WatchGuard supercharges Threat Detection and Response with AI-driven ThreatSync+ NDR

A new addition to WatchGuard’s ThreatSync family for unified visibility, alert correlation, and orchestrated threat response — accessible to any organisation.

  • 5 months ago Posted in

WatchGuard Technologies is launching ThreatSync+ NDR and WatchGuard Compliance Reporting. ThreatSync+ NDR is uniquely suited for businesses of any size that operate with smaller IT teams or limited cybersecurity resources. The first in a new ThreatSync+ family of products, ThreatSync+ NDR automates and simplifies continuous monitoring, detection, and remediation of threats using an advanced AI detection engine. It cuts through the noise of billions of network flows to surface actionable risks and threats quickly and efficiently. This open XDR solution delivers visibility into east/west and north/south network traffic that was previously only available to large enterprises with the resources to manage their own security operations center (SOC).

Modern AI for Superior Threat Detection and Response

ThreatSync+ NDR utilises an advanced AI engine with a dual-layered neural network approach, a key technology from WatchGuard’s acquisition of CyGlass in 2023. The AI engine in ThreatSync+ correlates and presents anomalies as risk-scored and prioritised incidents, giving managed service providers (MSPs) and IT security pros an intuitive dashboard that includes incident location, devices, users, and timelines, empowering them to focus on the most critical threats, review guidance on mitigation, and ultimately, better protect their organisations.

"The deployment of ThreatSync+ NDR will help our teams gain unprecedented visibility into network-based threats and risky behaviors of which customers were previously unaware,” said James McMillan, co-founder and CTO of Redinet Limited. “It will help us get deeper insights into the different devices operating on the network and the risks they are creating — and it offers guidance on how to address these issues best. I love the product, and I think it’s going to make up a very important part of WatchGuard’s future."

ThreatSync+ NDR In Action

ThreatSync+ NDR watches for attacks as they unfold in the network and excels at finding attacks that have eluded perimeter defenses including ransomware, vulnerability and supply chain attacks. Attackers cannot see ThreatSync+ NDR because it uses AI to search out the attackers' actions buried in the network traffic. At the same time, attackers cannot hide because they must use the network to expand their attack. That means NDR is uniquely capable of detecting unfolding attack stages, including command and control calls, lateral movement in the network, reconnaissance scans done on networks and subnets, data-staging movement in the network, malware and encryption packages being deployed in the network, and data exfiltration.

ThreatSync+ NDR Is Accessible and Cost-Optimized

· Rapid Deployment with No Hardware: Other NDR tools are complex to operate and force the deployment of multiple hardware clusters. ThreatSync+ NDR operates in the WatchGuard Cloud, deploys in less than an hour per location — and instantly when using WatchGuard Firebox firewalls — requires no new on-premises hardware, and its simplicity makes it easy to manage for small IT teams.

· ThreatSync+ NDR delivers enterprise-class machine learning. It is one of the market's most advanced AI detection engines, with specialised AI models to detect cyber threats like ransomware, vulnerability-based attacks, supply chain attacks, and more. It watches continuously, 24x7, looking for the attacks that get through perimeter defences.

· ThreatSync+ NDR automates and simplifies continuous monitoring, detection, and remediation. It uses AI to reduce the IT workload, and the solution's dashboards, guidance, and reporting enable any IT team member to operate it.

· Open XDR. ThreatSync+ NDR works seamlessly with WatchGuard Firebox and adds to WatchGuard ThreatSync XDR intelligence and remediation. It also supports third-party firewalls and industry-standard routers and switches, making it effective in any organisation.

“The launch of ThreatSync+ NDR is the latest example of WatchGuard’s continued focus on our partner’s opportunity to better protect customers and expand their service offerings by adding to our Unified Security Platform,” said Ben Oster, vice president of product management at WatchGuard Technologies. “ThreatSync+ NDR makes it exceptionally easy to bring the latest innovations in cybersecurity to businesses of every size so that MSPs meet the evolving threat landscape with up-leveled defenses and create new service revenue streams.”

WatchGuard Compliance Reporting

All too often, NDR and XDR tools do not include a compliance reporting capability or rely on expensive, complex Governance Risk and Compliance (GRC) products. WatchGuard Compliance Reporting fills that gap with a simple-to-use report creation framework, and automated report creation.

WatchGuard Compliance Reporting puts the hundreds of network controls activated from ThreatSync+ NDR to work with automated or manual reporting. The network controls defined by NIST, ISO, CISA and Cyber Essential standards are easily enabled at deployment. WatchGuard Compliance Reporting allows IT and compliance teams to further report on the regulatory laws built from these standards. Compliance reports that come out-of-the-box include FFIEC, NIST-171, CMMC, GPDR, IEEE, and many more. Reports are also easily configured in compliance with custom standards imposed by a cyber insurer, industry standards like Motion Picture Association (MPA) compliance, or supply chain vendor third-party risk assessments.

Expanding WatchGuard’s XDR Strategy with the New ThreatSync+ Family of Products

The WatchGuard ThreatSync architecture centralises our XDR products and strategy for beneficial shared knowledge and insights across the Unified Security Platform architecture. As XDR capabilities grow and evolve, so will WatchGuard’s ThreatSync family. Its core capabilities create

the unified remediation and response engine necessary for XDR, and these benefits are available with each sale of qualifying WatchGuard products at no additional charge. The ThreatSync+ AI engine layers on advanced threat detection and analysis and supports third-party participation for an open XDR solution. Customers can add ThreatSync+ licenses to customise their XDR approach so that it fits their unique needs, beginning with ThreatSync+ NDR and including other ThreatSync+ products in the future.

54% of consumers don’t know how much personal data AI tools collect.
By Alan Jacobson, Chief Data and Analytics Officer, Alteryx.
Research finds that the industry is struggling with a growing resource and skills gap while...
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...