Introducing ThreatSync's Credential Access Incident Correlation
We’re excited to unveil a groundbreaking addition to ThreatSync—the ability to correlate identity-related incidents, powered by AuthPoint’s Multi-Factor Authentication (MFA) alerts and activities.
Enhancing Threat Detection with Identity Insights
ThreatSync now features advanced capabilities to detect Credential Access incidents by integrating critical Identity Indicators of Compromise (IoCs) and Indicators of Attack (IoAs). By leveraging data from AuthPoint’s MFA events, alerts, and remediation activities, this new feature fortifies your organization’s defenses against common attack vectors targeting identities, such as:
- Login Attempts with Incorrect Passwords: Identify repeated failed login attempts that may signal credential stuffing or brute-force attacks.
- Excessive Push Notifications: Detect situations where users are overwhelmed with push notifications, a potential sign of MFA fatigue attacks.
- Policy-Based Authentication Denials: Monitor and act on authentications denied due to security policies, highlighting policy enforcement.
- Blocked Tokens Due to Failed Attempts: Recognize when tokens are blocked following multiple failed authentication attempts, indicating potential misuse.
- Disabled Push Notifications by Users: Address cases where users disable push notifications, potentially compromising MFA effectiveness.
- Unknown User Authentication Attempts: Identify and investigate authentication attempts by unrecognized users, signaling potential unauthorized access attempts.
Key Benefits of the New ThreatSync Feature
- Seamless Identity Threat Detection: Automatically correlate identity-related incidents for faster, more accurate threat detection.
- Integrated Security: Utilize ThreatSync’s detection and remediation tools alongside WatchGuard’s comprehensive suite of security solutions.
- Simplified Security Management: Streamline incident response processes with a unified approach to security.
With this new capability, ThreatSync users can harness its robust detection and remediation tools alongside WatchGuard’s full suite of integrated security solutions, boosting incident response and simplifying security management.
The WatchGuard Team