We are excited to announce that enhanced Network to Process Correlation in Threat Detection and Response is generally available! While TDR has always correlated network threats from your Firebox to an individual host, we are proud to provide the ability to correlate that same network threat to an individual process on your Windows host! This functionality enables Administrators to:
- Quickly identify Windows processes that are making malicious outbound network connections.
- Stop those processes before they cause any damage to your environment(s).
This feature includes the following benefits and functions:
- A new Process + Network indicator type that contains all of the information you would expect to triage the threat.
- Zero configuration – the feature works out-of-the-box, protecting environments immediately.
- Automated integration with existing ThreatSync policies.
We hope you are as excited about this new feature as we are! Any and all feedback, as usual, is always welcome!
WatchGuard Product Team