Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
News
Home›News›Putting Everything Together with WatchGuard’s ThreatSync Technology

Putting Everything Together with WatchGuard’s ThreatSync Technology

By admin
25/10/2017
2820
0
Share:
WatchGuard logo
Introduction
Hackers have become increasingly sophisticated and coordinated in their advanced malware attacks against small and midsize businesses(SMBs). These threats are focused on gaining access to your organisation by attacking your weakest threat vector, your endpoint devices, and then spreading to the network. Having your endpoint and network work together to defend against these threats provides not only smarter, but stronger security. ThreatSync, the threat scoring and prioritisation component of Threat Detection and Response (TDR), enables organisations of all sizes to do just that.
The Growing Threat
For years, SMBs operated in a blissful world free from the malware attacks that plagued enterprise organisations. The proliferation of malware-as-a-service and the dark web has made malware easier to acquire and more efficient to deploy. Hackers can now generate the same return of investment on an attack against an SMB as they can from a large enterprise.
Additionally, the accessibility of ransomware has flipped the script on advanced attacks. Hackers no longer need to focus on gaining access to information that is valuable to others, they simply need to block your access to the data that’s critical to your business operations. By making the ransom amounts reasonable, most organisations are willing to make the payment and move on with their day.
Knowing Your Network
Clarity into events happening within your network is essential. Knowing which devices are connected, which are consuming the most bandwidth, and what threats are lurking enables you to improve security and productivity. While the feed of information on network events from the Firebox® provides invaluable information, it becomes even more powerful when combined with data from the endpoint and threat intelligence feeds.
WatchGuard’s innovative ThreatSync technology leverages data collected from multiple security services enabled on a Firebox running our Total Security Suite, including WebBlocker, Reputation Enabled Defence, Gateway AntiVirus, packet filtering and APT Blocker. For example, a threat blocked at the Firebox may have made its way to an endpoint by any number of other avenues. If the endpoint is infected, ThreatSync can then enable remediation tactics and stop the threat in its tracks.
Seeing Activity on the Endpoint  
End users tend to be the most sought after targets, and the most vulnerable attack point for any organisation. You might rest easy when these devices are safely nestled behind the firewall, but what happens when they leave the safety of the office? Or what about remote and branch office employees that are always outside of your network security perimeter? Existing AV solutions are great at preventing known threats from infiltrating endpoints, but devices coming in and out of your network that aren’t protected byAV can still present the highest risk to the security of your organisation.
It’s critical for organisations of all sizes to not only know what devices are connecting to their network, but to know what is happening on those devices. With the WatchGuard Host Sensor, a core component of TDR, IT administrators can now continuously monitor and detect malicious behaviours on end-user devices. ThreatSync collects and analyses this data, comparing it to the data from the Firebox to create a comprehensive threat score and rank.
Leveraging Threat Intelligence
Threat feeds are lists of known malware signatures that are collected from global sources and updated regularly. These lists can be critical in stopping new threats from infiltrating your environments and gaining access to critical data. There are a lot of vendors that make it their business to build and manage these lists, charging customers high fees for access.
Threat Detection and Response extends these threat intelligence capabilities to SMB organisations. ThreatSync compares the event data collected from the Firebox and Host Sensor with our various threat feeds to quickly determine if the threat has been seen elsewhere. If the threat is known to the threat feeds, it will quickly engage with the Firebox and/or Host Sensor to remediate the threat.
The Power of Correlation
Organisations have been living in the world of preventing threats for many years. But we’ve seen that no matter how great your preventative security is, there is always the next new threat waiting around the corner to attack your organisation. Prevention cannot be the only tool in your security arsenal.
Detection and response are coming of age as security methods, adding more visibility into the network and the endpoint, respectively. But allowing these systems to operate in silos doesn’t tell the full story of what’s happening to your organisation. Enter correlation.
Correlation is the brains behind the operation. It’s what takes the mounds of information that these security solutions produce, connects the dots, and actually makes sense of it all. By taking a comprehensive look at both your endpoint and network together, you can get a better sense of which threats are the most severe. Visibility into which threats have infiltrated the endpoint enables IT administrators to quickly and confidently respond to the most dangerous threats before they can spread.
Actionable Insight with ThreatSync
ThreatSync is WatchGuard’s cloud-based correlation and threat scoring engine, improving security awareness and response across the environment from the network to the endpoint. ThreatSync collects event data from the WatchGuard Firebox, WatchGuard Host Sensor and threat intelligence feeds, to then correlate and analyse this data. Through our proprietary algorithms, ThreatSync assigns a comprehensive threat score, grouping similar threats into incidents that require a response.
ThreatSync not only provides visibility into events taking place on both the network and the endpoint, but by providing a comprehensive threat score and rank, security teams know which threats are the most critical and require immediate attention. Threat Prioritisation enables organisations to decrease time to detection and remediation. Response activities triggered by ThreatSync include quarantine the file, kill the process, and delete registry key persistence.
Correlation in Action: Ransomware Prevention with
WatchGuard’s ThreatSync Technology
Ransomware is a strain of advanced malware plaguing organisations today, becoming increasingly focused on SMBs and distributed enterprises in the last few years. This type of malware is often delivered through a phishing email containing a malicious attachment or URL. Once downloaded to the device, ransomware will try to connect to a control and command server for further instruction for encrypting the files and halting business productivity. A ransom will be posted and once paid, usually via Bitcoins, the hacker will supply the decryption key to unlock the device.
This type of malware actually infects the endpoint and leverages the network to spread the attack throughout your organisation. If your security solutions are operating in silos, there would be no way for the network to know what’s happening on the endpoint and vice versa, which could leave you vulnerable to this dangerous threat.
WatchGuard’s ThreatSync technology detects an event on the Host Sensor when a malicious file attempts to install. When the malware tries to call out to the malicious server, a network event is detected on the Firebox and another indicator is created, increasing the overall incident score. Any event that is occurring on both the network and endpoint automatically receives the most severe threat score, a 10.
When enabled, policies automatically will instruct the Firebox to block the malware from calling out to the malicious server and will either quarantine the file, kill the process or delete the registry key persistence on the endpoint. The same actions can also be performed manually through our one-click, machine-guided remediation.
WatchGuard Threat Detection and Response
Threat Detection and Response correlates network and endpoint security events with threat intelligence to detect, prioritise and enable immediate action to stop malware attacks.
This security service includes four components:
• ThreatSync – our cloud-based correlation and scoring engine
• Enterprise-grade threat intelligence capabilities
• Lightweight Host Sensor
• Host Ransomware Prevention module
TDR enables users to better detect and respond to advanced threats inside of their network and on their endpoints quickly and efficiently, protecting their organisations from threats by correlating events from the Firebox and Host Sensor to pinpoint malicious activity using heuristics, behavioural analysis, and threat intelligence feeds and assigning it a comprehensive threat score.
Best of all, TDR is included within WatchGuards Total Security Suite, providing a comprehensive set of security services on the network and endpoint through one license and one appliance.
For more information on ThreatSync and Threat Detection and Response,please visit our website at www.watchguard.com/TDR.
Previous Article

XG Firewall v17. Sleep easy

Next Article

Innovate More, Fear Less at CETPA 2017 ...

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • Sophos n-g fwall incident response
    News

    Sophos – The problem with next-gen firewall incident response

    23/01/2018
    By admin
  • News

    Firewall best practices to protect against ransomware

    22/08/2019
    By admin
  • NewsTrendMicro

    Trend Micro Acquires Cloud Conformity to Cement Its Position as the Global Leader in Cloud Security

    21/10/2019
    By admin
  • NewsSophos

    Sophos Intercept X Named Best Endpoint Security Solution by CRN® for Fourth Consecutive Year

    09/11/2020
    By admin
  • SonicWall Mid Tier
    News

    SonicWall – Next-Generation Firewalls Designed for Mid-Tier Enterprises & Service Providers

    26/06/2018
    By admin
  • NewsTrendMicro

    Trend Micro Cyber Risk Index Increased in 2019

    19/12/2019
    By admin

  • NewsSophos

    Sophos Wins Product and Vendor of the Year from CRN and Channel Partner Insight

  • BarracudaNews

    Barracuda Recognized as a Microsoft Security 20/20 Partner Awards Finalist for Customer Impact

  • Sophos Cybersecurity made simple
    News

    The Impossible Puzzle of Cybersecurity

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home