Threat Detection and Response

Network and Endpoint Threat Correlation

Cyber criminals are mounting attacks with increasing complexity and sophistication, using coordinated means to gain access to your network from any and every connection. Organizations of all sizes need a solution that leverages a holistic approach to security from the network to the endpoint. WatchGuard Threat Detection and Response (TDR) correlates network and endpoint security events with threat intelligence to detect, prioritize and enable immediate action to stop malware attacks.


Key Features

Provides visibility and correlation of network and endpoint activities

Enables confident response through threat scoring and prioritization

Improves security from advanced malware attacks, including ransomware

Works alongside existing antivirus solutions with no impact on endpoint performance

Decreases time to detection and remediation through policy-based automation

Extends enterprise-grade threat intelligence to small and midsize businesses at no additional cost


Threat Correlation and Prioritization

ThreatSync is WatchGuard’s new cloud-based correlation and threat scoring engine, improving security awareness and response across the network to the endpoint. ThreatSync collects event data from the WatchGuard Firebox, WatchGuard Host Sensor and cloud threat intelligence feeds, and correlates this data to generate a comprehensive threat score and rank based on severity. Learn More >

Illustration: Threat Intelligence

Enterprise-grade Threat Intelligence

Threat Intelligence was previously only a benefit available to enterprise organizations with big budgets and even bigger security teams. With Threat Detection and Response, WatchGuard consumes and analyzes threat intelligence feeds - delivering the security benefits without passing down the associated complexities or cost.

Icon: Host Sensor

Visibility into the Endpoint

The lightweight WatchGuard Host Sensor extends visibility and management to the endpoint and continuously sends endpoint events up to ThreatSync for correlation and scoring. The Host Sensor detects events, sends the data to ThreatSync and enables the remediation of threats on the endpoint. Learn More >

Illustration: Additional Security Layer

Additional Security Layer to Existing Antivirus Solutions

Threat Detection and Response doesn’t require users or Managed Security Service Providers (MSSPs) to replace existing AV solutions already deployed. TDR works in tandem with existing AV, bringing an additional, powerful layer of threat detection and event correlation to catch anything that AV might miss.

Icon: Host Ransomware Prevention

Prevention against Advanced Malware

The Host Ransomware Prevention feature of Threat Detection and Response, along with the advanced malware protection provided through APT Blocker, enables industry-leading prevention against ransomware attacks. Host Ransomware Prevention blocks the execution of ransomware before any file encryption on the endpoint takes place, mitigating the ransomware attack before any damage is done. Learn More >

How It Works

Threats detected on the Firebox or via the Host Sensor are sent to ThreatSync, where they are continuously correlated and analyzed, then scored and ranked by severity. Threats can then be quickly remediated through one-click response options, or by leveraging policies to enable an automated response including quarantine the file, kill the process and delete the registry key persistence.

Threat Detection and Response: How It Works Diagram



Award-Winning Security and Visibility Platform

Firebox Subscriptions Photo

All of WatchGuard’s Security Services are delivered as an integrated solution within an easy-to-manage and cost-effective Firebox appliance. It’s in WatchGuard’s DNA to deliver advanced IT security technologies for small to midsize organizations and distributed enterprises. We take these enterprise-grade technologies and make them easy to deploy and easy to manage. You face the same threats as enterprise organizations, shouldn’t you have the same level of security?

Discover all of our Security Services >

About WatchGuard

WatchGuard has deployed nearly a million integrated, multi-function threat management appliances worldwide. Our signature red boxes are architected to be the industry's smartest, fastest, and meanest security devices with every scanning engine running at full throttle. Why buy WatchGuard? Find out here.



  • Global Headquarters
    505 Fifth Avenue South, Suite 500
    Seattle, WA 98104, United States
  • Phone
    1.800.734.9905 US & Canada