Supported Features by Endpoint Security Product

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

Not all features are available for all WatchGuard Endpoint Security products. Features available differ by product. This table lists available features and the products that support them.

WatchGuard EDR Core is included in the Firebox Total Security Suite. It is available for a limited number of endpoints, based on the Firebox model. With a Total Security Suite subscription license, you will see an EDR Core license in WatchGuard Cloud. You can use WatchGuard Cloud to manage EDR Core endpoint allocation and to access the Endpoint Security management UI. For information on EDR Core features, go to WatchGuard EDR Core Features.

FEATURE WatchGuard Advanced EPDR

WatchGuard EPDR

WatchGuard EDR

WatchGuard EPP

WatchGuard EDR Core
Protection  
Protection against known and zero- day malware <
Protection against known and zero-day ransomware <
Protection against known and zero-day exploits <
Anti-phishing protection    
Protection for multiple attack vectors (web, email, network, devices) < <
Traditional protection with generic and optimized signatures    
Protection against advanced persistent threats (APTs)  
Zero-Trust Application Service  
Queries to WatchGuard cloud-based collective intelligence
Behavioral blocking <  
Personal and managed firewall    
IDS / HIPS    
Network attack protection    
Device control    
URL filtering by category (web browsing monitoring)    
Monitoring  
Endpoint risk monitoring
Cloud-based continuous monitoring of all process activity  
Data retention for one year for retrospective attack investigation  
Vulnerability assessment  
Detection  
Fully configurable and instant security risk alerts
Detection of compromised trusted applications    
Zero-Trust Application Service    
eXtended Detection and Response (XDR) capabilities  
Threat Hunting Service: Non-deterministic indicators of attack mapped to MITRE ATT&CK with contextual telemetry        
Threat Hunting Service: Deterministic indicators of attack mapped to MITRE ATT&CK    
STIX IOCs and YARA rules search        
Containment  
Real-time computer isolation from the management UI  
Response and Remediation  
Ability to roll back and remediate the actions taken by attackers  
Centralized quarantine  
Automatic analysis and disinfection  
Shadow copies  
Ability to block unknown and unwanted applications    
eXtended Detection and Response (XDR) capabilities   <
Investigation  
Threat Hunting Service deterministic indicators of attack mapped to MITRE ATT&CK    
Threat Hunting Service: Non-deterministic indicators of attack mapped to MITRE ATT&CK with contextual telemetry        
Incident graphs and lifecycle information available from the management UI  
Ability to export lifecycle information for local analysis  
Advanced Reporting Tool (add-on module)    
Discovery and monitoring of unstructured personal data across endpoints (add-on module)*    
Advanced attack investigation (Jupyter Notebooks)    
Remote shell to manage processes and services, file transfers, command-line tools, get dumps, pcap, and more        
IOAs and suspicious behaviors investigation area        
Access enriched telemetry where MITRE ATT&CK tactics and techniques are mapped to suspicious events        
Deep file analysis        
Verbose Mode for attack simulation        
Attack Surface Reduction  
Endpoint Access Enforcement    
Lock mode in the Advanced Protection    
Anti-exploit technology  
Block programs by hash or name (for example, PowerShell)    
Device Control    
Web protection    
Automatic updates
Automatic discovery of unprotected endpoints
Patch Management for OS and third-party applications (add-on module)  
Security for VPN connections (requires Firebox)
Secure access to Wi-Fi network through access points
Advanced security policies        
Ability to block connections from endpoints        
Endpoint Security Management  
Centralized cloud-based management UI
Settings inheritance between groups and endpoints
Ability to configure and apply settings on a group basis
Ability to configure and apply settings on a per-endpoint basis
Real-time deployment of settings from the management UI to endpoints
Security management based on endpoint views and dynamic filters
Ability to schedule and perform tasks on endpoint views  
Ability to assign preconfigured roles to management UI users
Ability to customize local alerts
User activity auditing
Installation through MSI packages, download URLs, and emails sent to end users
On-demand and scheduled reports at different levels and with multiple granularity options
Security KPIs and management dashboards
API availability
Remote Monitoring & Management (RMM) Integrations
ConnectWise Automate
Kaseya VSA
N-able N-central
N-able N-sight
NinjaOne (Automated Deployment Scripting)
Modules  
WatchGuard Data Control*    
WatchGuard Advanced Reporting Tool    
WatchGuard Patch Management  
WatchGuard Full Encryption  
WatchGuard SIEMFeeder    
High availability service
Host platform certifications ISO27001, SAS 70 ISO27001, SAS 70 ISO27001, SAS 70 ISO27001, SAS 70
Supported Operating Systems  
Windows Intel and ARM
macOS Intel and ARM (M1 and M2)
Linux
Android    
iOS    
Support for virtual environments - persistent and non-persistent (VDI)**

< Basic functionality only

Full functionality

* WatchGuard Data Control is supported in these countries only: Spain, Germany, UK, Sweden, France, Italy, Portugal, Holland, Finland, Denmark, Switzerland, Norway, Austria, Belgium, Hungary, and Ireland.

** Compatible systems with these types of virtual machines: VMWare Desktop, VMware Server, VMware ESX, VMware ESXi, Citrix XenDesktop, XenApp, XenServer, MS Virtual Desktop and MS Virtual Servers. WatchGuard EPDR solution is compatible with Citrix Virtual Apps, Citrix Desktops 1906 & Citrix Workspace App for Windows.

Related Topics

Endpoint Security Supported Features by Platform

Installation Requirements

WatchGuard Cloud Browser Compatibility