Story image

WatchGuard updates ThreatSync platform for MSPs

29 Jul 2019

WatchGuard Technologies has updated its threat correlation and response platform with capabilities that include faster breach protection and AI-powered threat analysis to better defend against internal and external security threats.

WatchGuard’s platform ThreatSync now features the new capabilities as part of the latest Threat Detection and Response (TDR) release.

The updates allow managed service providers to provide more cyber protections for the organisations they support. Those protections include reduced breach detection and containment timeframes from months to minutes, the ability to automatically remediate zero-day malware and better defend against targeted, evasive threats both inside and outside the network perimeter.

“As cybercriminals increasingly leverage advanced, targeted attacks with evasive characteristics designed to circumvent basic anti-malware protections, midmarket organisations without adequate security expertise and resources rely heavily on trusted IT solution providers to rapidly and effectively respond to attacks,” explains WatchGuard vice president of product management, Brendan Patterson. 

“These new ThreatSync capabilities arm managed service providers with the tools they need to provide malware detection and response (MDR) services by detecting breaches in minutes and automatically mitigating advanced attacks for their customers, all through their existing TDR deployments.”

Key ThreatSync features now available via TDR include:
 
Host containment and automated response – ThreatSync quickly contains any host machine that’s been compromised, shielding it from the rest of the business network. As soon as a threat is identified, Host Containment automatically takes action to control infections before they spread. 

Once contained, ThreatSync eliminates the malware by automatically killing processes, quarantining malicious files, and deleting associated registry keys.
 
Accelerated breach detection – ThreatSync immediately identifies malicious files on all protected endpoints, and automatically begins remediation. This adds correlation with endpoint security that is not present in most comparable network security solutions. 

When users download unknown files from the web, the Firebox first submits them to APT Blocker, WatchGuard’s next-generation cloud sandbox, for advanced analysis while host sensors on victim endpoints actively monitor them and the results are correlated with ThreatSync. 
 
Network process correlation – ThreatSync not only identifies and blocks connections to malicious destinations, but it also automatically responds to unknown processes responsible for them. With ThreatSync, malicious outbound connections blocked by WatchGuard’s Firebox appliances are correlated to reveal the initiating endpoint and process, where the process is automatically terminated. 

This feature provides MSPs and network administrators with detailed contextual information on the network destination, service name, host name and process, allowing them to successfully respond and prevent future instances.
 
Artificial intelligence analysis – ThreatSync uses new AI capabilities to automatically analyse and triage files, identifying those that possess suspicious characteristics before directing them to APT Blocker for further analysis. 

This minimises the time IT administrators spend managing alerts and prevents truly suspect files from going undetected, which allows MSPs and midsized organisations to identify and block real threats faster and with more confidence.