ThreatSync is a new WatchGuard Cloud service that provides XDR technology for WatchGuard Network and Endpoint Security products that:
- Provides a UX primarily for incident responders
- Displays malicious detections
- Correlates events to create new malicious detections
- Delivers the ability to respond on-demand or automate the response to malicious detections and abnormal behaviors
- Has Service Provider capabilities including aggregated dashboards, automation templates, and email notifications
ThreatSync provides extended detection capabilities by correlating data from different WatchGuard security products that indicate the presence of threat actors in the organization. By using cross-domain and correlating activities monitored from different security products, ThreatSync scores and detects malicious scenarios that could be indicators of compromise (IoCs), enabling MTTD reduction and swift containment of the impact, severity, and scope.
ThreatSync is a WatchGuard unified security feature included by default with any Firebox TSS subscription and WatchGuard EDPR and EDR products. The more WatchGuard products you have, the more visibility and expanded XDR features you gain access to.
Before you submit your feedback, make sure to review the list of Known Issues.
For more details on ThreatSync, please visit the Beta site.
We will be holding a raffle at the end of the Beta window to give away 10 - $100 Visa Gift cards. In order to be eligible you have to complete at least 10 Beta Tasks and provide at least one piece of feedback, which can be a Bug, Suggestion or Praise. We're very excited to hear from everyone so get those testing tasks and feedback in!
Again, we appreciate your help in beta testing this new product. Thanks for your help in making our products better!
The WatchGuard Beta Team
IMPORTANT NOTE: ThreatSync does not currently respect WatchGuard Cloud Account Groups. If you are currently using Account Groups to restrict certain operators to visibility of specific accounts, those restrictions will not work in ThreatSync and those restricted operators will see all Incidents for all child accounts. If you use Account Groups for this purpose we do not recommend you participate in this Beta at this moment.