Applies To: Endpoint Security Elite, Endpoint Security 360, Endpoint Security Prime, WatchGuard EDR, WatchGuard EDR Core, Endpoint Security Basic
WatchGuard Endpoint Security helps you protect your endpoints from one centralized platform. With Endpoint Security, you can review detected security problems and develop prevention and response plans for unknown and advanced persistent threats (APTs). Endpoints could include laptops, computers, servers, and mobile devices.
Throughout this documentation, Endpoint Security refers generally to the core products, as well as WatchGuard EDR Core, which is available with the Firebox Total Security Suite. When a feature is specific to a product, refer to the Applies To statement at the top of the help topic for information on which products the topic is relevant to.
From WatchGuard Cloud, you can access the management UI for these Endpoint Security products:
WatchGuard Endpoint Security Basic (evolved from WatchGuard EPP)
Endpoint Security Basic provides strong protection with AI-powered EDR that automatically stops threats with virtually no management. It prevents known and unknown malware, including ransomware attacks with endpoint protection features such as next-gen antivirus, firewall, device control, and URL filtering.
Endpoint Security Basic supports these client platforms: Windows (Intel and ARM), Linux, macOS (Intel and ARM), iOS, and Android.
WatchGuard Endpoint Security Prime
Endpoint Security Prime integrates the full prevention, detection and response capabilities of Endpoint Security Basic with full EDR capabilities, including advanced malware detection, anti-exploit protection, threat hunting, and attack surface reduction. Endpoint Security Prime does not include the Zero-Trust Application Service, Endpoint Access Enforcement, or Program Blocking features.
Endpoint Security Prime supports these client platforms: Windows (Intel and ARM), Linux, macOS (Intel and ARM), iOS, and Android.
For more information, go to About Endpoint Security Prime.
WatchGuard Endpoint Security 360 (formerly WatchGuard EPDR)
Endpoint Security 360 prevents, detects, and responds to any type of known and unknown malware, as well as fileless and malwareless attacks. It expands on the capabilities of Endpoint Security Prime with the Zero-Trust Application Service to prevent applications and processes from running until they are validated as trusted. It also controls connections among endpoints to block lateral movements within the network. Endpoints with Endpoint Security 360 installed can send data to ThreatSync. For information on ThreatSync, go to About ThreatSync.
Endpoint Security 360 supports these client platforms: Windows (Intel and ARM), Linux, macOS (Intel and ARM), iOS, and Android.
WatchGuard Endpoint Security Elite (formerly Advanced EPDR)
Endpoint Security Elite extends Endpoint Security 360 functionality with additional capabilities designed for security operations teams to discover undetected threats on their customer endpoints. Endpoint Security Elite includes advanced detection and response features such as centralized management of Indicators of Compromise (IOCs) compatible with STIX and Yara rules, Advanced Security Policies, and remote access to detect, contain, and remediate incidents. Endpoints with Endpoint Security Elite installed can send data to ThreatSync. For information on ThreatSync, go to About ThreatSync.
Endpoint Security Elite supports these client platforms: Windows (Intel and ARM), Linux, and macOS (Intel and ARM).
For a detailed list of features compared by product, go to Supported Features by Endpoint Product.
Additional EDR Products
WatchGuard EDR (WatchGuard Endpoint Detection and Response) detects and responds effectively to any type of unknown malware, as well as the fileless and malwareless attacks that traditional solutions cannot detect. It uses the Zero-Trust Application Service to prevent applications and processes from running until they are validated as trusted. WatchGuard EDR can coexist with traditional security solutions. Endpoints with WatchGuard EDR installed can send data to ThreatSync. For information on ThreatSync, go to About ThreatSync.
WatchGuard EDR supports these client platforms: Windows (Intel and ARM), Linux, and macOS (Intel and ARM).
WatchGuard EDR Core is included in the Firebox Total Security Suite. It is available for a limited number of endpoints, based on the Firebox model. With a Total Security Suite subscription license, you will see an EDR Core license in WatchGuard Cloud. You can use WatchGuard Cloud to manage EDR Core endpoint allocation and to access the Endpoint Security management UI. For information on EDR Core features, go to WatchGuard EDR Core Features.
Layered Protection
Endpoint Security Elite, 360, Prime, and WatchGuard EDR use a layered protection model of these technologies:
- Signature file and heuristic scanners
- Contextual detections for fileless attacks
- Anti-exploit technology for fileless attacks
- Zero-Trust Application Service (not available with Endpoint Security Prime)
- Threat Hunting Service
The Zero-Trust Application Service in WatchGuard Endpoint Security protects your endpoints through 100% classification of all applications, programs, and executables. It monitors and prevents the execution of malicious applications and processes on endpoints. The service automatically classifies applications and processes as malicious or legitimate, in real-time. Only trusted applications and processes are allowed to run.
The Threat Hunting Service detects anomalous usage of trusted applications on endpoints. It uses hacker detection to find attackers who use living-off-the-land techniques and lateral movements, as well as behavior modeling to identify malicious use by employees. When the WatchGuard Security Team detects a living-off-the-land attack, they notify you.
About Endpoint Security Licenses