Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP
Not all features are available for all WatchGuard Endpoint Security products. Features available differ by product. This table lists available features and the products that support them.
WatchGuard EDR Core is included in the Firebox Total Security Suite. It is available for a limited number of endpoints, based on the Firebox model. With a Total Security Suite subscription license, you will see an EDR Core license in WatchGuard Cloud. You can use WatchGuard Cloud to manage EDR Core endpoint allocation and to access the Endpoint Security management UI. For information on EDR Core features, go to WatchGuard EDR Core Features.
| FEATURE | WatchGuard Advanced EPDR |
WatchGuard EPDR |
WatchGuard EDR |
WatchGuard EPP |
WatchGuard EDR Core |
|---|---|---|---|---|---|
| Protection | |||||
| Protection against known and zero- day malware |
|
|
|
< |
|
| Protection against known and zero-day ransomware |
|
|
|
< |
|
| Protection against known and zero-day exploits |
|
|
|
< |
|
| Anti-phishing protection |
|
|
|
||
| Protection for multiple attack vectors (web, email, network, devices) |
|
|
< |
|
< |
| Traditional protection with generic and optimized signatures |
|
|
|
||
| Protection against advanced persistent threats (APTs) |
|
|
|
|
|
| Zero-Trust Application Service |
|
|
|
|
|
| Queries to WatchGuard cloud-based collective intelligence |
|
|
|
|
|
| Behavioral blocking |
|
|
|
< |
|
| Personal and managed firewall |
|
|
|
||
| IDS / HIPS |
|
|
|
||
| Network attack protection |
|
|
|
||
| Device control |
|
|
|
||
| URL filtering by category (web browsing monitoring) |
|
|
|
||
| Monitoring | |||||
| Endpoint risk monitoring |
|
|
|
|
|
| Cloud-based continuous monitoring of all process activity |
|
|
|
|
|
| Data retention for one year for retrospective attack investigation |
|
|
|
|
|
| Vulnerability assessment |
|
|
|
|
|
| Detection | |||||
| Fully configurable and instant security risk alerts |
|
|
|
|
|
| Detection of compromised trusted applications |
|
|
|
||
| Zero-Trust Application Service |
|
|
|
||
| eXtended Detection and Response (XDR) capabilities |
|
|
|
|
|
| Threat Hunting Service: Non-deterministic indicators of attack mapped to MITRE ATT&CK with contextual telemetry |
|
||||
| Threat Hunting Service: Deterministic indicators of attack mapped to MITRE ATT&CK |
|
|
|
||
| STIX IOCs and YARA rules search |
|
||||
| Containment | |||||
| Real-time computer isolation from the management UI |
|
|
|
|
|
| Response and Remediation | |||||
| Ability to roll back and remediate the actions taken by attackers |
|
|
|
|
|
| Centralized quarantine |
|
|
|
|
|
| Automatic analysis and disinfection |
|
|
|
|
|
| Shadow copies |
|
|
|
|
|
| Ability to block unknown and unwanted applications |
|
|
|
||
| eXtended Detection and Response (XDR) capabilities |
|
|
|
< |
|
| Investigation | |||||
| Threat Hunting Service deterministic indicators of attack mapped to MITRE ATT&CK |
|
|
|
||
| Threat Hunting Service: Non-deterministic indicators of attack mapped to MITRE ATT&CK with contextual telemetry |
|
||||
| Incident graphs and lifecycle information available from the management UI |
|
|
|
|
|
| Ability to export lifecycle information for local analysis |
|
|
|
|
|
| Advanced Reporting Tool (add-on module) |
|
|
|
||
| Discovery and monitoring of unstructured personal data across endpoints (add-on module)* |
|
|
|
||
| Advanced attack investigation (Jupyter Notebooks) |
|
|
|
||
| Remote shell to manage processes and services, file transfers, command-line tools, get dumps, pcap, and more |
|
||||
| IOAs and suspicious behaviors investigation area |
|
||||
| Access enriched telemetry where MITRE ATT&CK tactics and techniques are mapped to suspicious events |
|
||||
| Deep file analysis |
|
||||
| Verbose Mode for attack simulation |
|
||||
| Attack Surface Reduction | |||||
| Endpoint Access Enforcement |
|
|
|
||
| Lock mode in the Advanced Protection |
|
|
|
||
| Anti-exploit technology |
|
|
|
|
|
| Block programs by hash or name (for example, PowerShell) |
|
|
|
||
| Device Control |
|
|
|
||
| Web protection |
|
|
|
||
| Automatic updates |
|
|
|
|
|
| Automatic discovery of unprotected endpoints |
|
|
|
|
|
| Patch Management for OS and third-party applications (add-on module) |
|
|
|
|
|
| Security for VPN connections (requires Firebox) |
|
|
|
|
|
| Secure access to Wi-Fi network through access points |
|
|
|
|
|
| Advanced security policies |
|
||||
| Ability to block connections from endpoints |
|
||||
| Endpoint Security Management | |||||
| Centralized cloud-based management UI |
|
|
|
|
|
| Settings inheritance between groups and endpoints |
|
|
|
|
|
| Ability to configure and apply settings on a group basis |
|
|
|
|
|
| Ability to configure and apply settings on a per-endpoint basis |
|
|
|
|
|
| Real-time deployment of settings from the management UI to endpoints |
|
|
|
|
|
| Security management based on endpoint views and dynamic filters |
|
|
|
|
|
| Ability to schedule and perform tasks on endpoint views |
|
|
|
|
|
| Ability to assign preconfigured roles to management UI users |
|
|
|
|
|
| Ability to customize local alerts |
|
|
|
|
|
| User activity auditing |
|
|
|
|
|
| Installation through MSI packages, download URLs, and emails sent to end users |
|
|
|
|
|
| On-demand and scheduled reports at different levels and with multiple granularity options |
|
|
|
|
|
| Security KPIs and management dashboards |
|
|
|
|
|
| API availability |
|
|
|
|
|
| Remote Monitoring & Management (RMM) Integrations | |||||
| ConnectWise Automate |
|
|
|
|
|
| Kaseya VSA |
|
|
|
|
|
| N-able N-central |
|
|
|
|
|
| N-able N-sight |
|
|
|
|
|
| NinjaOne (Automated Deployment Scripting) |
|
|
|
|
|
| Modules | |||||
| WatchGuard Data Control* |
|
|
|
||
| WatchGuard Advanced Reporting Tool |
|
|
|
||
| WatchGuard Patch Management |
|
|
|
|
|
| WatchGuard Full Encryption |
|
|
|
|
|
| WatchGuard SIEMFeeder |
|
|
|
||
| High availability service |
|
|
|
|
|
| Host platform certifications | ISO27001, SAS 70 ISO27001, SAS 70 | ISO27001, SAS 70 ISO27001, SAS 70 |
|
||
| Supported Operating Systems | |||||
| Windows Intel and ARM |
|
|
|
|
|
| macOS Intel and ARM (M1 and M2) |
|
|
|
|
|
| Linux |
|
|
|
|
|
| Android |
|
|
|
||
| iOS |
|
|
|
||
| Support for virtual environments - persistent and non-persistent (VDI)** |
|
|
|
|
|
< Basic functionality only
Full functionality
* WatchGuard Data Control is supported in these countries only: Spain, Germany, UK, Sweden, France, Italy, Portugal, Holland, Finland, Denmark, Switzerland, Norway, Austria, Belgium, Hungary, and Ireland.
** Compatible systems with these types of virtual machines: VMWare Desktop, VMware Server, VMware ESX, VMware ESXi, Citrix XenDesktop, XenApp, XenServer, MS Virtual Desktop and MS Virtual Servers. WatchGuard EPDR solution is compatible with Citrix Virtual Apps, Citrix Desktops 1906 & Citrix Workspace App for Windows.