New Feature - Password Security for WatchGuard Cloud Directory Users

At WatchGuard, we believe the best innovations come from listening to the people who use our products daily. That’s why we’re excited to introduce two new upgrades to WatchGuard Cloud: the Resource Center and the Idea Portal. These features allow users to stay informed and provide feedback directly to WatchGuard.  

What is the Resource Center? 

The Resource Center is a one-stop shop for all of the latest WatchGuard news and information. It provides greater visibility into new features, easy engagement with WatchGuard Product Teams, and quick access to helpful resources.  

Now, with the Resource Center, WatchGuard Cloud Users have one place for: 

• Announcements
• Guides
• Feedback
• Documentation  

What is the Idea Portal? 

The Idea Portal is your direct line to our product team. Whether you're a partner or customer, it lets you: 

• Submit ideas and product feedback directly from within WatchGuard Cloud
• Upvote ideas you want prioritized
• Track idea status as they move from “Under Review” to “Released”
• Engage in the roadmap and influence what’s built next 

This isn’t just about feature requests, it's about co-creating the future of WatchGuard Cloud together. By opening a feedback loop directly in the platform, we’re solving real-world challenges you’ve shared with us. 

Let’s Build Together 

Now your voice has a dedicated home inside WatchGuard Cloud. Whether you have feedback on a product, are looking for a resource, or are just curious about what’s coming next in WatchGuard Cloud, explore the new Resource Center today. 

We’re excited to unveil a groundbreaking addition to ThreatSync—the ability to correlate identity-related incidents, powered by AuthPoint’s Multi-Factor Authentication (MFA) alerts and activities.

Enhancing Threat Detection with Identity Insights

ThreatSync now features advanced capabilities to detect Credential Access incidents by integrating critical Identity Indicators of Compromise (IoCs) and Indicators of Attack (IoAs). By leveraging data from AuthPoint’s MFA events, alerts, and remediation activities, this new feature fortifies your organization’s defenses against common attack vectors targeting identities, such as:

• Login Attempts with Incorrect Passwords: Identify repeated failed login attempts that may signal credential stuffing or brute-force attacks.
• Excessive Push Notifications: Detect situations where users are overwhelmed with push notifications, a potential sign of MFA fatigue attacks.
• Policy-Based Authentication Denials: Monitor and act on authentications denied due to security policies, highlighting policy enforcement.
• Blocked Tokens Due to Failed Attempts: Recognize when tokens are blocked following multiple failed authentication attempts, indicating potential misuse.
• Disabled Push Notifications by Users: Address cases where users disable push notifications, potentially compromising MFA effectiveness.
• Unknown User Authentication Attempts: Identify and investigate authentication attempts by unrecognized users, signaling potential unauthorized access attempts.

Key Benefits of the New ThreatSync Feature

• Seamless Identity Threat Detection: Automatically correlate identity-related incidents for faster, more accurate threat detection.
• Integrated Security: Utilize ThreatSync’s detection and remediation tools alongside WatchGuard’s comprehensive suite of security solutions.
• Simplified Security Management: Streamline incident response processes with a unified approach to security.

With this new capability, ThreatSync users can harness its robust detection and remediation tools alongside WatchGuard’s full suite of integrated security solutions, boosting incident response and simplifying security management.

The WatchGuard Team

We are excited to announce a new beta feature for ThreatSync!

AuthPoint Incidents in ThreatSync

This feature enables you to view and manage AuthPoint incidents in ThreatSync. AuthPoint sends incident data to ThreatSync in the form of Credential Access events. These Credential Access incidents are available:

• Login attempts with incorrect password
• User received too many push notifications
• Authentication denied by AuthPoint policy
• Token blocked by too many failed authentications
• User disabled push notifications
• Authentication attempt from an unknown user

Based on the type of Credential Access incident, you can use these remediation actions:

• Block user
• Block IP address
• Isolate device

To learn more or to report an issue, go to the ThreatSync Beta test community.

Before you submit your feedback, make sure to review the list of Known Issues.

We appreciate you testing these exciting new features. Thanks for your help in making our products better!  

The WatchGuard Beta Team