WatchGuard Updates Detection and Automatic Remediation Capabilities with Next-Generation Sandboxing
WatchGuard’s Host Sensors now integrate with APT Blocker to conduct controlled endpoint threat analysis and stop unknown and evasive attacks SEATTLE – September 21, 2017 – WatchGuard® Technologies, a leader in advanced network security solutions, today announced feature updates to its cloud-based Threat Detection and Response (TDR) service for small and midsize businesses (SMBs), distributed enterprises, and managed security service providers (MSSPs). The service correlates network and endpoint security events with threat intelligence to detect, prioritize and enable immediate action to stop malware attacks. TDR Version 5.1 introduces a direct integration between endpoint Host Sensors and APT Blocker, WatchGuard’s next-generation cloud sandbox solution. This extends the power of APT Blocker to endpoints, regardless of being on or off the corporate network. This allows IT administrators and MSSPs to automatically analyze suspicious endpoint files within the cloud sandbox to identify behaviors associated with persistent threats, zero day attacks and evasive malware, for fast and confident endpoint threat remediation. “Since we launched TDR, it’s been the only solution out there that combines the power of complete Unified Threat Management (UTM) network security services with endpoint detection and response capabilities,” said Andrew Young, SVP of product management at WatchGuard. “We’ve taken that a step further with our latest updates to TDR, extending APT Blocker’s advanced sandboxing capabilities from the network to the endpoint. Now, users can automatically place a potentially dangerous endpoint file under the microscope to observe its behavioral characteristics and objectives, and respond accordingly.” TDR combines several key elements to enable users to better detect and remediate evasive threats both inside their networks and on their endpoints:
- ThreatSync – WatchGuard’s cloud-based correlation engine, which collects event data in real time from Firebox appliances, Host Sensors and enterprise-grade cloud intelligence feeds. ThreatSync analyzes this data to generate a comprehensive threat score that guides either single-click or policy-based automated threat responses.
- UTM Network Security – WatchGuard Firebox M Series, T Series, FireboxV, and Firebox Cloud appliances, as well as existing industry-leading security services that contribute security data from inside the network to ThreatSync for correlation.
- Host Sensors – a lightweight software agent loaded onto endpoint devices that extends visibility beyond the network perimeter to individual devices. These sensors send data from potentially malicious endpoint security events to ThreatSync and APT Blocker to be analyzed, scored and addressed.
- APT Blocker – leverages a next-generation sandbox to emulate target environments and safely execute potentially malicious files from both the network and endpoint in order to analyze their behavior. Based on the APT Blocker response, the ThreatSync score is updated, enabling automatic remediation to eliminate the threat.
- Host Ransomware Prevention (HRP) Module – a lightweight software agent within endpoint Host Sensors that leverages behavioral analysis to identify ransomware-specific characteristics and automatically shuts down ransomware assaults pre-encryption. New advanced threat behaviors and characteristics are constantly added in order to ensure that HRP can block emerging attacks.
Previously, TDR leveraged APT Blocker to analyze threats from inside the network perimeter. With this new TDR update, APT Blocker is extending its powerful next-gen cloud sandboxing capabilities to individual devices outside of the network, consuming threat data directly from the endpoint for analysis. Now, whenever ThreatSync receives Host Sensor data that classifies an endpoint file as potentially malicious, it analyzes a hash of the malware sample, cross-referencing it with an extensive library of existing threats. If no match is found, TDR uploads the suspicious file where APT Blocker automatically performs deep analysis by detonating it in a controlled cloud sandbox that emulates a physical endpoint in order to analyze its intended behavior and unique characteristics. Once APT Blocker’s analysis is complete, it relays the results to ThreatSync, which then updates the threat score and enables automated remediation. A completely cloud-based solution, TDR’s centrally managed, intuitive interface enables partners to service countless subscriptions without spending as much time at customer sites for new deployments or troubleshooting exercises. With TDR, included in WatchGuard’s Total Security Suite, MSSPs can further differentiate themselves from the competition, win more business, and build an additional recurring revenue stream by monetizing continuous, more advanced detection and response services; all with one SKU and one license. Threat Detection and Response Service is now available as part of the WatchGuard Total Security Suite. Host sensor licenses vary based on the Firebox model, and additional sensor packages are available as an add-on offer. For more information, visit www.watchguard.com/TDR.
More WatchGuard News Posts
Over the past few years, we have seen how cyberattacks have grown more frequent.Read now
According to a study published by Verizon, 80% of data breaches are due to stolen passwords. Hence credential managers have become key tools to protect against cyberattacks and data exfiltration, shielding MSPs and their customers.Read now
The company’s new AuthPoint Total Identity Security solution adds advanced password management capabilities and dark web monitoring to help protect corporate credentials WatchGuard unveiled AuthPoint Total Identity Security , a comprehensive bundle that combines the award-winning AuthPoint multi-factor authentication (MFA)...
Original price $718.75 - Original price $2,630.00Original price$718.75 - $2,630.00$718.75 - $2,630.00Current price $718.75
Perfect as a stand-alone firewall solution or as a VPN gateway for centralized traffic inspection, Firebox T20 is a small appliance that brings bi...View full detailsOriginal price $718.75 - Original price $2,630.00Original price$718.75 - $2,630.00$718.75 - $2,630.00Current price $718.75
Original price $657.00 - Original price $2,490.00Original price $657.00$821.25 - $3,112.50$821.25 - $3,112.50Current price $821.25
ENTERPRISE-GRADE SECURITY FOR SMALL AND HOME OFFICES Perfect as a stand-alone firewall solution or as a VPN gateway for centralized traffic insp...View full detailsOriginal price $657.00 - Original price $2,490.00Original price $657.00$821.25 - $3,112.50$821.25 - $3,112.50Current price $821.25
Original price $1,151.25 - Original price $6,956.25Original price$1,151.25 - $6,956.25$1,151.25 - $6,956.25Current price $1,151.25
A customizable, high-performance tabletop firewall with optional port expansion modules to adapt to your changing needs. Businesses today are de...View full detailsOriginal price $1,151.25 - Original price $6,956.25Original price$1,151.25 - $6,956.25$1,151.25 - $6,956.25Current price $1,151.25
Original price $1,301.25 - Original price $4,921.25Original price$1,301.25 - $4,921.25$1,301.25 - $4,921.25Current price $1,301.25
A small-footprint security powerhouse that brings enterprise-level network security to small branch offices. WatchGuard’s Firebox T40 brings ent...View full detailsOriginal price $1,301.25 - Original price $4,921.25Original price$1,301.25 - $4,921.25$1,301.25 - $4,921.25Current price $1,301.25
Original price $1,043.00 - Original price $6,595.00Original price $1,043.00$1,303.75 - $8,243.75$1,303.75 - $8,243.75Current price $1,303.75
HIGH-PERFORMANCE SECURITY THAT EVOLVES WITH YOUR NETWORK A customizable, high-performance tabletop firewall with optional port expansion modules...View full detailsOriginal price $1,043.00 - Original price $6,595.00Original price $1,043.00$1,303.75 - $8,243.75$1,303.75 - $8,243.75Current price $1,303.75