Threat Intelligence
2/6/2017
02:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Endpoint Threat Detection and Response Service to Boost WatchGuard's Network Security Suite

New ThreatSync correlation and scoring engine automates malware detection and remediation with real-time data from networks, endpoints and cloud intelligence.

SEATTLE – January 24, 2017WatchGuard® Technologies, a leader in advanced network security solutions, today announced Threat Detection and Response (TDR), a new cloud-based service that gives small and midsize businesses (SMBs), distributed enterprises, and managed security service providers (MSSPs) the ability to detect advanced threats on endpoints, correlate this with data collected from the network and empower them to centrally respond. Now available with WatchGuard Total Security Suite (TSS), TDR is the only security service on the market that pairs detection and response capabilities on the endpoint with a comprehensive set of industry-leading Unified Threat Management (UTM) network security services.

“As cyber criminals continue to leverage increasingly varied and sophisticated threat vectors, many companies’ endpoints represent under-secured, unnecessary risks for customers, partners, and internal users.” said Andrew Young, SVP of product management at WatchGuard. “By correlating our enterprise-grade network security services with data collected from each individual device, WatchGuard can now provide actionable intelligence that enables comprehensive security from the network to the endpoint.”

TDR Features and Benefits

TDR further allows organizations to protect themselves from cyber threats by correlating events from their UTM appliances and their endpoints. This pinpoints malicious behaviors by using heuristics and threat intelligence, and scores them by risk and severity.

The new service includes the following features and benefits:

·       ThreatSync – provides real-time threat detection and policy-based automated response through cloud-based correlation and scoring. It consumes event data from Firebox appliances, Host Sensors on endpoints, and cloud threat intelligence feeds, correlates the data to generate comprehensive threat scores, and initiates automatic malware response tactics. This intelligent prioritization of each individual threat based on its overall level of risk ultimately allows organizations to decrease time to detection and remediation.

·       Lightweight Host Sensors – extend organizations’ visibility and management to the endpoint by continuously scanning and monitoring security events on devices and sending them back to ThreatSync for analysis, scoring and remediation. Previously a frustrating security blind spot for most organizations, this constant flow of data from devices beyond the traditional network perimeter allows users to visualize and address endpoint threats.

·       UTM Network Security Services – add yet another layer of intelligence into the correlation and scoring process. WatchGuard Firebox M Series, T Series and XTMv appliances, as well as existing TSS services like APT Blocker, WebBlocker, Reputation Enabled Defense and Gateway AntiVirus, also pass threat data through ThreatSync.

·       Host Ransomware Prevention (HRP) module – enables industry-leading prevention against ransomware attacks. Host Ransomware Prevention, along with the advanced malware protection provided through APT Blocker, blocks the execution of ransomware before file encryption takes place on the endpoint, mitigating the ransomware attack before any damage is done.

·       Additional Security Layer to Existing Antivirus (AV) – means that users or MSSPs don’t need to replace existing AV solutions already deployed. TDR works in tandem with existing AV, bringing an additional, powerful layer of threat detection and event correlation to catch anything that AV might miss or be unable to remediate.

 

“As a longtime WatchGuard customer, we are excited about how Threat Detection and Response has tightly and easily integrated with our network defense to add powerful correlation capabilities,” said Andre Bromes, SVP and CIO/CISO of Goodwill New York / New Jersey (goodwillnynj.org), an organization whose mission is to empower individuals with disabilities, and other barriers to employment, to gain independence through the power of work. “The correlated detection and automated response features adds a missing layer to our security stack and have enabled us to immediately detect infections, and prevent them from spreading within our network. This streamlined approach has increased our ability to identify and deal with suspicious activity on our network, and is also saving us valuable resources like time and additional manpower." 

TDR for MSSPs and VARs

TDR enables MSSPs and Value-added Resellers (VARs) to increase the value of their product and service offerings with the ability to provide detection, correlation and response services from the network to the endpoint, manage countless subscriber accounts with ease, and offer a single, comprehensive security solution with one SKU through Total Security Suite.

AVAILABILITY

Threat Detection and Response Service is now available as part of the WatchGuard Total Security Suite. For more information, visit www.watchguard.com/TDR.

ADDITIONAL RESOURCES

·       TDR Brochure

·       TDR Tech Brief

·       Host Sensor Data Sheet

·       ThreatSync Feature Brief

·       eBook: Achieving Security Bliss through Correlation

About WatchGuard Technologies, Inc.

WatchGuard® Technologies, Inc. is a global leader in network security, providing best-in-class Unified Threat Management, Next Generation Firewall, secure Wi-Fi, and network intelligence products and services to more than 75,000 customers worldwide. The company’s mission is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for Distributed Enterprises and SMBs. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For additional information, promotions and updates, follow WatchGuard on Twitter, @WatchGuard on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.