Endpoint Security Prime is currently available for early access as a one-year Term license for customers in North America (US and Canada) only.
Endpoint Security Prime is an endpoint detection and response solution. It delivers full EDR capabilities, such as advanced malware detection, anti-exploit protection, threat hunting, and attack surface reduction.
Currently, customers who purchase Endpoint Security Prime get access to the full WatchGuard EPDR product. EPDR includes additional features (Zero-Trust Application Service and Endpoint Access Enforcement) and 365 days of telemetry data storage.
When your one-year Endpoint Security Prime license is ready for renewal, you can select to stay on Prime without the additional features included with EDPR, or you can upgrade to EPDR to retain the additional features. If you select to stay on Endpoint Security Prime, incident-related telemetry data storage automatically drops to 30 days.
For more information on the features available with Endpoint Security Prime and EPDR, go to Feature Comparison with WatchGuard EPDR.
After you purchase an Endpoint Security Prime license, you must activate it at WatchGuard.com. This adds a WatchGuard EPDR license to your WatchGuard Cloud account. You can then allocate EPDR endpoints from the license. For information on how to activate and allocate an Endpoint Security license, go to Activate an Endpoint Security License and Allocate Endpoints.
Endpoint Security Prime Features and Limitations
During the initial one-year term, you might want to make settings changes to EPDR to disable features in EPDR that are not available with Endpoint Security Prime. To do this:
- Enable Audit mode in Advanced Protection
- Disable Endpoint Access Enforcement
- Disable Program Blocking
For information on how to configure these settings, go to:
- Advanced Protection
- Configure Endpoint Access Enforcement Settings (Windows Computers)
- Configure Program Blocking Security Settings (Windows Computers)
Feature Comparison with WatchGuard EPDR
This table shows the features that are supported and not supported by Endpoint Security Prime.
| FEATURE |
WatchGuard EPDR |
Endpoint Security Prime |
|---|---|---|
| Protection | ||
| Detection of code injection in running processes | Supported | Supported |
| Protection against known and zero-day malware | Supported | Supported |
| Protection against known and zero-day ransomware | Supported | Supported |
| Protection against known and zero-day exploits | Supported | Supported |
| Anti-phishing protection | Supported | Supported |
| Protection for multiple attack vectors (web, email, network, devices) | Supported | Supported |
| Traditional protection with generic and optimized signatures | Supported | Supported |
| Protection against advanced persistent threats (APTs) | Supported | Supported |
| Zero-Trust Application Service | Supported | Not supported |
| Queries to WatchGuard cloud-based collective intelligence | Supported | Supported |
| Self-learning AI: Context-based behavioral detection | Supported | Supported |
| Self-learning AI: Malicious installer blocking (MSI) | Supported | Supported |
| Self-learning AI: Malicious .NET detection | Supported | Supported |
| Personal and managed firewall | Supported | Supported |
| IDS / HIPS | Supported | Supported |
| Network attack protection | Supported | Supported |
| Device control | Supported | Supported |
| URL filtering by category (web browsing monitoring) | Supported | Supported |
| Monitoring | ||
| Endpoint risk monitoring | Supported | Supported |
| Cloud-based continuous monitoring of all process activity | Supported | Supported |
| Data retention for retrospective attack investigation | Supported | Supported* |
| Vulnerability assessment | Supported | Supported |
| Detection | ||
| Detection of vulnerable driver | Supported | Supported |
| Fully configurable and instant security risk alerts | Supported | Supported |
| Detection of compromised trusted applications | Supported | Not supported |
| eXtended Detection and Response (XDR) capabilities | Supported | Supported |
| Threat Hunting Service: Deterministic indicators of attack mapped to MITRE ATT&CK | Supported | Supported |
| Containment | ||
| Real-time computer isolation, scan and restart from the management UI | Supported | Supported |
| Response and Remediation | ||
| Ability to roll back and remediate the actions taken by attackers | Supported | Supported |
| Centralized quarantine | Supported | Supported |
| Automatic analysis and disinfection | Supported | Supported |
| Shadow copies | Supported | Supported |
| Ability to block unknown and unwanted applications | Supported | Not supported |
| eXtended Detection and Response (XDR) capabilities | Supported | Supported |
| Investigation | ||
| Threat Hunting Service: Deterministic indicators of attack mapped to MITRE ATT&CK | Supported | Supported |
| Automated and interactive incident attack story | Supported | Supported |
| Ability to export lifecycle information for local analysis | Supported | Supported |
| Advanced Reporting Tool (add-on module) | Supported | Supported** |
| Discovery and monitoring of unstructured personal data across endpoints (add-on module)* | Supported | Supported** |
| Attack Surface Reduction | ||
| Endpoint Access Enforcement | Supported | Not supported |
| Lock mode in the Advanced Protection | Supported | Not supported |
| Anti-exploit technology | Supported | Supported |
| Block programs by hash or name (for example, PowerShell) | Supported | Not supported |
| Device Control | Supported | Supported |
| Web protection | Supported | Supported |
| Automatic updates | Supported | Supported |
| Automatic discovery of unprotected endpoints | Supported | Supported |
| Patch Management for OS and third-party applications (add-on module) | Supported | Supported |
| Security for VPN connections (requires Firebox) | Supported | Supported |
| Secure access to Wi-Fi network through access points | Supported | Supported |
| Endpoint Security Management | ||
| Centralized cloud-based management UI | Supported | Supported |
| Settings inheritance between groups and endpoints | Supported | Supported |
| Ability to configure and apply settings on a group basis | Supported | Supported |
| Ability to configure and apply settings on a per-endpoint basis | Supported | Supported |
| Real-time deployment of settings from the management UI to endpoints | Supported | Supported |
| Security management based on endpoint views and dynamic filters | Supported | Supported |
| Ability to schedule and perform tasks on endpoint views | Supported | Supported |
| Ability to assign preconfigured roles to management UI users | Supported | Supported |
| Ability to customize local alerts | Supported | Supported |
| Ability to control restarts for patch and protection updates | Supported | Supported |
| User activity auditing | Supported | Supported |
| Installation through MSI packages, download URLs, and emails sent to end users | Supported | Supported |
| On-demand and scheduled reports at different levels and with multiple granularity options | Supported | Supported |
| Security KPIs and management dashboards | Supported | Supported |
| API availability | Supported | Supported |
| Remote Monitoring & Management (RMM) Integrations | ||
| ConnectWise Automate | Supported | Supported |
| Kaseya VSA | Supported | Supported |
| N-able N-central | Supported | Supported |
| N-able N-sight | Supported | Supported |
| NinjaOne (Automated Deployment Scripting) | Supported | Supported |
| Modules | ||
| WatchGuard Data Control*** | Supported | Supported** |
| WatchGuard Advanced Reporting Tool | Supported | Supported** |
| WatchGuard Patch Management | Supported | Supported |
| WatchGuard Full Encryption | Supported | Supported |
| WatchGuard SIEMFeeder | Supported | Supported** |
| WatchGuard Orion | Supported | Supported |
| Supported Operating Systems | ||
| Windows Intel | Supported | Supported |
| Windows ARM | Supported | Supported |
| macOS Intel | Supported | Supported |
| macOS ARM (M1 and M2) | Supported | Supported |
| Linux | Supported | Supported |
| Android | Supported | Supported |
| iOS | Supported | Supported |
| Support for virtual environments - persistent and non-persistent (VDI)**** | Supported | Supported |
* Incident-related retention for 30 days
** Not available for the Early Access Program
*** WatchGuard Data Control is supported in these countries only: Austria, Belgium, Denmark, Finland, France, Germany, Holland, Italy, Ireland, Norway, Portugal, Spain, Sweden, and the UK.
**** Compatible systems with these types of virtual machines: VMware Desktop, VMware Server, VMware ESX, VMware ESXi, Citrix XenDesktop, XenApp, XenServer, MS Virtual Desktop and MS Virtual Servers. WatchGuard EPDR is compatible with Citrix Virtual Apps, Citrix Desktops 1906 & Citrix Workspace App for Windows.
About WatchGuard Endpoint Security
Supported Features by Endpoint Security Product