sb-nz logo
Story image

WatchGuard updates ThreatSync platform for MSPs

29 Jul 2019

WatchGuard Technologies has updated its threat correlation and response platform with capabilities that include faster breach protection and AI-powered threat analysis to better defend against internal and external security threats.

WatchGuard’s platform ThreatSync now features the new capabilities as part of the latest Threat Detection and Response (TDR) release.

The updates allow managed service providers to provide more cyber protections for the organisations they support. Those protections include reduced breach detection and containment timeframes from months to minutes, the ability to automatically remediate zero-day malware and better defend against targeted, evasive threats both inside and outside the network perimeter.

“As cybercriminals increasingly leverage advanced, targeted attacks with evasive characteristics designed to circumvent basic anti-malware protections, midmarket organisations without adequate security expertise and resources rely heavily on trusted IT solution providers to rapidly and effectively respond to attacks,” explains WatchGuard vice president of product management, Brendan Patterson. 

“These new ThreatSync capabilities arm managed service providers with the tools they need to provide malware detection and response (MDR) services by detecting breaches in minutes and automatically mitigating advanced attacks for their customers, all through their existing TDR deployments.”

Key ThreatSync features now available via TDR include:
 
Host containment and automated response – ThreatSync quickly contains any host machine that’s been compromised, shielding it from the rest of the business network. As soon as a threat is identified, Host Containment automatically takes action to control infections before they spread. 

Once contained, ThreatSync eliminates the malware by automatically killing processes, quarantining malicious files, and deleting associated registry keys.
 
Accelerated breach detection – ThreatSync immediately identifies malicious files on all protected endpoints, and automatically begins remediation. This adds correlation with endpoint security that is not present in most comparable network security solutions. 

When users download unknown files from the web, the Firebox first submits them to APT Blocker, WatchGuard’s next-generation cloud sandbox, for advanced analysis while host sensors on victim endpoints actively monitor them and the results are correlated with ThreatSync. 
 
Network process correlation – ThreatSync not only identifies and blocks connections to malicious destinations, but it also automatically responds to unknown processes responsible for them. With ThreatSync, malicious outbound connections blocked by WatchGuard’s Firebox appliances are correlated to reveal the initiating endpoint and process, where the process is automatically terminated. 

This feature provides MSPs and network administrators with detailed contextual information on the network destination, service name, host name and process, allowing them to successfully respond and prevent future instances.
 
Artificial intelligence analysis – ThreatSync uses new AI capabilities to automatically analyse and triage files, identifying those that possess suspicious characteristics before directing them to APT Blocker for further analysis. 

This minimises the time IT administrators spend managing alerts and prevents truly suspect files from going undetected, which allows MSPs and midsized organisations to identify and block real threats faster and with more confidence.

Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Link image
Data is an organisation's most significant asset - here's how to protect it
Data resilience strategies are becoming more crucial as more value is ascribed to a company's data. If it's not stored securely and cost-effectively, expect problems.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Download image
Business culture key to delivering effective cybersecurity
Cybersecurity requires not only technology, but a security culture in your workforce. More