Threat Detection and Response

Network and Endpoint Threat Correlation

Hackers are designing malware to be more sophisticated than ever. Through packing, encryption, and polymorphism, cyber criminals are able to disguise their attacks to avoid detection. Zero day threats and advanced malware easily slip by antivirus solutions that are simply too slow to respond to the constant stream of emerging threats. Organizations of all sizes need a solution that leverages a holistic approach to security from the network to the endpoint. WatchGuard Threat Detection and Response (TDR) is a powerful collection of advanced malware defense tools that correlate threat indicators from Firebox appliances and Host Sensors to stop known, unknown and evasive malware threats.

Key Features

Improves security against advanced malware attacks, including ransomware

Correlates network and endpoint insight for enterprise-grade threat visibility

Scores threat indicators and incidents based on severity to guide response

Tight integration with APT Blocker for advanced threat triage

Works alongside existing antivirus solutions with no impact on endpoint performance

Decreases time to detection and remediation through policy-based automation


Threat Correlation and Prioritization

ThreatSync is a Cloud-based correlation engine that analyzes event data from Host Sensors and Firebox appliances to identify malicious behavior. Threats are scored based on severity, for guided remediation.

Icon: Host Sensor

Threat Visibility on the Endpoint

The lightweight WatchGuard Host Sensor extends threat visibility and management to the endpoint. The WatchGuard Host Sensor continuously sends heuristic and behavioral data from the endpoint up to ThreatSync for correlation and scoring.

Illustration: Threat monster with alert and check marks on top

Host Containment and Automated Response

Control infections automatically when a threat is identified. ThreatSync quickly contains any host machine from the network, preventing further infection of your business. Once contained, ThreatSync eliminates the malware by automatically killing processes, quarantining malicious files, and deleting associated registry keys.

Icon: APT Blocker

Advanced Threat Triage with APT Blocker

Want to take a deeper look at a suspicious file? Our integrated approach to threat triage uses an innovative artificial intelligence engine in conjunction with our APT Blocker security service, to detect and automatically send suspicious files for deep analysis in a next-generation Cloud sandbox.

Miniatura: alertas de e-mail

Email Alerts & Notifications

ThreatSync includes email alerts and notifications to let you know when a threat indicator or incident has been detected, as well as if the threat has been remediated from the network or endpoint. Notifications are configurable to ensure that you receive the alerts you want when you want them.

Illustration: Threat Intelligence

Enterprise-grade Threat Intelligence

Threat Intelligence was previously only a benefit available to enterprise organizations with big budgets and even bigger security teams. With Threat Detection and Response, WatchGuard aggregates and analyzes threat intelligence feeds - delivering the security benefits without passing on the associated complexities or cost.

Illustration: Additional Security Layer

Additional Security Layer to Existing Antivirus Solutions

Threat Detection and Response doesn’t require users or Managed Security Service Providers (MSSPs) to replace existing AV solutions already deployed. TDR works in tandem with existing AV, bringing an additional, powerful layer of threat detection and event correlation to catch anything that AV might miss.

How It Works

Threats detected on the Firebox or via the Host Sensor are sent to ThreatSync, where they are continuously correlated and analyzed, then scored and ranked by severity. Threats can then be quickly remediated through one-click response options, or by leveraging policies to enable an automated response including quarantine the file, kill the process, and delete the registry key persistence.

Threat Detection and Response: How It Works Diagram


Award-Winning Security and Visibility Platform

All of WatchGuard’s security services are delivered as an integrated solution within an easy-to-manage and cost-effective Firebox appliance. It’s in WatchGuard’s DNA to deliver advanced IT security technologies for small to midsize organizations and distributed enterprises. We take these enterprise-grade technologies and make them easy to deploy and easy to manage. You face the same threats as enterprise organizations, shouldn’t you have the same level of security?

Discover All of Our Security Services >