WatchGuard Tackles Malware in Threat Detection Upgrade

Written by James Anderson
July 24, 2019

WatchGuard says cybercriminals are developing more and more sophisticated attacks that evade basic antimalware.

WatchGuard Technologies just enhanced its threat correlation and response platform to make MSSPs’ lives easier.

The Seattle-based vendor says its ThreatSync platform now includes accelerated breach detection, network process correlation and AI-powered threat analysis. WatchGuard made the new features available via its threat detection and response (TDR) platform.

The company declared that its MSP partners can now more quickly detect and contain threats, and automatically address zero-day malware. Brendan Patterson, WatchGuard’s vice president of product management, said cybercriminals are developing more and more sophisticated attacks that evade basic antimalware.

WatchGuard’s Brendan Patterson

“Midmarket organizations without adequate security expertise and resources rely heavily on trusted IT solution providers to rapidly and effectively respond to attacks,” Patterson said. “These new ThreatSync capabilities arm MSPs with the tools they need to provide malware detection and response (MDR) services by detecting breaches in minutes and automatically mitigating advanced attacks for their customers, all through their existing TDR deployments.”

The Ponemon Institute estimates that the average security breach takes 197 days to identify and another 69 to contain. An IBM Security Study published earlier this week concluded that companies containing breaches within 200 days lost $1.2 million less than their peers.

WatchGuard’s recent Internet Security Report found that “zero day” malware, which attack previously unknown system vulnerabilities, comprised 36% of threats.

“With each passing day a security threat goes unnoticed, its potential to inflict both financial and reputational harm on an organization increases drastically,” WatchGuard said.

The ThreatSync platform quarantines the compromised host machine from the rest of the network and automatically identifies and begins to remedy infected endpoints. The platform also shows how the initiating endpoint and process for malicious outbound connections.

“This feature provides MSPs and network administrators with detailed contextual information on the network destination, service name, host name and process, allowing them to successfully respond and prevent future instances,” WatchGuard wrote.

WatchGuard’s director of product management earlier this year shared advice for securing mobile and remote employees.