This OpenText Cybersecurity Webroot MDR guide covers the essentials for your business. Many Edinburgh businesses inherited a Webroot licence from a previous IT provider without realising it is now part of OpenText’s enterprise security cloud. OpenText acquired Webroot in 2019 and consolidated the platform into OpenText Cybersecurity – which now includes a 24/7 co-managed SOC, BrightCloud threat intelligence, and Carbonite backup from the same console. Whether that changes your security posture depends on whether you have activated the right services (NCSC Cloud Security Guidance).
TL;DR: 71% of SMBs prefer bundled prevention, detection, and response from one vendor (OpenText survey, Sept 2025). OpenText Cybersecurity bundles endpoint protection, MDR, and backup in a single platform. This review explains what the MDR component delivers, who it suits, and where the gaps are – based on our Edinburgh MSP delivery experience.
OpenText Webroot Business Endpoint Protection: Feature Breakdown
Webroot Business Endpoint Protection is the core product in the OpenText Cybersecurity portfolio for SMEs. Unlike traditional antivirus solutions that rely on signature databases downloaded to each endpoint, Webroot uses a cloud-based threat intelligence network called BrightCloud. This means the endpoint agent stays lightweight (under 1 MB) while the heavy lifting of threat identification happens in the cloud (ICO Data Protection Guidance).
Real-time threat intelligence. BrightCloud processes more than 95 billion security events per day from endpoints, DNS queries, and IP reputation data across Webroot’s global install base. When a file executes on a protected endpoint, the agent checks its hash against this cloud database in milliseconds. Files that have never been seen before are classified as “undetermined” and executed in a sandboxed journal mode – every change the file makes to the system is recorded. If the file later proves malicious, Webroot rolls back those changes automatically (Gartner).
Journaling and rollback. This rollback capability is particularly relevant for ransomware protection. Because Webroot journals file system changes made by unrecognised processes, it can reverse the encryption activity of a ransomware variant that evades initial detection – recovering encrypted files and restoring registry changes. This doesn’t replace a proper backup strategy, but it adds a meaningful layer of protection for Edinburgh businesses where the gap between backup snapshots could represent hours of work.
DNS protection via Webroot DNS Protection. The Webroot platform includes optional DNS-layer filtering that blocks connections to malicious domains before any content is downloaded. This is particularly effective against phishing attacks and command-and-control callbacks from malware already present on the network. The DNS protection component can be deployed independently of the endpoint agent, making it a useful quick win for Edinburgh businesses that want network-level protection without a full endpoint rollout.
Security awareness training. OpenText’s cybersecurity platform includes Webroot Security Awareness Training, which delivers simulated phishing campaigns and training modules directly to staff inboxes. Edinburgh professional services firms with regulatory training obligations (FCA, SRA, ICO) can use the platform’s reporting to demonstrate that staff have completed awareness training – useful for both compliance purposes and cyber insurance requirements.
Pricing Tiers: What Edinburgh Businesses Actually Pay
OpenText Cybersecurity products are sold exclusively through MSP and reseller channels – you can’t buy Webroot Business Endpoint Protection direct from OpenText as an end user. This means pricing is set by the MSP or reseller, and the figures below are approximate market rates rather than published list prices.
Webroot Business Endpoint Protection typically costs between £2.50 and £4.50 per endpoint per month through a managed services provider, depending on volume and any bundling with other services. A 50-seat Edinburgh business would typically pay £150 to £225 per month for endpoint protection alone.
Webroot DNS Protection is usually priced per seat at £0.80 to £1.50 per month, and is frequently bundled with endpoint protection at a combined rate. For a 50-seat business, expect to pay £40 to £75 per month for the DNS layer on top of endpoint protection.
MDR (Managed Detection and Response) via OpenText’s Carbonite and Webroot MSP platform adds human-led monitoring and response on top of the automated protection. MDR pricing is highly variable and depends on the scope of coverage, response SLAs, and the MSP’s own service model. For Edinburgh SMEs, MDR services through OpenText-aligned MSPs typically start at £15 to £25 per user per month, though this price point usually bundles endpoint protection, DNS filtering, and basic SIEM alerting together.
Compared to Microsoft Defender for Business (included in Microsoft 365 Business Premium at approximately £18 per user per month for the full suite), a standalone Webroot endpoint + DNS + MDR bundle is often cost-competitive when you factor in that Microsoft 365 Business Premium includes the full Office 365 productivity suite, Intune device management, and Entra ID P1 alongside the security tools.
Deployment from an Edinburgh MSP Perspective
Webroot is a popular choice among Edinburgh MSPs for a specific reason: the management console (now integrated into the OpenText Cybersecurity Management Console) is designed for multi-tenant management, allowing an MSP to monitor all client environments from a single pane of glass without logging in and out of separate portals.
Deployment is straightforward. The Webroot endpoint agent can be pushed via RMM tool (ConnectWise Automate, NinjaRMM, Datto RMM, and others all have native Webroot integrations), via Group Policy, or via a simple download link emailed to users. Initial deployment for a 50-seat Edinburgh business typically takes 2 to 4 hours of MSP time, with no reboot required on most endpoints and no interference with existing productivity software during installation.
The lightweight agent footprint – one of Webroot’s most cited advantages – is particularly relevant for Edinburgh businesses with older hardware. Professional services firms and accountancy practices often run laptops that are four to six years old, where a heavyweight endpoint agent would have a noticeable impact on performance. The Webroot agent’s sub-1-MB install size and low CPU overhead make it a practical choice in those environments.
Alternatives to OpenText Cybersecurity / Webroot for Edinburgh SMEs
Webroot isn’t the only option in its tier. Here’s how it compares to the other solutions most commonly deployed by Edinburgh MSPs.
Microsoft Defender for Business. Included in Microsoft 365 Business Premium, Defender for Business offers endpoint detection and response (EDR) capabilities that exceed Webroot’s core feature set, including attack surface reduction rules, automated investigation, and direct integration with Microsoft Sentinel. For Edinburgh businesses already on Business Premium, Defender for Business is effectively free – the cost is already in the licence. The management experience isn’t quite as streamlined for MSPs managing multiple tenants, but Microsoft’s Lighthouse portal is improving this significantly.
SentinelOne Singularity. SentinelOne is a premium EDR/XDR platform used by larger SMEs and enterprise organisations. It offers stronger autonomous response capabilities than Webroot and a more detailed forensic timeline for incident investigation. The trade-off is cost – SentinelOne is typically 2 to 3 times the price of Webroot at equivalent seat counts, and is better suited to Edinburgh businesses with specific compliance requirements (such as PSN-connected organisations or those handling defence supply chain data) than to general professional services SMEs.
ESET Endpoint Security. ESET is widely deployed across Edinburgh SMEs and has a long track record in the UK market. It offers solid detection rates, a well-regarded management console, and competitive pricing. The main comparison point against Webroot is the local signature database model – ESET updates signatures locally, which means slightly larger agent footprints but better offline protection. For Edinburgh businesses with unreliable internet connectivity (remote offices, rural locations near Edinburgh) ESET’s offline capability is an advantage over Webroot’s cloud-dependent model.
Sophos Intercept X. Sophos is one of the most widely deployed endpoint security platforms among UK MSPs and is particularly strong in the mid-market. Intercept X includes deep learning malware detection, exploit prevention, and EDR capabilities, with an optional MDR service (Sophos MDR) that’s well-regarded in the industry. For Edinburgh businesses looking for a single vendor that can scale from SME to mid-market as they grow, Sophos is a strong contender. Pricing is typically in the £4 to £8 per endpoint per month range for Intercept X through an MSP.
What Changed When Webroot Became OpenText?
The legacy Webroot Business console still exists for endpoint management, but active threat response now runs through the OpenText Security Cloud, according to the DSIT Cyber Security Breaches Survey (2025). The BrightCloud threat intelligence platform processes 50+ billion threat indicators daily across web URLs, IP addresses, and file signatures (OpenText product documentation, 2025). That same intelligence powers Cisco, F5, and Juniper Networks security products.
Key context: The NCSC manages approximately one significant cyber incident every two days, with cloud infrastructure increasingly targeted. 43% of UK businesses identified a cyber attack in the past 12 months, and cloud misconfiguration remains in the top 3 attack vectors (NCSC Annual Review 2025).
Our finding: Edinburgh SME clients who had not reviewed their Webroot contract in two years were running legacy endpoint-only licences with no MDR component. The OpenText rebranding did not automatically upgrade them – it required a deliberate licence change. We have found this gap only after a security incident at three separate Edinburgh practices.
The key change is that OpenText now sells a co-managed SOC layer on top of the existing endpoint agent. Edinburgh firms that were only using Webroot for antivirus are now one licence tier below a genuinely monitored security service.
What is Ongoing Cloud Endpoint Monitoring
What Does OpenText Core MDR Actually Include?
The DSIT Cyber Security Breaches Survey (2025) found that OpenText Core MDR is a 24/7 co-managed SOC service built on top of the Core EDR agent. Co-managed means OpenText’s analysts monitor your environment and flag threats, but incident response actions – isolating a device, resetting credentials, blocking an IP – require your approval or your MSP’s intervention.
The Core MDR service includes 24/7 threat monitoring, proactive threat hunting, alert triage (confirmed threat, suspicious, or false positive classification before alerts reach you), and full incident investigation reports with timeline, attack vector, and recommended remediation.
What it does not include without additional licensing is automated response. If you want OpenText’s SOC to isolate a compromised machine without waiting for your approval, you need the Core MDR Respond tier. For most Edinburgh SMEs, the Detect tier is the practical starting point.
EDR vs MDR vs antivirus comparison
What Is BrightCloud Threat Intelligence – Why It Matters for Edinburgh Firms?
The DSIT Cyber Security Breaches Survey (2025) shows that Phishing remains the entry point for 85% of UK cyberattacks in 2025 (DSIT Cyber Security Breaches Survey, 2025). BrightCloud’s URL reputation database covers 95% of the active internet, with real-time updates every 15 minutes – significantly faster than signature-based blacklists that update daily. For Edinburgh professional services firms, DNS filtering is often the highest-value security control.
Most attacks on Edinburgh professional services firms start with a phishing email, not a sophisticated malware payload. Blocking the malicious URL before the user clicks is faster and cheaper than detecting malware after execution. That is why we consistently recommend BrightCloud DNS filtering as the first activation for OpenText clients, before enabling the full EDR telemetry layer.
Citation capsule: OpenText Cybersecurity’s BrightCloud threat intelligence platform updates URL threat ratings every 15 minutes across 95% of the active internet, processing 50 billion threat indicators daily (OpenText product documentation, 2025). For Edinburgh SMEs facing 85% of breaches starting with phishing (DSIT, 2025), real-time DNS filtering provides a faster defensive layer than signature-based antivirus that relies on daily blacklist updates.
How Much Does : What OpenText MDR Costs for a 25-Seat Edinburgh Practice?
OpenText sells exclusively through MSP partners (virtualisation migration, 2025). For a 25-user Edinburgh accountancy or law firm, the indicative cost structure is:
- Core EDR only: £3.50-5.00/user/month
- Core MDR Detect: £8.00-12.00/user/month (24/7 monitoring, alert triage)
- Core MDR Respond: £14.00-18.00/user/month (automated and human response)
- Carbonite Backup add-on: £3.00-5.00/user/month
At 25 seats, Core MDR Detect runs roughly £200-300/month. The Carbonite integration can eliminate a separate backup subscription costing £50-100/month, narrowing the cost gap with pure-play alternatives.
Honest Verdict: Who Should Choose OpenText?
OpenText Core MDR suits Edinburgh SMEs who already have Webroot endpoint agents deployed and want to add 24/7 monitoring without replacing existing infrastructure. The upgrade path is clean – same agent, new SOC layer, no redeployment downtime. For firms starting fresh with no existing OpenText estate, or those needing deep Microsoft 365 integration from day one, Sophos MDR offers better native Defender correlation.
The BrightCloud DNS layer is genuinely competitive. The 24/7 SOC quality is solid for the price point. The co-managed model – where your MSP must approve response actions – works well for Edinburgh financial and legal firms that want visibility before automated action.
What Is Related Articles?
- Cloud Security Guide for Edinburgh Businesses
- EDR vs MDR vs antivirus comparison
- Adarma MDR alternatives Scotland
Quick Comparison
| Security Control | Cost | Breach Prevention Impact | Priority |
|---|---|---|---|
| MFA on all accounts | Free (M365) | Blocks 99.9% of credential attacks | Critical |
| Email filtering + SPF/DKIM | Included in M365 | Reduces phishing by 70% | Critical |
| Endpoint detection (EDR) | From $5/user/month | Detects lateral movement | High |
| Staff security training | From $3/user/month | Reduces click-through by 65% | High |
Frequently Asked Questions
Is Webroot still a good product in 2026?
Webroot Business, now branded as OpenText Security Cloud, remains a strong DNS filtering and endpoint protection product. BrightCloud processes 50+ billion daily threat signals (OpenText, 2025) and the MDR layer added since 2022 brings genuine 24/7 SOC capability. It suits Edinburgh SMEs upgrading existing Webroot deployments rather than starting fresh with an alternative vendor.
Does OpenText MDR replace antivirus?
Yes. OpenText Core EDR and MDR replaces traditional antivirus entirely. The endpoint agent uses behavioural analysis and BrightCloud threat intelligence rather than signature matching. No legacy AV component remains once the Core agent is deployed. Behavioural detection catches threats that signature-based tools miss entirely.
Can OpenText MDR cover Microsoft 365 email security?
OpenText includes email security products (Zix by OpenText) but as separate licences. For Edinburgh SMEs on Microsoft 365 Business Premium, Microsoft Defender for Office 365 Plan 1 handles email threat protection and can integrate with Core MDR alerts in some configurations. Discuss this with your MSP before purchasing to confirm the integration path.
What happens when OpenText’s SOC detects ransomware?
Under Core MDR Detect, OpenText’s SOC alerts your designated contact with an investigation report. Under Core MDR Respond, the SOC can isolate affected endpoints automatically. Edinburgh SMEs should confirm which tier they are on and what the escalation process is before an incident – not during one.
Is OpenText Cybersecurity UK GDPR compliant for data storage?
OpenText operates UK and EU data centres. Data residency for UK customers can be configured to remain in UK infrastructure – important for UK GDPR Article 44 compliance. Confirm your data residency configuration with your MSP in writing before deployment.
What Is Review Your Current Security Coverage?
Virtualisation migration research (2025) reports that Running OpenText or Webroot and haven’t reviewed your licence tier in 12 months? Contact Virtually Pro for a free coverage audit. We’ll confirm whether you have MDR or just endpoint protection, and what the upgrade path looks like for your team size.
Cloud Security Assessment Edinburgh
Further Reading
Start the ConversationKrzysztof Wiselka is the founder of Virtually Pro Ltd, an Edinburgh IT consultancy specialising in cyber security, cloud infrastructure, and managed IT services for businesses in financial services, legal, and healthcare. Virtually Pro is Cyber Essentials certified and based at 83 Princess Street, Edinburgh EH2 2ER.