sb-au logo
Story image

WatchGuard updates ThreatSync platform for MSPs

29 Jul 2019

WatchGuard Technologies has updated its threat correlation and response platform with capabilities that include faster breach protection and AI-powered threat analysis to better defend against internal and external security threats.

WatchGuard’s platform ThreatSync now features the new capabilities as part of the latest Threat Detection and Response (TDR) release.

The updates allow managed service providers to provide more cyber protections for the organisations they support. Those protections include reduced breach detection and containment timeframes from months to minutes, the ability to automatically remediate zero-day malware and better defend against targeted, evasive threats both inside and outside the network perimeter.

“As cybercriminals increasingly leverage advanced, targeted attacks with evasive characteristics designed to circumvent basic anti-malware protections, midmarket organisations without adequate security expertise and resources rely heavily on trusted IT solution providers to rapidly and effectively respond to attacks,” explains WatchGuard vice president of product management, Brendan Patterson. 

“These new ThreatSync capabilities arm managed service providers with the tools they need to provide malware detection and response (MDR) services by detecting breaches in minutes and automatically mitigating advanced attacks for their customers, all through their existing TDR deployments.”

Key ThreatSync features now available via TDR include:
 
Host containment and automated response – ThreatSync quickly contains any host machine that’s been compromised, shielding it from the rest of the business network. As soon as a threat is identified, Host Containment automatically takes action to control infections before they spread. 

Once contained, ThreatSync eliminates the malware by automatically killing processes, quarantining malicious files, and deleting associated registry keys.
 
Accelerated breach detection – ThreatSync immediately identifies malicious files on all protected endpoints, and automatically begins remediation. This adds correlation with endpoint security that is not present in most comparable network security solutions. 

When users download unknown files from the web, the Firebox first submits them to APT Blocker, WatchGuard’s next-generation cloud sandbox, for advanced analysis while host sensors on victim endpoints actively monitor them and the results are correlated with ThreatSync. 
 
Network process correlation – ThreatSync not only identifies and blocks connections to malicious destinations, but it also automatically responds to unknown processes responsible for them. With ThreatSync, malicious outbound connections blocked by WatchGuard’s Firebox appliances are correlated to reveal the initiating endpoint and process, where the process is automatically terminated. 

This feature provides MSPs and network administrators with detailed contextual information on the network destination, service name, host name and process, allowing them to successfully respond and prevent future instances.
 
Artificial intelligence analysis – ThreatSync uses new AI capabilities to automatically analyse and triage files, identifying those that possess suspicious characteristics before directing them to APT Blocker for further analysis. 

This minimises the time IT administrators spend managing alerts and prevents truly suspect files from going undetected, which allows MSPs and midsized organisations to identify and block real threats faster and with more confidence.

Story image
Imperva unveils new data security platform built for cloud
"The cloud has revolutionised IT, offering organisations a strategic opportunity to rapidly pursue new market initiatives and adapt their operations in the face of new business challenges."More
Story image
Cloud services top threat vector for healthcare industry
"The coronavirus pandemic continues to highlight the unique cybersecurity needs of the healthcare industry, even as it has increased the number of threats these organisations face."More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
Zscaler and CrowdStrike release integrations for end-to-end security
This collaboration between the two cloud-native security companies provides joint customers with adaptive, risk-based access control to private applications.More