Product and Support News

ThreatSync requires a new version of WatchGuard Endpoint Security by 31 August 2023

27 July 2023 By Ricardo Arroyo
webinar_Identity_Security_Plan

Good day!

I first want to thank everyone who enabled ThreatSync over these crucial first four months. Early adopters are instrumental in helping us determine the future direction of the product. Thanks to this initial feedback, we have been able to improve ThreatSync’s ability to reflect the status of your Watchguard Endpoint Security (WES) devices.

Does this affect me?

We have an improvement that  now reflects isolations that previously occurred in the Endpoint Security management UI within ThreatSync. This required a significant change to the system to enable ThreatSync to more effectively interact with Endpoint Security. This also requires an update to the Windows Endpoint agent. After we deploy these changes, all accounts must run WatchGuard Endpoint Security Release 15 (R15) for ThreatSync to continue functioning as expected.

How do I upgrade?

To opt in to the Endpoint Security upgrade, use the Alert Bell in the  management UI. This upgrade  requires a restart of the endpoints to update to the improved protection provided by R15. If you want to make sure you are ready for the ThreatSync update, make sure each endpoint is running Windows agent version 1.21.02. Go to the link below for more details and screen captures.

When is the deadline to upgrade?

We will enable this Endpoint status feature in ThreatSync on 31 August 2023.

What happens if I do not upgrade?

If you have not upgraded by the deadline, we cannot guarantee that ThreatSync will continue to reflect isolation status accurately.

For more information, go to: WatchGuard Endpoint Security Upgrade.

 

Filed under: WatchGuard Cloud Platform
< Blog Home

Related Posts

Img blog_Identity.jpg
Article

WatchGuard Cloud Directory for Users and Groups

Article

WatchGuard Cloud Directory for Users and Groups

WatchGuard Cloud Directory for Users and Groups

WatchGuard will launch its Directory to enable customers to manage their users and groups that are not part of an external directory, such as Entra ID (formerly Azure AD), Active Directory, LDAP sources, or Google Cloud Directory for Workspace.

While we recommend that organizations use a cloud directory like Entra ID (Azure AD), or Google Cloud Directory for Workspace we recognize there are cases where these are not applicable or desirable, for example:

  • Very small organizations (fewer than 25 users) and relatively simple access control needs, creating, and managing a cloud domain could be simpler and more cost-effective than implementing a full-fledged directory system.
  • Any sized organization that wants to manage contractors and vendors (third-party access) separately from their employees, managing these users separately from their domain.

With the WatchGuard Cloud Directory, it will be possible to:

  1. Check users’ password against breaches at the moment of the password creation by the user. This prevents known compromised passwords from being created in the first place.
  2. Users and groups are visible throughout the WatchGuard portfolio, important for integrations and upcoming products and services.
  3. Single factor (password) authentication service for new products and services of the WatchGuard portfolio.

As the WatchGuard Cloud Directory evolves in the future, enhancements include:

  1. Enable CSV bulk import for users and groups.
  2. Configurable password requirements and complexity policy.
  3. Device management (in addition to users, groups, resources).
  4. Identity threats visibility, risk scoring (e.g., Password-only without MFA).

 

Is there any impact in my AuthPoint configuration?

Current and new AuthPoint Multi-factor and AuthPoint Total Identity Security users and groups that are not leveraging   Entra ID (formerly AAD), AD or LDAP directory synchronization will also be created, edited, and deleted through the WatchGuard Cloud Domain when launched.

Due to tighter security requirements for the credential handling in the WatchGuard Cloud Directory, if using a Firebox direct integration with AuthPoint to provide MFA for IKEv2 or L2TP VPN, Fireboxes must be using Fireware version 12.7.2 or above.

RADIUS configurations for IKEv2 and L2TP, need to double-check the MFA options that continue to be supported for authentication policies:

  • Password + Push Notification – This is the recommended configuration.
  • OTP – Option for users that have a hardware token, instead of a mobile token.
  • Password-only - Not recommended, as RADIUS policies do not evaluate risk such as geolocation or network, and provides no identity verification.

As a reminder:  Password + QR Code and Password + OTP are not supported for IKEv2 or L2TP VPN connections.

Read Article 
image_ThreatSync_Post3_LR
Article

New Beta Features available for ThreatSync!

Article

New Beta Features available for ThreatSync!

Welcome!

We are excited to announce new betas for ThreatSync!

Threat Activity Graph (Beta)

  • This feature enables you to view a threat activity graph for an Indicator of Attack (IOA) incident from the Incident Details page. This interactive diagram shows the sequence of events that led to the generation of the IOA. You can use this feature to help identify the root cause of an attack.

Remote Control (Beta)

  • This feature enables you to remotely connect to Windows computers on your network from the ThreatSync management UI to investigate and remediate potential attacks.
  •  To use this feature, your remote Windows computers must have an active WatchGuard Advanced EPDR license and a remote control settings profile assigned in Endpoint Security.

 Isolation Exceptions - Manual (Beta)

  • This feature enables you to allow communications from specific processes when you manually isolate a device from the Incidents, Incident Details, and Endpoints pages in ThreatSync. Isolation exceptions will be available for automation policies in a future release.

 To learn more or to report an issue, go to the ThreatSync Beta test community.

Before you submit your feedback, make sure to review the list of Known Issues.

We appreciate you testing these exciting new features. Thanks for your help in making our products better!  

The WatchGuard Beta Team



 

Read Article 
WatchGuard Logo
Article

New Beta Features available for ThreatSync!

Article

New Beta Features available for ThreatSync!

Welcome!

We are excited to announce two new betas for ThreatSync – Comments in Incidents and Default Automation Policies! 

Comments in Incidents

This feature enables you to add comments to specific ThreatSync incidents to document the activities performed on the incident and to view the incident history. With this feature, you can:

  • Add comments to incidents on the Incident Details page
  • Add comments when you change incident status or perform actions
  • Edit, delete, and search your comments

Default Automation Policies

This feature enables you to generate and enable two ThreatSync default automation policies:

  • Default Remediation Automation Policy — Automatically protects you from high-risk incidents with a risk range of 7-10
  • Default Archive Automation Policy — Automatically reduces the number of low-risk incidents with a risk score of 1

To learn more or to report an issue, go to the ThreatSync Beta test community

Before you submit your feedback, make sure to review the list of Known Issues.

We appreciate you testing these exciting new features. Thanks for your help in making our products better!  

The WatchGuard Beta Team

Read Article 
< Blog Home