About Threat Detection and Response
Threat Detection and Response (TDR) is a cloud-based subscription service that integrates with your Firebox to minimize the consequences of data breaches and penetrations through early detection and automated remediation of security threats. TDR collects and analyzes forensic data from the Firebox, and from endpoints on your network, to proactively detect and respond to security threats. ThreatSync analytics enable TDR to assign threat level scores based on heuristics, threat feeds, and a cloud-based malware verification service.
Threat Detection and Response is supported for Firebox and XTMv device models only and requires Fireware v11.12 or higher.
The Threat Detection and Response subscription service has several components:
Threat Detection and Response Account
Threat Detection and Response is a cloud-based service hosted by WatchGuard. Your Threat Detection and Response account in the cloud collects and analyzes forensic data received from Fireboxes and Host Sensors on your network. You log into your TDR account on the WatchGuard Portal to configure account settings, Host Sensor settings, and to monitor and manage security threats.
Because your login credentials for TDR are your WatchGuard Portal credentials, when you log in to the WatchGuard Portal, single sign-on enables you to also be automatically logged in to your TDR account.
Firebox or XTMv Device
Threat Detection and Response is a security subscription that you activate for your Firebox. In the Firebox configuration, you enable the Firebox to send data to your TDR account, and you configure policies, services, and log settings to enable the Firebox and Host Sensors to send information to your TDR account.
TDR is not supported for WatchGuard XTM device models other than XTMv.
You install Host Sensors on the computers on your network. Each Host Sensor collects forensic data from the host and sends it to the Threat Detection and Response cloud for analysis. Forensic data includes information related to files, processes, network connections, and registry keys on the host. You can configure Host Sensors to simply report security threats or to take action to fix certain types of security threats.
AD Helper is an application that you can install to deploy Host Sensors on your network. AD Helper uses your existing Windows Active Directory infrastructure to assist with distributed installation of Host Sensors on your network.