EnCase® Endpoint Security

Earlier Detection, Faster Decisions and Unprecedented Threat Response.


OpenText™ EnCase™ Endpoint Security 20.4

Expanded threat detection to support MITRE ATT&CK

Advanced threat detection | Fearless Response | Continuous monitoring at scale | Alert Triage and Response Automation

OpenText™ EnCase™ Endpoint Security 20.4 is now available with real-time monitoring and threat detection based on the MITRE ATT&CK framework, simplifying and streamlining awareness and response to advanced cyber threats.

20.4 also includes expanded continuous monitoring capabilities to include artifacts from the Windows Event Log, a crucial component to understanding complex threat behaviors needed for detection.

EnCase™ Endpoint Security 20.4 also supports telemetry streaming of endpoint data for on-demand threat hunting use cases, as well as a new unified timeline to visualize threat activity needed for DFIR investigations.



OpenText™ EnCase™ Advanced Detection

OpenText™ EnCase™ Endpoint Security add-on software

Augments the forensic detection and response capabilities of OpenText™ EnCase™ Endpoint Security by providing comprehensive malware, active breach, and insider threat detection coupled with end-to-end orchestration and automation capabilities. This agentless and cloud-based technology enables enterprise-wide threat assessments through a streamlined deployment with proven scalability and flexibility. Important alerts are passed to Endpoint Security to provide best-of-breed automated response capabilities.

The only 360° visibility into the endpoint


Security teams have been battling to stay ahead of the curve, but without deep and trusted visibility into your endpoints, we're expending more effort than reward. EnCase Endpoint Security enables you with:

Earlier Detection

Earlier Detection of elusive risks,threats and anomalous activity unique to your organization, reducing your mean-time-to-discovery.

Faster Decisions

With time-critical endpoint telemetry, you can validate or dismiss security events as they happen, eliminate the chance of missing that critical alert and ensure continual return from security investments.

Forensic-Grade Response

Single, flexible platform that delivers automated and on-demand response, simplifies workflow and readily returns your endpoints to a trusted state.


EnCase Endpoint Security is recognized by Gartner as the most widely used Endpoint Detection and Response Solution.

EnCase® Endpoint Security 6

Completely Redesigned. See What’s New.


the User Experience

A completely redesigned user interface that is deliberate and intended to enhance the security users’ end-to-end experience

Simplified workflows help security analysts and incident responders get started immediately with less training

Intuitive dashboards help quickly prioritize alerts and make evidence-based decisions to investigate or remediate threats

Request Demo

Raising the Bar with Detection & Response

Newly integrated threat intelligence instantly analyzes and responds to would-be threats

Conditional threat detection capabilities quickly identifies suspicious artifacts to verify potential intrusions

Real-time continuous monitoring of endpoint activities greatly improves security incident response

Provides deep visibility into almost every imaginable forensic artifacts on any given endpoint throughout your enterprise


Automation all day, Everyday

Enriched and contextualized endpoint data, reported as Threat Scores, allow users to quickly focus on suspicious activities without analyzing all telemetry

Process tree visualizations provide the means to quickly ascertain process relationships without the need for a deep dive

Distributed IOC searching and enhanced endpoint processing for faster performance and scalability

Create events, collect endpoint data, initiate scans, remediate, and more from third party security tools using open APIs


Ready to Talk?

Let us answer your questions or schedule a demo.