Applies To: WatchGuard Core MDR, WatchGuard Core MDR for Microsoft
WatchGuard Managed Detection and Response (MDR) keeps your customer endpoints safe with security monitoring, threat hunting, attack detection, investigation, and containment. It provides guided recommendations to remediate affected assets and to improve customer security posture. WatchGuard MDR enables you to provide MDR services to your customers with minimal investment in a modern SOC (security operations center), expensive technology, or cybersecurity experts.
Powered by innovative AI technologies, the MDR service is fully managed by the WatchGuard SOC. Our cybersecurity experts provide 24/7 support to you and your customers to elevate their overall cyber resiliency and minimize the time to detect and respond to threats. In the event of a potential cyberattack, the WatchGuard SOC team guides you through the containment and remediation process.
MDR Licenses
To use WatchGuard MDR, you must activate one of these MDR licenses:
- WatchGuard Core MDR — For environments that use WatchGuard Endpoint Security.
- WatchGuard Core MDR for Microsoft — For environments that use Microsoft Defender for Endpoints.
For more information about MDR licenses, go to About Managed Services Licenses.
Partner Eligibility and Onboarding
WatchGuard MDR is a managed service provided by WatchGuard to eligible partners. To learn more about how the WatchGuard SOC team works with partners to provide MDR services, go to WatchGuard MDR Managed Service Overview.
Configure and Connect Managed Services
The steps you must take to configure and connect MDR to your customer environment depend on your WatchGuard MDR license.
WatchGuard Core MDR
For environments with WatchGuard Core MDR and WatchGuard Endpoint Security, you configure MDR settings in WatchGuard Cloud. For more information, go to Configure WatchGuard Core MDR Settings.
WatchGuard Core MDR for Microsoft
For environments with WatchGuard Core MDR for Microsoft, you must complete steps to allow the WatchGuard SOC team to monitor endpoints in your environment that run Microsoft Defender. For more information, go Connect WatchGuard Core MDR for Microsoft with Microsoft Defender.
Both MDR licenses also enable the WatchGuard SOC team to monitor your cloud-based Office 365 environment. For information about how to connect WatchGuard MDR with Microsoft Office 365, go to Connect WatchGuard MDR with Microsoft Office 365.
Managed Services Portal
The Managed Services portal offers a unified view of MDR incidents and detections for all your customers. With real-time insights into customer endpoints and Office 365 environments, you can quickly identify and address risks to strengthen defenses.
The actions you can take in the Managed Services portal depend on your WatchGuard Cloud operator role.
Service Provider
- Sales, Auditor — Sales and Auditor operators can view key metric data, investigations, detections, and reports for their Subscriber accounts.
- Owner, Helpdesk — Owner and Helpdesk operators have full permissions for their Subscriber accounts. They can take actions on investigations, such as reset passwords or dismiss detections. They can also contact the WatchGuard SOC team directly with comments in investigation details.
Subscriber
- Observer — Observer operators can view key metric data, investigations, detections, and reports for their account.
- Admin, Analyst — Admin and Analyst operators have full permissions for their account. They can take actions on investigations, such as reset passwords or dismiss detections. They can also contact the WatchGuard SOC team directly with comments in investigation details.
For information about how to use the Managed Services portal, go to About the Managed Services Portal.