Applies To: WatchGuard Core MDR, WatchGuard Core MDR for Microsoft, WatchGuard Total MDR, WatchGuard Open MDR
WatchGuard Managed Detection and Response (MDR) keeps your organization safe with security monitoring, threat hunting, attack detection, investigation, and containment.
Powered by innovative AI technologies, the MDR service is fully managed by WatchGuard. Our cybersecurity experts provide 24/7 support to you or your customers to elevate overall cyberresiliency and minimize the time to detect and respond to threats. In the event of a potential cyberattack, the WatchGuard MDR team guides you through the containment and remediation process.
Managed Services Products
WatchGuard offers these Managed Services products:
WatchGuard Core MDR
For environments that use one of the Endpoint Security products - WatchGuard Advanced EPDR, EDPR, EDR, Panda Adaptive Defense, and Panda Adaptive Defense 360, WatchGuard Core MDR enables the WatchGuard MDR team to monitor licensed endpoints and your cloud-based Microsoft 365 environment.
WatchGuard Core MDR is licensed as an Endpoint Security module. For more information on WatchGuard Core MDR, go to WatchGuard Endpoint Security Modules. For information on Endpoint Security product licenses, go to About Endpoint Security Licenses.
WatchGuard Core MDR for Microsoft
For environments that use Microsoft Defender for Endpoints, WatchGuard Core MDR for Microsoft enables the WatchGuard MDR team to monitor endpoints in your Microsoft Defender environment and your cloud-based Microsoft 365 environment. You must have your own Microsoft Defender for Endpoint license.
WatchGuard Total MDR
WatchGuard Total MDR monitors your endpoints licensed with one of the Advanced EPDR, EPDR, or EDR Endpoint Security products.
WatchGuard Total MDR can also monitor WatchGuard Fireboxes (with a Total Security Suite license), ThreatSync+ NDR, and user authentications for AuthPoint Multi-Factor Authentication and AuthPoint Total Identity Security.
For third-party cloud integrations, WatchGuard Total MDR can monitor Microsoft 365, Microsoft Defender, AWS CloudTrail, AWS and Azure Cloud Security Posture Management (CSPM) environments, and Google Workspace.
WatchGuard Open MDR
WatchGuard Open MDR monitors your endpoints licensed with one of the Advanced EPDR, EPDR, or EDR Endpoint Security products.
WatchGuard Open MDR can also monitor WatchGuard Fireboxes (with a Total Security Suite license), ThreatSync+ NDR, and user authentications for AuthPoint Multi-Factor Authentication and AuthPoint Total Identity Security.
For third-party cloud integrations, WatchGuard Open MDR can monitor Microsoft 365, Microsoft Defender, AWS CloudTrail, AWS and Azure Cloud Security Posture Management (CSPM) environments, Google Workspace, CrowdStrike EDR, and Okta.
In addition, the WatchGuard Open MDR can collect and monitor syslog data from many third-party firewalls.
For more information about MDR licenses, go to About WatchGuard MDR Licenses.
Eligibility and Onboarding
WatchGuard MDR is a managed service provided by WatchGuard to eligible partners and customers. To learn more about how WatchGuard works with partners to provide MDR services, go to WatchGuard MDR Managed Service Overview.
Configure and Connect Managed Services
The steps you must take to configure and connect MDR to your environment depend on your WatchGuard MDR license.
WatchGuard Core MDR
For accounts with WatchGuard Core MDR and WatchGuard Endpoint Security, you configure MDR settings in WatchGuard Cloud. For more information, go to Configure WatchGuard Core MDR Settings.
WatchGuard Core MDR for Microsoft
For accounts with WatchGuard Core MDR for Microsoft, you must complete steps to allow WatchGuard to monitor endpoints in your environment that run Microsoft Defender. For more information, go to Connect WatchGuard MDR with Microsoft Defender.
WatchGuard Total MDR and WatchGuard Open MDR
After you activate and allocate users from a WatchGuard Total MDR or WatchGuard Open MDR license, ThreatSync is automatically enabled and configured for all eligible WatchGuard devices and products. For more information, go to ThreatSync.
To view which products and devices have ThreatSync enabled, go to Configure Device Settings in ThreatSync. Customers with WatchGuard Total MDR or WatchGuard Open MDR can only view, not edit, the configuration on the Device Settings page in ThreatSync.
For steps to configure your third-party integrations, go to WatchGuard MDR Integration Guides.
All MDR licenses also enable WatchGuard to monitor your cloud-based Microsoft 365 environment. For information about how to connect WatchGuard MDR with Microsoft 365, go to Connect WatchGuard MDR with Microsoft 365.
Managed Services Portal
The Managed Services portal provides a unified view of MDR incidents and detections for your managed accounts and enables you to quickly identify and address risks so that you can strengthen your defenses.
For information about how to use the Managed Services portal, go to About the Managed Services Portal.