OpenText brings decades of expertise to help you unlock data, connect people and processes, and fuel AI with trust
Unify data seamlessly across your enterprise to eliminate silos, improve collaboration, and reduce risks
Get AI-ready and transform your data into structured, accessible, optimized information
Meet regulatory and compliance requirements and protect your information throughout its lifecycle
OpenText helps people manage content, automate work, use AI, and collaborate to boost productivity
See how thousands of companies around the world are succeeding with innovative solutions from OpenText™
Our people are our greatest asset; they are the life of the OpenText brand and values
Learn how we aspire to advance societal goals and accelerate positive change
Find a highly skilled OpenText partner with the right solution to enable digital transformation
Explore scalable and flexible deployment options for global organizations of any size
Local control. Global scale. Trusted AI
Your cloud, your control
Free up resources, optimize performance and rapidly address issues
Run anywhere and scale globally in the public cloud of your choice
See information in new ways
AI that understands your business, your data, and your goals
Say hello to faster decisions. Your secure personal AI assistant is ready to get to work
Gain better insights with generative AI for supply chains
Power work with AI content management and an intelligent AI content assistant
Improve your security posture with AI cybersecurity and agile threat detection
Enable faster app delivery, development, and automated software testing
Elevate customer communications and experiences for customer success
Empower users, service agents, and IT staff to find the answers they need
See information in new ways
AI that understands your business, your data, and your goals
Say hello to faster decisions. Your secure personal AI assistant is ready to get to work
Gain better insights with generative AI for supply chains
Power work with AI content management and an intelligent AI content assistant
Improve your security posture with AI cybersecurity and agile threat detection
Enable faster app delivery, development, and automated software testing
Elevate customer communications and experiences for customer success
Empower users, service agents, and IT staff to find the answers they need
Predict, act, and win with real-time analytics on a smarter data platform
Give users access to the answers they need, faster and easier, with multi-repository AI-based search that lets you contextualize everything from clicks to conversations
Connect once, reach anything with a secure B2B integration platform
Reimagine knowledge with AI-ready content management solutions
Supercharge intelligent workspaces with AI to modernize work
Integrated cybersecurity solutions for enterprise protection
Purpose built data protection and security solutions
Reinvent threat hunting to improve security posture with the power of agile AI
Ship better software—faster—with AI-driven DevOps automation, testing, and quality
Reimagine conversations with unforgettable customer experiences
Get the clarity needed to cut the cost and complexity of IT operations
Redefine Tier 1 business support functions with self-service capabilities from private generative AI
Build custom applications using proven OpenText Information Management technology
Build it your way with OpenText Cloud APIs that create the real-time information flows that enable custom applications and workflows
Protect what matters, recover when it counts
Get greater visibility and sharper insights from AI-driven information management. Ready to see how?
Break free from silos, streamline processes, and improve customer experiences with secure information management for AI
Improve efficiency, security, and customer satisfaction with OpenText
Run processes faster and with less risk
Achieve digital transformation with guidance from certified experts
Modernize your information management with certified experts
Unlock the full potential of your information management solution
Turn support into your strategic advantage
Extend IT teams with certified OpenText application experts
Discover training options to help users of all skill levels effectively adopt and use OpenText products
Modernize your information management with certified experts
Unlock the full potential of your information management solution
Turn support into your strategic advantage
Extend IT teams with certified OpenText application experts
Discover training options to help users of all skill levels effectively adopt and use OpenText products
Information is the heartbeat of every organization. We build information management software so you can build the future
OpenText partners with leading cloud infrastructure providers to offer the flexibility to run OpenText solutions anywhere
OpenText partners with top enterprise app providers to unlock unstructured content for better business insights
Discover flexible and innovative offerings designed to add value to OpenText solutions
Discover the resources available to support and grow Partner capabilities
Get expert product and service support to accelerate issue resolution and keep business flows running efficiently
Explore detailed services and consulting presentations, briefs, documentation and other resources
As platforms, systems, and applications continue to close their vulnerabilities, nascent outsiders often find it easier to exploit other weaknesses like credentials, misconfigurations, or exposed APIs. Various phishing techniques, key loggers, and other automated tools are all used and have proven easier to execute than directly going up against applications and system-level security. Whereas vulnerability research requires quite a bit of time, skill, and extensive testing to identify exploitable weaknesses, increasingly, attackers have opted instead to focus more on credential stuffing for quick access to these services. Along with their credential-based approach, attackers have honed their skills to identify privileged accounts and ways to promote other compromised accounts. These attacks can be persistent threats lasting months or even years. Of course, the most damaging and sought-after identities are information owners and other similar accounts with special access privileges. As such, the increasing risk for organizations was not just credential-based accounts, but attacks on the most privileged users. They were, and still are, the most complex threats to protect against because the outsider has the information traditionally relied upon for a person or process to identify themselves.
Year | Event |
---|---|
2000s | Rise of credential-based attacks (phishing, brute-force). |
2010s | Major identity breaches via stolen credentials continue their growth trend both in frequency as well as loss of value of the victim organization. Growth of IAM, MFA, and PAM solutions. |
2021 | MITRE ATT&CK framework expands to identity-based threats. |
2022 | Gartner coins ITDR, emphasizing the need for identity-centric threat detection. |
2023+ | ITDR gains traction to becoming a core cybersecurity strategy for enterprises. |
In 2022, Gartner introduced ITDR as a cybersecurity practice. In that introduction, Gartner described ITDR as a way for organizations to be a more effective approach to responding to the increasing threats targeting identity systems, credentials, and privileged access. Emphasizing the need for organizations to elevate their ability to detect, investigate, and mitigate identity-based attacks more effectively. Unlike traditional approach to security tools, ITDR integrates identity and access management (IAM), user and entity behavior analytics (UEBA), and extended detection and response (XDR) to proactively defend against credential misuse, privilege escalation, and lateral movement. Since current security methodologies haven’t been able to stem the tide of cyber threats, ITDR helps organizations enhance visibility, detect anomalies, and enforce stronger authentication and access controls, all of which reduce the risk of identity-driven breaches.
Gartner’s 2022 recognition of ITDR signified a meaningful milestone of coalescing IT technologies into a synergistic new security level, bringing together what is too often independent practices to power an expanded scenario. Together, IAM and security information and event management (SIEM) can identify and more accurately assign risk to related events, as well as execute an application, service, or other digital resource-level response to secure protected information. As such, ITDR has since gained momentum as a critical cybersecurity category for preventing identity-based attacks. Some key ITDR drivers include:
While TDR can excel at real-time monitoring and automated responses, it’s inability to attach attacks to specific identities over time does limit its effectiveness. More components are needed to expand TDR’s ability to identify suspicious behaviors.
Extended detection and response
Extended detection and response (XDR) is an advanced cybersecurity solution that integrates multiple security tools and data sources to provide a unified approach to threat detection, investigation, and response across an organization's entire attack surface.
Unlike traditional SIEM or EDR solutions, XDR collects and correlates threat data across multiple security layers, including cross-layered detection and correlation. Unlike traditional SIEM or EDR solutions, XDR collects and correlates threat data across multiple security layers, including endpoints (EDR), networks (NDR), emails, cloud workloads, and identity and access management (IAM). This improves visibility into complex attacks that span multiple entry points.
Automated threat investigation and response—XDR automatically prioritizes alerts and connects related security incidents to reduce alert fatigue. It uses AI and machine learning to identify attack patterns and mitigate threats faster.
Proactive threat hunting—security analysts can search for hidden threats using historical data and behavioral analytics. MITRE ATT&CK framework is often integrated into XDR to map adversary tactics and techniques.
Integration with security stack—XDR works with SIEM, SOAR, ITDR, and EDR solutions to streamline security operations (SOC). It also provides real-time alerts and automated remediation actions across different security tools.
XDR as it relates to other security solutions
The table below lists technologies used today by IT security teams to enhance their threat detection and automated responses. By themselves, they're not as complete or integrated as XDR is.
Security solution | Focus area | Key difference |
---|---|---|
EDR (endpoint detection and response) | Endpoints (e.g., laptops, servers) | Detects threats on individual devices but lacks network/cloud visibility |
NDR (network detection and response) | Network traffic | Detects threats within network environments but does not cover endpoints or cloud |
SIEM (security information and event management) | Log management & analysis | Collects security logs but lacks built-in threat response capabilities |
SOAR (security orchestration, automation, and response) | Incident response automation | Automates security workflows but does not have native detection capabilities |
XDR (extended detection and response) | Cross-domain security visibility | Unifies endpoint, network, cloud, and identity-based detections for better correlation and faster response |
When suspicious behavior emerges—such as an unusual login, rapid privilege changes, or access from untrusted locations—XDR triggers automated actions such as compromised accounts being locked, MFA being enforced, or unauthorized sessions being terminated instantly. ITDR, which correlates identity information to XDR drivers, leverages XDR-derived information and automates the response needed to prevent attackers from exploiting stolen credentials by restricting access and enforcing dynamic authentication controls. Privileged activity is continuously monitored, and unauthorized escalations are blocked before they lead to a breach. XDR’s orchestration capabilities ensure ITDR seamlessly integrates with SIEM, SOAR, and IAM systems, streamlining automated remediation workflows. This ITDR-powered automated response fortifies security teams with an automated proactive defense, stopping identity-driven attacks before they escalate into full-scale breaches.
Identity security posture management
A core component of ITDR’s response engine is the ability to continuously manage (assess and respond) an organization’s security landscape identity security posture management (ISPM) at the identity level. As enterprises expand their digital ecosystems, the sheer volume of human and machine identities creates an ever-expanding attack surface. ISPM provides real-time visibility into identity risks, misconfigurations, and policy violations, enabling proactive defense against identity-based threats. By leveraging automation, risk analytics, and policy enforcement, ISPM ensures that identities adhere to security best practices, reducing exposure to credential-based attacks, privilege escalation, and unauthorized access.
At the core of ISPM is the ability to dynamically analyze identity posture across various environments, including on-premises, cloud, and hybrid infrastructures. This involves monitoring access entitlements, enforcing least privilege principles, and detecting anomalous behaviors indicative of compromise. Integrated with identity threat detection and response, ISPM enhances an organization’s ability to preemptively address identity vulnerabilities before they are exploited. Cyber threats are often based on compromised credentials, so identity-based ISPM serves as a critical layer of defense, aligning security posture with evolving risk landscapes. This is done by defining the level of risk the organization is willing to tolerate and then continuously evaluating the environment to respond when that level is reached. ISPM is a key component of ITDR because it enables organizations to maintain resilience against sophisticated cyber adversaries.
Empowering threat response with identity
Identity and access management solutions allow organizations to tie breach or threat indicator events to identities, as well as target response at the most effective level – that session(s) or application(s). IAM is the ‘I’ of ITDR. To effectively automate responses, these two technologies must work together seamlessly. When they do, the integration enhances visibility and threat detection and quickly responds to identity-based attacks.
OpenText™ IAM solutions generate authentication logs, access requests, and privilege changes. OpenText’s advanced threat detection & insider threat management solution correlates them with data from endpoints, networks, and cloud environments. Additionally, OpenText TDR offers additional user and entity behavior analytics (UEBA) beyond what is typically available in identity-based risk services. They detect risk through breach indicators derived from access and application usage when brought together. Traditional identity and access-based risk metrics are limited to prescribed criteria, such as whether or not the browser instance or the physical device is known and whether login attempts are unsuccessful. These same adaptive controls put conditions or limits on time ranges and geolocations, as well as identify impossible travel scenarios. While traditional adaptive access controls can also leverage the history of these prescribed conditions, XDR metrics can be far more sophisticated.
XDR technologies monitor a much broader spectrum of information than what is available in IAM infrastructure. From that data, XDR automation can correlate observed data into behavior patterns that are more discerning than rules-based controls. They discern which sessions are indicating risk factors from anomalies or attack patterns. When XDR monitoring capabilities are merged with identity information that forms an ITDR level of security, activities can be correlated and calculated into patterns—patterns that span long periods. With identity, the activity data collected from networks, devices, and session information is correlated to higher levels of interaction that identities (people or processes) have with digital services extending over a longer period. This persistent identity-based activity data empowers risk engines to calculate the risk of breach-related activities that are used to penetrate typical security practices. These patterns grow stronger over time in ways that make ITDR more effective in identifying user anomalies or potential breaches as the model of each active user grows. Beyond strengthening threat models, ITDR can respond through its security orchestration, automation, and response (SOAR) platforms—far more than what is available in an IAM environment. Additionally, IT can use this expanded security platform to initiate predefined workflows, such as blocking malicious IPs, alerting security analysts, or isolating affected devices.
Since each environment is unique, the road to an ITDR level of security is unique. This means that the need for ITDR may or may not exist for a specific environment, and the level of ITDR sophistication will vary. The makeup of your current environment will influence what you implement.
Some of the dynamics that may help determine how much to invest in an ITDR form of security include the following:
ITDR has evolved from traditional identity security into a dedicated security discipline, addressing modern identity-driven cyber threats. As cybercriminals continue increasingly targeting credentials, privileged accounts, and identity systems, ITDR may become a standard security layer of an organization’s security strategy.
Enable single sign-on and access control across platforms
Protect data with simplified compliance and access review processes
Enable passwordless and multifactor authentication
Secure unstructured data and prevent unauthorized access