Network and Endpoint Threat Correlation

WatchGuard Threat Detection and Response (TDR) correlates threat detectors from host sensors and WatchGuard Fireboxes delivering you with an additional layer of security in the fight against ever more sophisticated malware. Malware attacks are disguised through packing, encryption and polymorphism and TDR, with its powerful malware defence tools and its holistic approach to security from the endpoint to the network, ensures these known, unknown and evasive threats are stopped.

Key Features

  • TDR correlates network and endpoint insight to deliver enterprise-level threat visibility
  • TDR has close integration with APT Blocker to provide advanced threat triage
  • TDR works alongside your existing antivirus solutions
  • There is not an impact on endpoint performance
  • TDR scores the severity of threats indicators and incidents
  • The time taken to detect and remediate with policy-based automation is decreased.

Threat Correlation and Protection

ThreatSync is a cloud-based correlation engine, and critical component of TDR. It analyses data from the WatchGuard Firebox, Host sensors and from threat intelligence feeds using a proprietary algorithm to identify malicious behaviour. A threat score and rank are assigned based on severity of risk which allows you to quickly respond to threats.

Threat Visibility on the Endpoint

The lightweight WatchGuard Host sensor extends threat visibility to the endpoint. The sensor continuously sends behavioural and heuristic data from the endpoint to ThreatSync for correlation and scoring. Each WatchGuard Firebox with a Total Security licence has a set number of TDR Host sensors included.

Download the datasheet

Host Containment and Automated Response

When a threat is identified infections can be controlled automatically. ThreatSync quickly contains and then eliminates the malware through automatically destroying processes, deleting associated registry keys and quarantining malicious files to prevent any further infection.

Ransomware Prevention With HRP

WatchGuard Host Ransomware Prevention (HRP) is a module within the Host Sensor. It uses behavioural analytics and honeypots to detect and prevent ransomware.

Advanced Threat Triage with APT Blocker

WatchGuard’s integrated approach to threat triage enables you to take a deeper look at a suspicious file. The approach uses an innovative artificial engine together with WatchGuard APT Blocker to detect and send suspicious files for deep analysis in a next-generation cloud-based sandbox.

Email Alerts and Notifications

ThreatSync has configurable notifications allowing you to receive alerts whenever you want them. They detail when a threat indicator or incident has been detected, and the action taken.

Enterprise-grade Threat Intelligence

WatchGuard delivers Threat Intelligence for small, medium and distributed enterprise. Previously Threat Intelligence was only affordable for the largest organisations. With TDR WatchGuard aggregates and analyses threat intelligence feeds to deliver the additional layer of security without the usual associated costs and complexities.

Additional Security Layer to Existing AntiVirus Solutions

You, or your Managed Security Service Provider (MSSP, MSP) do not need to replace your existing antivirus solutions as TDR works in tandem with existing AV. TDR adds an additional, powerful layer of security to catch anything your AV might miss.

How Threat Detection and Response Works

WatchGuard Threat Detection and Response Works by detecting threats on the Firebox or on endpoint and then sending them to ThreatSync for continual analysis and correlation. Threats are then scored and ranked according to risk severity and can be quickly acted on through on-click response options, or by setting up automated responses to include quarantining the file, deleting the registry key persistence, and to kill the process.

Claranet Cyber Security

The Claranet Cyber Security Difference

When it comes to maximising WatchGuard products and integrating robust and secure solutions, Claranet Cyber Security has the edge. Designed to meet the needs of specific sectors, types of organisations, and compliance standards, our tailored solutions are trusted by leading private and public sector organisations throughout the UK.

Get in touch to find out more

    To find out how we use your personal data for any enquiries, please read our privacy policy.

Start typing and press Enter to search