Press Release


Next-Gen Cloud Sandboxing Improves Malware Detection and Remediation

WatchGuard delivers controlled endpoint threat analysis to stop unknown and evasive attacks

WatchGuard’s new generation of cloud-based sandboxing technology is able to automatically analyse suspicious endpoint files to identify behaviour associated with persistent threats, zero day attacks and evasive malware, to deliver fast and confident endpoint threat remediation. The new service correlates network and endpoint security events – on or off the corporate network – with threat intelligence, to detect, prioritise and enable immediate action to stop malware attacks.

Aimed at small and midsize businesses (SMBs), distributed enterprises and managed security service providers (MSSPs), WatchGuard’s latest version of its Threat Detection and Response (TDR) solution introduces direct integration between endpoint host sensors and APT Blocker, WatchGuard’s cloud sandbox solution. With this new TDR update, APT Blocker is extending its powerful next-gen cloud sandboxing capabilities from inside the network to individual devices outside of the network, consuming threat data directly from the endpoint for analysis.

“Since we launched TDR, it’s been the only solution out there that combines the power of complete Unified Threat Management (UTM) network security services with endpoint detection and response capabilities,” said Andrew Young, SVP of product management at WatchGuard. “We’ve taken that a step further with our latest updates to TDR, extending APT Blocker’s advanced sandboxing capabilities from the network to the endpoint. Now, users can automatically place a potentially dangerous endpoint file under the microscope to observe its behavioral characteristics and objectives, and respond accordingly.”

TDR combines several key elements to enable users to better detect and remediate evasive threats both inside their networks and on their endpoints:

  • ThreatSync – WatchGuard’s cloud-based correlation engine, which collects event data in real-time from Firebox appliances, host sensors and enterprise-grade cloud intelligence feeds. ThreatSync analyses this data to generate a threat score that guides either single-click or policy-based automated threat responses.
  • UTM Network Security – WatchGuard Firebox M Series, T Series, FireboxV and Firebox Cloud appliances, as well as existing industry-leading security services that contribute security data from inside the network to ThreatSync for correlation.
  • Host Sensors – a lightweight software agent loaded onto endpoint devices that extends visibility beyond the network perimeter to individual devices. These sensors send data from potentially malicious endpoint security events to ThreatSync and APT Blocker to be analysed, scored and addressed.
  • APT Blocker – leverages a next-generation sandbox to emulate target environments and safely execute potentially malicious files from both the network and endpoint in order to analyse their behaviour. Based on the APT Blocker response, the ThreatSync score is updated, enabling automatic remediation to eliminate the threat.
  • Host Ransomware Prevention (HRP) Module – a lightweight software agent within endpoint Host Sensors that leverages behavioural analysis to identify ransomware-specific characteristics and automatically shut down ransomware assaults pre-encryption. New advanced threat behaviours and characteristics are constantly added in order to ensure that HRP can block emerging attacks.


Whenever ThreatSync receives Host Sensor data that classifies an endpoint file as potentially malicious, it analyzes a hash of the malware sample, crossreferencing it with an extensive library of existing threats. If no match is found, TDR uploads the suspicious file where APT Blocker automatically performs deep analysis by detonating it in a controlled cloud sandbox that emulates a physical endpoint in order to analyse its intended behavior and unique characteristics. Once APT Blocker’s analysis is complete, it relays the results to ThreatSync, which then updates the threat score and enables automated remediation.

A completely cloud-based solution, TDR’s centrally managed, intuitive interface enables partners to service countless subscriptions without spending as much time at customer sites for new deployments or troubleshooting exercises. With TDR, included in WatchGuard’s Total Security Suite, MSSPs can further differentiate themselves from the competition, win more business, and build an additional recurring revenue stream by monetising continuous, more advanced detection and response services; all with one SKU and one license.

Threat Detection and Response Service is now available as part of the WatchGuard Total Security Suite. Host sensor licenses vary based on the Firebox model, and additional sensor packages are available as an add-on offer. For more information, visit



About WatchGuard Technologies, Inc.

WatchGuard® Technologies, Inc. is a global leader in network security, endpoint security, secure Wi-Fi, multi-factor authentication, and network intelligence. The company’s award-winning products and services are trusted around the world by more than18,000 security resellers and service providers to protect more than 250,000 customers. WatchGuard’s mission is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for midmarket businesses and distributed enterprises. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit

For additional information, promotions and updates, follow WatchGuard on Twitter, @WatchGuardUK on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at Subscribe to The 443 – Security Simplified podcast at, or wherever you find your favorite podcasts.

WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners.



Media Contacts

Chris Warfield
WatchGuard Technologies

Peter Rennison
1442 245030


Media Kit

All Press Releases