About WatchGuard Endpoint Security
Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP
WatchGuard Endpoint Security is a managed service in WatchGuard Cloud that helps you protect IT assets. With WatchGuard Endpoint Security, you can review detected security problems and develop prevention and response plans for unknown and advanced persistent threats (APTs).
Throughout this documentation, WatchGuard Endpoint Security refers generally to all four products, as well as WatchGuard EDR Core. When a feature is specific to a product, refer to the Applies To statement at the top of the help topic for information on which products the topic is relevant to.
From WatchGuard Cloud, you can access the WatchGuard Endpoint Security products:
WatchGuard EPP (WatchGuard Endpoint Protection Platform)
WatchGuard EPP protects endpoints from threats and reduces the attack surface. It prevents, detects, and responds to known and unknown malware as well as fileless and malwareless attacks. It includes a full range of endpoint protection features, such as antivirus, firewall, device control, and URL filtering.
WatchGuard EPP supports these client platforms: Windows (Intel and ARM), Linux, macOS (Intel and ARM), iOS, and Android.
WatchGuard EDR (WatchGuard Endpoint Detection and Response)
WatchGuard EDR detects and responds effectively to any type of unknown malware, as well as the fileless and malwareless attacks that traditional solutions cannot detect. It uses the Zero-Trust Application Service to prevent applications and processes from running until they are validated as trusted. WatchGuard EDR can coexist with traditional security solutions. Endpoints with WatchGuard EDR installed can send data to ThreatSync. For information on ThreatSync, go to About ThreatSync.
WatchGuard EDR supports these client platforms: Windows (Intel and ARM), Linux, and macOS (Intel and ARM).
WatchGuard EDR Core is included in the Firebox Total Security Suite. It is available for a limited number of endpoints, based on the Firebox model. With a Total Security Suite subscription license, you will see an EDR Core license in WatchGuard Cloud. You can use WatchGuard Cloud to manage EDR Core endpoint allocation and to access the Endpoint Security management UI. For information on EDR Core features, go to WatchGuard EDR Core Features.
WatchGuard EPDR (WatchGuard Endpoint Protection Detection and Response)
WatchGuard EPDR prevents, detects, and responds to any type of known and unknown malware, as well as fileless and malwareless attacks. It uses the Zero-Trust Application Service to prevent applications and processes from running until they are validated as trusted. It expands on the capabilities of WatchGuard EDR with a full range of EPP features, such as antivirus, firewall, device control, URL filtering, and more. Endpoints with WatchGuard EPDR installed can send data to ThreatSync. For information on ThreatSync, go to About ThreatSync.
WatchGuard EPDR supports these client platforms: Windows (Intel and ARM), Linux, macOS (Intel and ARM), iOS, and Android.
WatchGuard Advanced EPDR (WatchGuard Endpoint Protection Detection and Response)
Advanced EPDR extends WatchGuard EPDR functionality with additional capabilities designed for security operations teams to discover undetected threats on their customer endpoints. Advanced EPDR includes advanced detection and response features such as Advanced Indicators of Attack (IOAs) and events, centralized management of Indicators of Compromise (IOCs) compatible with STIX and Yara rules, Advanced Security Policies, and remote access to detect, contain, and remediate incidents. Endpoints with Advanced EPDR installed can send data to ThreatSync. For information on ThreatSync, go to About ThreatSync.
WatchGuard Advanced EPDR supports these client platforms: Windows (Intel and ARM), Linux, and macOS (Intel and ARM).
For information on the Endpoint Security modules available for these products, go to WatchGuard Endpoint Security Modules.
Layered Protection
WatchGuard EPDR and WatchGuard EDR use a layered protection model of these technologies:
- Signature file and heuristic scanners
- Contextual detections for fileless attacks
- Anti-exploit technology for fileless attacks
- Zero-Trust Application Service
- Threat Hunting Service
Zero-Trust Application Service
The Zero-Trust Application Service protects your endpoints through 100% classification of all applications, programs, and executables. It monitors and prevents the execution of malicious applications and processes on endpoints. The service automatically classifies applications and processes as malicious or legitimate, in real-time. Only trusted applications and processes are allowed to run.
Threat Hunting and Investigation Services
The Threat Hunting Service detects anomalous usage of trusted applications on endpoints. It uses hacker detection to find attackers who use living-off-the-land techniques and lateral movements, as well as behavior modeling to identify malicious use by employees. When the WatchGuard Security Team detects a living-off-the-land attack, they notify you.
About Endpoint Security Licenses