how quickly businesses adopt Core TDR, how effectively OpenText executes its strategy, and whether it can position Core TDR as an essential AI-powered security offering rather than just another XDR offering.

To Sum Up: An Entry That Needs Strong Differentiation

Core TDR is a promising addition to OpenText’s security strategy, reinforcing its investment in AI-powered threat detection and response. Its Microsoft integration, behavioral threat detection capabilities, and performance in red team testing make it an interesting option for enterprises looking to enhance threat detection. However, execution risks, stiff competition, and the need for clear differentiation remain significant hurdles. If OpenText can effectively demonstrate measurable security improvements while ensuring seamless enterprise integration, it has the potential to carve out a meaningful position in the rapidly evolving XDR landscape.

What to Watch:

  • OpenText’s ability to drive adoption will depend on how well it positions Core TDR with existing Microsoft security offerings and against other leading XDR offerings.
  • Established cybersecurity vendors such as Palo Alto Networks, Cisco, and CrowdStrike, among others, may accelerate AI-driven enhancements to their own XDR platforms to maintain competitive positioning.
  • Success will hinge on OpenText’s ability to showcase Core TDR’s real-world efficacy, particularly in insider threat detection, and integrate additional security telemetry and intelligence feeds.
  • The depth of OpenText’s collaboration with Microsoft will influence the adoption curve as enterprises within the Microsoft ecosystem assess Core TDR’s added value, given their existing Microsoft and third-party security investments.

See the complete press release on OpenText’s launch of Core TDR and its collaboration with Microsoft on the OpenText website.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

OpenText Q2 FY 2025: Solid Margins, Record Cloud Bookings, & Growth Uncertainty

OpenText Axcelerate Integrates AI-Power via Aviator

The Rise of AI and Enterprise Solutions – A Recap from The Six Five Webcast

Author Information

Fernando Montenegro

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.

SHARE:

Latest Insights:

Pure Storage announces FlashBlade //EXA for the AI Factory
Camberley Bates
Camberley Bates

Pure Storage announces FlashBlade //EXA for the AI Factory

New pNFS Architecture Addresses Data Storage Needs for AI Training and Large Scale Inferencing
Camberley Bates at The Futurum Group covers Pure Storage FlashBlade //EXA announcement for the AI Factory.
Samsara Q4 FY 2025 Earnings: Understanding Market Reactions
Olivier Blanchard
Olivier Blanchard

Samsara’s Post-Earnings Drop: Understanding Market Reactions

Strong ARR and Margin Expansion, but Investor Concerns Over CapEx and AI-Driven Shifts Remain
Olivier Blanchard, Research Director at The Futurum Group, shares insights on Samsara’s strong Q4 FY 2025 earnings, the 11% stock drop, and key investor concerns over CapEx slowdowns and AI-driven edge computing. How will these factors shape Samsara’s growth?
Google’s March Pixel Drop Brings AI Security, Health, and Connectivity Upgrades
Olivier Blanchard
Olivier Blanchard

Google’s March Pixel Drop Brings AI Security, Health, and Connectivity Upgrades

Google’s Latest Pixel Update Brings AI-Driven Scam Detection, Live Video Capabilities in Gemini Live, and Expanded Health and Safety Features to Pixel Devices
Olivier Blanchard, Research Director at The Futurum Group, examines Google’s March Pixel Drop, highlighting AI-powered Scam Detection, Gemini Live’s updates, Pixel Watch 3’s health tracking, and Satellite SOS expansion.
Surprise: AI Drives Earnings Up and Down, Plus Agentic AI and Tariffs - Six Five Webcast - Infrastructure Matters
Camberley Bates
Keith Townsend
Dion Hinchcliffe
Camberley BatesKeith Townsend & Dion Hinchcliffe

Surprise: AI Drives Earnings Up and Down, Plus Agentic AI and Tariffs – Six Five Webcast – Infrastructure Matters

Discover how AI is driving major shifts in tech earnings on this episode of the Six Five Webcast - Infrastructure Matters. Learn about Broadcom's AI-fueled growth, VMware's Private AI Foundation, Salesforce's Agentforce, and the satellite internet race, and the impact of tariffs and the future of AI in business.
Become a Client

The Futurum Group

(833) 722-5337

501 West Ave., Suite 2102
Austin TX 78701

Linkedin Youtube Facebook

Welcome to The Futurum Group

Login to The Futurum Group
Login to Futurum Intelligence
Login to Futurum Labs Research Library

Thank you, we received your request, a member of our team will be in contact with you.