Host Ransomware Prevention

Prevent Ransomware Before File Encryption

Despite existing security solutions, small to midsize businesses (SMBs) and distributed enterprise organizations continue to fall victim to ransomware attacks that can have a disastrous impact on business operations and continuity. WatchGuard Host Ransomware Prevention (HRP), a module within the WatchGuard Host Sensor, leverages behavioral analytics to not only detect and remediate these types of attacks, but actually prevent them as well.


Key Features

Utilizes a behavioral analytics engine to determine if a given action is associated with ransomware attack

In Prevent mode, HRP automatically prevents a ransomware attack before encryption takes place

ThreatSync correlates the threat data to provide a comprehensive threat score for a ransomware attack

HRP is a component of Threat Detection and Response and included with WatchGuard Total Security Suite

APT Blocker, WebBlocker & HRP work together to detect and prevent ransomware attacks

The Host Sensor leverages minimal CPU, allowing TDR to work alongside existing AV deployments

Thumbnail: Host Sensor

Behavioral Analytics for Endpoint Protection

Ransomware is one of the greatest threats facing SMBs and distributed enterprise organizations today. WatchGuard’s Host Ransomware Prevention Module within the WatchGuard Host Sensor leverages a behavioral analytics engine to monitor a wide array of characteristics to determine if a given action is associated with a ransomware attack.

Automated Remediation for Ransomware Prevention

Ransomware attacks take hold of a device by either locking the user out entirely or encrypting files so that the device cannot be used. The hacker will then post a ransom that must be paid for the user to receive the decryption key to regain access to their device. When HRP detects that a threat is in fact ransomware, it can halt the attack before encryption takes place, effectively mitigating the threat completely.

Illustration: ThreatSync

Threat Correlation and Prioritization

ThreatSync is WatchGuard’s new cloud-based correlation and threat scoring engine, improving security awareness and response across the network to the endpoint. ThreatSync collects event data from the WatchGuard Firebox, WatchGuard Host Sensor and cloud threat intelligence feeds, correlates this data to generate a comprehensive threat score and rank based on severity. Visibility into the network and endpoint provides improved protection against ransomware attacks.

Thumbnail: Email Alerts

Email Alerts & Notifications

ThreatSync includes email alerts and notifications to let you know when HRP has detected and remediated ransomware from your network and endpoint. Notifications are configurable to ensure that you receive the alerts you want when you want them.

Icon: Total Security Suite

Total Security against Ransomware Attacks

With WatchGuard’s Total Security Suite, organizations can win the fight against ransomware attacks. By leveraging multiple security services, including APT Blocker, WebBlocker and Host Ransomware Prevention, SMBs can benefit from protection against advanced malware attacks on the network and the endpoint through one comprehensive solution.

How It Works

Host Ransomware Prevention is a module within the WatchGuard Host Sensor that leverages behavioral analytics to detect and determine if an event is malicious. If the threat is malicious, HRP will automatically block the threat from acting on the device ensuring that file encryption does not take place. HRP will then report to ThreatSync that a ransomware attack has been mitigated allowing for further investigation.

How it Works Diagram: Host Ransomware Prevention


Award-Winning Security and Visibility Platform

Firebox Subscriptions Photo

All of WatchGuard’s Security Services are delivered as an integrated solution within an easy-to-manage and cost-effective Firebox appliance. It’s in WatchGuard’s DNA to deliver advanced IT security technologies for small to midsize organizations and distributed enterprises. We take these enterprise-grade technologies and make them easy to deploy and easy to manage. You face the same threats as enterprise organizations, shouldn’t you have the same level of security?

Discover all of our Security Services >