sb-nz logo
Story image

WatchGuard updates ThreatSync platform for MSPs

29 Jul 2019

WatchGuard Technologies has updated its threat correlation and response platform with capabilities that include faster breach protection and AI-powered threat analysis to better defend against internal and external security threats.

WatchGuard’s platform ThreatSync now features the new capabilities as part of the latest Threat Detection and Response (TDR) release.

The updates allow managed service providers to provide more cyber protections for the organisations they support. Those protections include reduced breach detection and containment timeframes from months to minutes, the ability to automatically remediate zero-day malware and better defend against targeted, evasive threats both inside and outside the network perimeter.

“As cybercriminals increasingly leverage advanced, targeted attacks with evasive characteristics designed to circumvent basic anti-malware protections, midmarket organisations without adequate security expertise and resources rely heavily on trusted IT solution providers to rapidly and effectively respond to attacks,” explains WatchGuard vice president of product management, Brendan Patterson. 

“These new ThreatSync capabilities arm managed service providers with the tools they need to provide malware detection and response (MDR) services by detecting breaches in minutes and automatically mitigating advanced attacks for their customers, all through their existing TDR deployments.”

Key ThreatSync features now available via TDR include:
 
Host containment and automated response – ThreatSync quickly contains any host machine that’s been compromised, shielding it from the rest of the business network. As soon as a threat is identified, Host Containment automatically takes action to control infections before they spread. 

Once contained, ThreatSync eliminates the malware by automatically killing processes, quarantining malicious files, and deleting associated registry keys.
 
Accelerated breach detection – ThreatSync immediately identifies malicious files on all protected endpoints, and automatically begins remediation. This adds correlation with endpoint security that is not present in most comparable network security solutions. 

When users download unknown files from the web, the Firebox first submits them to APT Blocker, WatchGuard’s next-generation cloud sandbox, for advanced analysis while host sensors on victim endpoints actively monitor them and the results are correlated with ThreatSync. 
 
Network process correlation – ThreatSync not only identifies and blocks connections to malicious destinations, but it also automatically responds to unknown processes responsible for them. With ThreatSync, malicious outbound connections blocked by WatchGuard’s Firebox appliances are correlated to reveal the initiating endpoint and process, where the process is automatically terminated. 

This feature provides MSPs and network administrators with detailed contextual information on the network destination, service name, host name and process, allowing them to successfully respond and prevent future instances.
 
Artificial intelligence analysis – ThreatSync uses new AI capabilities to automatically analyse and triage files, identifying those that possess suspicious characteristics before directing them to APT Blocker for further analysis. 

This minimises the time IT administrators spend managing alerts and prevents truly suspect files from going undetected, which allows MSPs and midsized organisations to identify and block real threats faster and with more confidence.

Story image
Dell Technologies unveils new data protection innovations for hybrid cloud workloads
The Dell EMC PowerProtect Backup Service, powered by Druva, is designed to deliver SaaS app protection without increasing IT complexity.More
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More
Story image
Gigamon & FireEye tackle security in hybrid cloud environments
The partnership is an extension to a ‘long-standing’ relationship that aims to ‘simplify, secure, and optimise hybrid cloud environments’.More
Story image
Imperva unveils new data security platform built for cloud
"The cloud has revolutionised IT, offering organisations a strategic opportunity to rapidly pursue new market initiatives and adapt their operations in the face of new business challenges."More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More