›› At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Guided response
- MTTA SLA
- Not disclosed
- Coverage
- 24×7 · 1 SOC region
- Surfaces
- Endpoint · Cloud · SaaS · Network
- IR retainer
- Separate
- Customers (public)
- Not published
- SOC analysts
- Not published
- Onboarding
- Not published
›› Best for
›› IDEAL FOR
- SMB and lower mid-market organizations that want a SOC layer over their existing endpoint stack
- Teams that want guidance and threat hunting but prefer to execute response themselves
- Existing OpenText or Webroot customers consolidating onto one vendor for endpoint and MDR
›› NOT IDEAL FOR
- Buyers who need analysts to isolate endpoints or kill processes without customer approval
- Teams that need a published response-time SLA with financial backing
- Organizations with OT or ICS environments needing dedicated industrial coverage
›› Coverage
Endpoint
Included
Cloud
Included
Identity
Limited
SaaS
Included
Network
Included
OT / IoT
Not offered
›› COMPATIBLE TOOLS
EDR
SIEM
Cloud
›› ADDITIONAL CAPABILITIES
›› Incident response
- Monitoring
- 24/7 · 24/7 virtual SOC, specific shift model not published
- First response
- Alert only — provider notifies your team with recommended actions · Custom playbooks supported
- Containment
- None documented
- Notification
- Phone · Email
- Response SLA
- Not disclosed · OpenText publishes a vendor-stated MTTD of less than 30 minutes from the 2021 launch but does not publish a formal contractual response SLA.
- IR included
- No — separate retainer
›› DETECTION QUALITY
- MTTD (detect)
- Less than 30 minutes (vendor-published, 2021 launch claim)
- MTTR (respond)
- Not published
- False positives
- OpenText claims up to 97 percent reduction in event noise through machine learning correlation and BrightCloud threat intelligence enrichment.
›› THREAT HUNTING
- Included
- Yes — in base service
- Approach
- proactive
- Frequency
- Continuous, as part of the base service
›› Pricing
Custom quote, not published. Sold direct and through OpenText partner channel.. Annual contracts.
- Indicative price
- Not published
What costs extra
- -Webroot endpoint protection if the customer needs it bundled
- -OpenText security awareness training
- -Incident response retainer
Cost caveats
- -Co-managed model means the customer's team still does the actual containment work
- -No published SLA, contractual response commitments must be negotiated
- -Headline detection metrics come from a 2021 launch announcement and have not been independently verified
Pricing compiled from public sources. Verify directly with the provider.
›› The team
- Analysts
- Direct employees · Not published
- Certifications
- Not published
- Channels
- Email · Portal · Phone
- Data access
- Dashboard Access
- Portal
- Co-managed portal that surfaces alerts, threat intelligence context and analyst notes. Depth of query access not publicly documented.
- Account manager
- Shared / pooled
›› Reputation
Public review coverage of OpenText Core MDR is thin. Capterra lists the product with zero reviews, and there is no Gartner Peer Insights MDR profile or G2 page with a meaningful review base. Practitioner discussion mostly references the broader OpenText Cybersecurity portfolio and the Webroot heritage rather than the MDR service itself.
›› WHAT CUSTOMERS PRAISE
- — BrightCloud threat intelligence is well regarded inside OpenText's broader product line
- — Co-managed model appeals to teams that want a SOC layer without giving up control
- — Backed by a large public software vendor with long enterprise track record
›› COMMON COMPLAINTS
- — Very limited public review base for the MDR service specifically
- — Headline detection metrics are vendor-published and date back to the 2021 launch
- — Co-managed positioning means the customer still owns response execution
›› REDDIT (R/SYSADMIN, R/MSP)
Limited Reddit discussion of OpenText Core MDR specifically. r/msp threads tend to surface Webroot MDR powered by Blackpoint, which is a separate product.
›› Questions to ask
›› 7 questions to ask OpenText▾
- 1.
What response actions does your SOC take on our behalf, and what actions do we have to execute ourselves under the co-managed model?
- 2.
Are the 30-minute MTTD and 99 percent detection figures from the 2021 launch still reflected in current contracts, and what response SLAs will you commit to in writing?
- 3.
How does OpenText Core MDR differ from Webroot MDR powered by Blackpoint, and which one fits our environment?
- 4.
Which third-party EDR and SIEM products do your analysts actively support, and which are best-effort log ingestion only?
- 5.
What does the SOC do at 3am if our team is unreachable? Do they wait, escalate, or take any pre-approved actions?
- 6.
What happens to our detection content, custom rules and alert history if we move off the platform?
- 7.
Is there an option to add Webroot endpoint protection bundled into the contract, and how does that change pricing?
›› Evidence
›› SOURCES REVIEWED
›› PUBLIC-DATA CAVEATS
- -No public contractual response-time SLA is recorded for this profile.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response workflows are described, but exact standard containment actions are not public.
- -MDR analyst headcount or analyst-to-customer ratio is not public.