WatchGuard’s newest security service, Threat Detection and Response (TDR), is now Generally Available (GA)! TDR is WatchGuard’s first security service that correlates network and endpoint security events with threat intelligence to detect, prioritize and enable immediate action against threats. This is significant, because it is also the first service from ANY UTM vendor to provide these capabilities to the SMB market!
Threat Detection and Response is comprised of four different components:
- ThreatSync – enables real-time threat detection and policy-based automated response through cloud-based correlation and scoring. It consumes event data from Firebox appliances on the network, Host Sensors on endpoints, and cloud threat intelligence feeds, correlates the data to generate comprehensive threat scores, and initiates automatic malware response actions. This intelligent prioritization of each individual threat based on its overall level of risk ultimately allows organizations to decrease time to detection and remediation.
- Lightweight Host Sensors – extend organizations’ visibility and management to the endpoint by continuously scanning and monitoring security events on devices back to ThreatSync for analysis, scoring and remediation. Previously a frustrating security blind spot for most organizations, this constant flow of data from devices beyond the traditional network perimeter allows users to visualize and address endpoint threats.
- Enterprise-Grade Threat Intelligence – TDR enables SMBs to leverage the advanced security benefits of enterprise-grade threat intelligence without the complexity or cost.
- Host Ransomware Prevention (HRP) – enables industry-leading prevention against ransomware attacks. Host Ransomware Prevention, working in tandem with the advanced malware protection provided through APT Blocker, blocks the execution of ransomware before any file encryption on the endpoint takes place, mitigating the ransomware attack before any damage is done.
ThreatSync is able to leverage the full power of the Host Sensor and T-series, M-series, and XTMv Fireboxes, not only correlating heuristic and behavioral events occurring on the host, but also correlating security events from other Total Security Suite enterprise-grade UTM services, including APT Blocker, WebBlocker, Reputation Enabled Defense, and Gateway Antivirus.
TDR was designed to provide an additional layer of security that would be complementary to existing preventative technologies, such as anti-virus. TDR works in tandem with existing AV, bringing an additional, powerful layer of threat detection and event correlation to catch anything that AV might miss or be unable to remediate. This means that users or MSSPs don’t need to replace existing AV solutions already deployed.
For more information click here.