This service monitors and classifies absolutely all the processes of all your company’s endpoints, providing detailed and precise visibility of everything that happens in your IT environment.
It enables an unattended “deny-all” security model, with no alerts or delegation, until the process is verified and certified by WatchGuard for SOC.
WatchGuard for SOC’s team of experts monitors the decisions made by our Artificial Intelligence, and investigates the most complex cases to detect attacks using ‘Living off the Land’, evasion or compromise techniques.
This process is included by default in all WatchGuard for SOC endpoint solutions to raise the level of protection to service level.
Today’s threat techniques are highly sophisticated and continuously evolving. Simple yet efficient hygiene practices can mean the difference between a minor security operation and becoming a victim. These practices range from reducing the attack surface of the endpoints to uncovering emerging campaigns lurking on the network before an actual compromise.
The enhanced security policies enable you to supervise or harden endpoints from the execution of suspicious scripts and common attack techniques utilized by sophisticated threats such as:
PowerShell with obfuscated parameters
Unknown scripts
Locally compiled programs
Documents with macros
Registry modifications that run when Windows starts
WatchGuard Advanced EDR and WatchGuard Advanced EPDR offer a simple way to centrally manage and search for IoCs on the endpoints while consolidating the results in an intuitive dashboard. It enables your team to quickly hunt for recently disclosed incidents or exchange of security intelligence in your industry as well as find impacted endpoints in a forensic analysis. Different types of indicators are supported – hashes, filename, path, domain, IP, and Yara rules.
Detects what traditional solutions cannot even see
Advanced EDR detects and effectively responds to any type of unknown malware and file-less or non-malware attacks.
Technology based on the Zero-Trust Application service, which denies any execution until it is certified as reliable.
Cloud-based architecture and its lightweight single agent, allowing for rapid deployment with little impact.
Complete and detailed real-time and historical visibility into attacker actions and endpoint behaviour.
Detection of abnormal endpoint behavior (IOAs) by blocking the attacker.
Remote containment from the console to endpoints in a massive way, such as isolating or rebooting computers.
All the capabilities of Advanced EDR with advanced prevention capabilities
It integrates in one single solution, a complete stack of preventive and endpoint protection technologies. Reinforces EDR capabilities with a full range of protection capabilities with Advanced EPDR that prevents, detects and responds to any type of known and unknown malware, file-less and non-malware attacks.
Complete visibility and early detection through continuous monitoring and behaviour profiling.
Cloud-based architecture and its lightweight single agent, allowing rapid deployment with little impact.
In-depth analysis to detect any suspicious activity and to be able to activate protective actions to safeguard the company’s computers and information.
Accurate and timely response that allows immediate intervention by security teams, focusing efforts on what is really necessary and prioritizing actions.
