WatchGuard Technologies Inc. has added protection for endpoints to its Threat Detection and Response (TDR) service, extending the solution beyond the network perimeter for the first time.
First launched in January, TDR uses Seattle-based WatchGuard’s ThreatSync correlation engine to check security events against the latest threat intelligence and block malware attacks automatically. Until now, the system only safeguarded devices connected to the corporate network.
Version 5.1 of the system, unveiled today, includes direct integration between endpoint-based software agents and WatchGuard’s cloud-based APT Blocker sandbox solution. If ThreatSync receives data from an endpoint about a suspicious file, it compares a hash of the suspect malware against the security vendor’s threat library. If it doesn’t find a match, the solution uploads the file to APT Blocker, which detonates it in a controlled environment designed to emulate a physical endpoint. APT Blocker then reports the results to ThreatSync, which enables automated remediation.
“Since we launched TDR, it’s been the only solution out there that combines the power of complete Unified Threat Management (UTM) network security services with endpoint detection and response capabilities,” said WatchGuard senior vice president of product management Andrew Young in a press statement. “We’ve taken that a step further with our latest updates to TDR, extending APT Blocker’s advanced sandboxing capabilities from the network to the endpoint. Now, users can automatically place a potentially dangerous endpoint file under the microscope to observe its behavioral characteristics and objectives, and respond accordingly.”
TDR is available as part of WatchGuard’s Total Security Suite. Pricing for the host sensor agents that monitor endpoints varies based on which Firebox firewall a buyer uses. Additional sensor packages are available as an add-on offer.