New Beta Features available for ThreatSync!

WatchGuard Cloud Directory for Users and Groups

WatchGuard will launch its Directory to enable customers to manage their users and groups that are not part of an external directory, such as Entra ID (formerly Azure AD), Active Directory, LDAP sources, or Google Cloud Directory for Workspace.

While we recommend that organizations use a cloud directory like Entra ID (Azure AD), or Google Cloud Directory for Workspace we recognize there are cases where these are not applicable or desirable, for example:

• Very small organizations (fewer than 25 users) and relatively simple access control needs, creating, and managing a cloud domain could be simpler and more cost-effective than implementing a full-fledged directory system.
• Any sized organization that wants to manage contractors and vendors (third-party access) separately from their employees, managing these users separately from their domain.

With the WatchGuard Cloud Directory, it will be possible to:

1. Check users’ password against breaches at the moment of the password creation by the user. This prevents known compromised passwords from being created in the first place.
2. Users and groups are visible throughout the WatchGuard portfolio, important for integrations and upcoming products and services.
3. Single factor (password) authentication service for new products and services of the WatchGuard portfolio.

As the WatchGuard Cloud Directory evolves in the future, enhancements include:

1. Enable CSV bulk import for users and groups.
2. Configurable password requirements and complexity policy.
3. Device management (in addition to users, groups, resources).
4. Identity threats visibility, risk scoring (e.g., Password-only without MFA).

Is there any impact in my AuthPoint configuration?

Current and new AuthPoint Multi-factor and AuthPoint Total Identity Security users and groups that are not leveraging   Entra ID (formerly AAD), AD or LDAP directory synchronization will also be created, edited, and deleted through the WatchGuard Cloud Domain when launched.

Due to tighter security requirements for the credential handling in the WatchGuard Cloud Directory, if using a Firebox direct integration with AuthPoint to provide MFA for IKEv2 or L2TP VPN, Fireboxes must be using Fireware version 12.7.2 or above.

RADIUS configurations for IKEv2 and L2TP, need to double-check the MFA options that continue to be supported for authentication policies:

• Password + Push Notification – This is the recommended configuration.
• OTP – Option for users that have a hardware token, instead of a mobile token.
• Password-only - Not recommended, as RADIUS policies do not evaluate risk such as geolocation or network, and provides no identity verification.

As a reminder:  Password + QR Code and Password + OTP are not supported for IKEv2 or L2TP VPN connections.

Welcome!

We are excited to announce new betas for ThreatSync!

Threat Activity Graph (Beta)

• This feature enables you to view a threat activity graph for an Indicator of Attack (IOA) incident from the Incident Details page. This interactive diagram shows the sequence of events that led to the generation of the IOA. You can use this feature to help identify the root cause of an attack.

Remote Control (Beta)

• This feature enables you to remotely connect to Windows computers on your network from the ThreatSync management UI to investigate and remediate potential attacks.
•  To use this feature, your remote Windows computers must have an active WatchGuard Advanced EPDR license and a remote control settings profile assigned in Endpoint Security.

 Isolation Exceptions - Manual (Beta)

• This feature enables you to allow communications from specific processes when you manually isolate a device from the Incidents, Incident Details, and Endpoints pages in ThreatSync. Isolation exceptions will be available for automation policies in a future release.

 To learn more or to report an issue, go to the ThreatSync Beta test community.

Before you submit your feedback, make sure to review the list of Known Issues.

We appreciate you testing these exciting new features. Thanks for your help in making our products better!  

The WatchGuard Beta Team

Account administrators and owners often find it challenging to navigate multiple user management interfaces, such as those for inviting new users, controlling user permissions and roles, enforcing multi-factor authentication (MFA), and removing users from the system. This complexity hampers user management processes and complicates auditing, creating a significant hurdle during routine compliance audits.

Depending on the account tier, the main interfaces for user management are the WatchGuard Portal Support Center and WatchGuard Cloud. Tier-1 accounts require both interfaces, while all other account tiers exclusively use WatchGuard Cloud. 

Managing diverse business rules across multiple interfaces becomes particularly challenging for large organizations with numerous users. To simplify and streamline this process, WatchGuard is consolidating the functionality of User Manager in the WatchGuard Support Center into WatchGuard Cloud. This move aims to establish a unified interface for all operator management tasks, regardless of the account tier.

The transition to WatchGuard Cloud for user management brings several advantages, including:

• Streamlined Account Management: The new interface allows you to handle tasks such as inviting new users and managing permissions and roles in a consolidated manner, saving time and increasing overall efficiency.
• Greater Autonomy: Users gain more control over their accounts, enabling independent management of user permissions and roles. This eliminates the need to rely on WatchGuard support, providing a flexible approach to meeting specific business requirements.
• Enhanced Security: Owners and administrators can enforce multi-factor authentication (MFA), significantly boosting security. This makes user accounts more resilient to hacking attempts, instills confidence, and ensures data safety.

Overall, this transition makes user management more efficient, reduces support costs, enhances security, and delivers a consistent interface, along with the mentioned benefits.

If you have questions about how this change may impact you, please reach out to the WatchGuard team. Should you want to learn more about user management, please see Manage WatchGuard Cloud Operators in our Help Center.