New Features Available for ThreatSync!

Cybercriminals constantly exploit new technologies and trends, so your cybersecurity solutions must keep pace. This constant evolution can feel overwhelming when you're focused on scaling your business. WatchGuard understands this challenge. That's why we're constantly improving our Unified Security Platform architecture. We aim to simplify security and make protecting your customers easier than ever. We publish quarterly updates on all our recently released features to keep you informed. This way, you'll always be aware of the latest innovations from WatchGuard and stay ahead of the ever-changing threat landscape.

NETWORK SECURITY RELEASES

• Reallocate a Device Between Subscriber Accounts

  The device migration feature in WatchGuard Cloud is a powerful tool that makes it easy to move devices from one account to another without losing their configuration. Select the devices you want to move and choose the destination account. The feature will automatically transfer the devices' configurations, and you can verify the configuration before the migration is completed. This feature is a valuable addition to WatchGuard Cloud, making it easier to manage your devices and reducing the risk of errors when migrating devices between accounts. Learn more here.

• Remove Instance ID Check from Firebox Cloud

  This update simplifies Firebox Cloud activation and high availability features. Previously, the instance ID tied a Firebox Cloud instance to a specific virtual machine. This caused issues when Cloud-based backup or disaster recovery created VM clones with new instance IDs. By removing the instance ID from the feature key and activation flow, Firebox Cloud becomes more flexible for high-availability scenarios without compromising licensing verification. Learn more about Firebox Cloud setup here.  

• Dynamic Routing for a Cloud-Managed Firebox

  Simplifying network management, service providers can now configure automatic updates during device setup instead of manually setting static routes. Supporting common protocols like RIP, OSPF, and BGP, dynamic routing provides greater flexibility for networks that change frequently. Deploying it is easy, with checks to ensure everything is configured correctly and clear error messages if there are any problems. You can also monitor how your routing works with live status and see a history of deployments. It lets users manage basic and advanced routing directly in the Cloud. If you already use dynamic routing on-premises, you can seamlessly switch to Cloud management without disrupting your network. Learn more here.

• Enhanced Device Details - Firebox

  WatchGuard Cloud gives you more control over your Firebox devices with an enhanced Device Summary page. The dashboard shows critical details like allocation status, last connected date, and firmware version. Plus, all this data can be exported to CSV for easy reporting. Filter by management status or offline devices to quickly find what you need, helping your Device Management and Support teams be more efficient. Learn more about configuring device settings in WatchGuard Cloud here. 

• Third-Party Integration: FastVue

  WatchGuard is proud to partner with FastVue, a leading provider in our third-party ecosystem. This collaboration brings advanced network monitoring and reporting that is aligned with KCSIE (Keeping Children Safe in Education) requirements. Supporting FastVue Reporter strengthens our core network security offerings, particularly for schools. WatchGuard goes beyond basic firewalls to deliver a more comprehensive security solution by providing deeper insights into user behavior and potential threats. This focus on the education market directly addresses the critical need to keep students safe online, making WatchGuard a valued partner for educational institutions adhering to KCSIE regulations. Learn more on the FastVue website here.  

• Fireware v12.10.3

  Fireware, the security software on your WatchGuard Firebox appliance, just got an upgrade. This update fixes bugs reported by users and addresses security vulnerabilities to protect your network. It also includes minor improvements to how Fireware logs data in support of the release of ThreatSync+ NDR. Please read the release notes for more information on this and other enhancements. 

• Fireware v12.10.4

  WatchGuard released a regular maintenance update for Fireware, the security software that powers your Firebox appliance. This update includes bug fixes, security patches, and other improvements to keep your network protected. A key improvement in this update is enhanced protection against brute-force attacks. Administrators can now automatically block the source of repeated failed login attempts. This is important because brute-force attacks, where attackers try to guess your passwords, are becoming more common. By blocking suspicious IP addresses, this update significantly strengthens defenses. Please read the release notes for more information on this and other enhancements. 

SECURE WI-FI RELEASES

• AP Firmware v2.4

  This update will boost your network with new features, improvements, and important bug fixes to enhance stability and security. View the WatchGuard Cloud release notes for detailed information on the new features, enhancements, and resolved issues in firmware version 2.4. 

  With this release, you can now integrate with third-party captive portal services, creating a more customized and engaging guest Wi-Fi experience. Third-party captive portals can collect richer guest data, including social media login information, for more in-depth analytics. Choose from a wider selection of features offered by different third-party services. This lets you tailor the guest experience to your specific needs. With WatchGuard Cloud, you can set up multiple guest networks (SSIDs) within an access point. Each network can have a unique splash page designed by a third-party service you choose, like Purple Wi-Fi, Eleven Wireless, or GuestAir. In short, you have more control and flexibility to create the perfect guest Wi-Fi experience for your business. See how to configure a captive portal here.

• Enhanced Device Details – Access Points

  WatchGuard Cloud gives you more control over your WatchGuard access points with an enhanced Device Summary page. The dashboard shows critical details like allocation status, last connected date, and firmware version. Plus, all this data can be exported to CSV for easy reporting. Filter by management status or offline devices to quickly find what you need, helping your Device Management and Support teams be more efficient. Learn more about configuring device settings in WatchGuard Cloud here. 

THREATSYNC (XDR) RELEASES

• Remote Control 

  This feature enables you to remotely connect to Windows computers on your network from the ThreatSync management UI to investigate and remediate potential attacks.  To use this feature, your remote Windows computers must have an active WatchGuard Advanced EPDR license and a remote-control settings profile assigned in Endpoint Security. Learn more here.

• Isolation Exceptions - Manual

  This feature enables you to allow communications from specific processes when you manually isolate a device from the Incidents, Incident Details, and Endpoints pages in ThreatSync. Learn more here.

• Isolation Exceptions in Automation Policies 

  This feature enables you to allow communications from specific processes when you add an automation policy whose action is “Isolate Device.” As a Subscriber or Service Provider, you can add isolation exceptions in automation policies. Learn more about automation policies here.

• Incident Audit Log & Activity Graph

  These features enable customers to understand the activities performed on their security incidents in ThreatSync more clearly and straightforwardly. Learn more about reviewing incident details here.

QUESTIONS?

If you have any questions about the new features released in Q2 2024, don't hesitate to contact your local WatchGuard sales representative or visit our online Support page. 

WatchGuard Directory is available. It enables customers to manage their users and groups not part of an external directory, such as Entra ID (formerly Azure AD), Active Directory, or LDAP sources.

While we recommend that organizations use a cloud directory like Entra ID (Azure AD), we recognize there are cases where these are not applicable or desirable, for example:

• Very small organizations (fewer than 25 users) and relatively simple access control needs, creating, and managing a cloud domain could be simpler and more cost-effective than implementing a full-fledged directory system.
• Any sized organization that wants to manage contractors and vendors (third-party access) separately from their employees, managing these users separately from their domain.

With the WatchGuard Cloud Directory, it is possible to:

1. Check users’ password against breaches at the moment of the password creation by the user. This prevents known compromised passwords from being created in the first place.
2. Users and groups are visible throughout the WatchGuard portfolio, important for integrations and upcoming products and services.
3. Single factor (password) authentication service for new products and services of the WatchGuard portfolio.

As the WatchGuard Cloud Directory evolves in the future, enhancements include:

1. Enable CSV bulk import for users and groups.
2. Configurable password requirements and complexity policy.
3. Device management (in addition to users, groups, resources).
4. Identity threats visibility, risk scoring (e.g., Password-only without MFA).

Is there any impact in my AuthPoint configuration?

Current and new AuthPoint Multi-factor and AuthPoint Total Identity Security users and groups that are not leveraging Entra ID (formerly AAD), AD or LDAP directory synchronization now are created, edited, and deleted through the WatchGuard Cloud Domain.

Welcome!

We are excited to announce a new beta for ThreatSync!

Endpoint Risk Scores (Beta) - This feature enables you to view endpoint risk levels and scores on the Endpoints page so that you can investigate whether an endpoint device poses a threat to the network.

To learn more or to report an issue, go to the ThreatSync Beta test community.

Before you submit your feedback, make sure to review the list of Known Issues.

We appreciate you testing these exciting new features. Thanks for your help in making our products better!  

The WatchGuard Beta Team