WATCHGUARD TECHNOLOGIES - OUTSCOPE
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Presented by
Diogo Pata
Sales Engineer Portugal
WatchGuard Technologies
Copyright © 2021 WatchGuard Technologies, Inc. All Rights Reserved. | CONFIDENTIAL
WatchGuard Endpoint
Security Service
Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
3
What makes us different?
– We have developed a Zero Trust Application Service to reduce the UNKNOWN
– Our mission is to reduce the number of security incidents to ZERO
– We provide our customers endpoint data that competitors are not even collecting
– Our complementary SOC model enables large organizations to introduce Forensic Tools
– We transformed the traditional Threat Detection approach into a Threat Hunting Service
Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
4
The prevailing paradigm
More effort
Suspicious
Result:
More risk A higher success rate in malware
Malware attacks, causing a detection gap.
Unknown
Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
5
• Based on the classification of absolutely all
Our model running processes on your endpoints.
• All activity of all programs is monitored
and analyzed in real-time.
• All behaviors are verified by a managed
service. Admins don’t have to investigate
100% classified
anything.
Managed Service
• Higher level of protection with less effort.
Suspicious
Zero risk
More risk
Malware
Results:
No application, process or DLL will execute
unless it is trusted.
Higher protection rate with minimum effort.
Unknown
Goodware
Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
6
The Right Visibility
▪ 30 telemetry event categories
▪ 94 sub event categories
▪ 10K attributes collected each binary
files
Statistics Around The Data Collected
Events per 5.5 Classified processes
4,000
machine daily Billion by Panda Security
4 Events processed 2.3 New undiscovered
Billion daily by Big Data Million Malware &PUP found
500 Events collected 99.98% 99.98% by Machine Learning
Billion (last 12 months) 0.02% 0.02% by Analysts
Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
How the Zero Trust App Service works
Cloud Platform
Customers Technology Step 1 Step 2 Step 3 Step 4
Black Listing White Listing ML Classification Manual Classification
Detects Known Malware Known Goodware Unknown Processes New Attack Patterns
c
Collective Intelligence
Collective Intelligence AD: Cloud-Based
Based on 3.2 Billion 1 Known AD: Malware Analysts
2.3 Billion 1 Known MW Machine Learning
GW
Local
Technologies: 99.98% Automatic 100% classification
Signatures, Results 73,31% Automatic classification
Heuristics
classification +0.02% Manual
Behavior
analysis, Anti-
exploit…
Cloud-based lookup
Events Storage
Historic Timeline
Events Stream
1As of 2019
Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
8
Preventing incidents BEFORE they happen
PRE-EXECUTION EXECUTION POST-EXECUTION
Threats: tens of millions +14k Prevented attacks
MW files: 5-10 million of which PowerShell: 26% Incident investigations
Distinct PE files: 5-7 million of which Exploits: 8k
of which UNK files: approx. 20%
of which New MW: approx. 1.3%
100% Classification Context-Based Behavior Analysis Threat Hunting & Investigation
Signatures (local, cloud) In-Memory Anti-Exploit
Heuristics
URL Filtering
Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
9
Product and Modules
• Inventory and PII file classification (GDPR-centric)
• Real time PII monitoring
• PII / non-PII search
• Delete PII in files
• Managed Full Disk Encryption with BitLocker
• Centralized management and recovery encryption keys
• Centralized encryption policies
• Encryption dashboards, widgets and reporting
• Patch management for Microsoft software and 3rd party applications
• End-of-Life application management
• Patch rollback and Windows Update service management (disable function)
• Arbitrary patching on specific software, patch or vendor: real time or scheduled patching tasks
• Real time preconfigured & customizable dashboards, reports and alerts
• Dashboards, widgets, and predefined queries for security KPIs
• KPIs for vulnerable applications, access data and files, shadow files
• Raw data from: endpoint operations, network connections, data access, processes, etc.
• Real time data insights with custom actions
• Protection against sophisticated targeted attacks in the pre-execution and execution phases
• Detection of unknown exploits based on the behavior of compromised processes in memory
• Virtual patching for unsupported systems: behavior and context-based detection of IoAs in the execution phase
• Machine Learning and Deep Learning on static, dynamic and contextual attributes
• 100% Classification Service and Threat Hunting & Investigation Service
• Unknown threats prevention and integration with SIEM platforms (optional)
• Containment from the console: isolate devices in a controlled way
• Web browsing category-based monitoring and filtering
• Microsoft Exchange (on premise) email protection against phishing, malware and advanced threats
• Microsoft Exchange (on premise) anti-spam protection
• Protection against malicious apps (malware, phishing, trojans, scripts and malicious macros in MS Office documents, etc.)
• Detection of Indicators of Attack (IoAs) in the pre-execution phase, Managed Firewall with HIPS and Device Control
• HIPS, anti-tamper protection, automated disinfection and remediation with centralized quarantine
• Real time deployment of configuration policies and tasks, discovery of unmanaged devices, hardware and software inventory
• Mobile security and management (Android)
Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
10
Integration in WGC
▪ When?
– Beta: 30th March
– GA: 1st June
▪ Products integrated:
– EPP (EPP)
– EDR (AD)
– EPDR (AD360)
– Modules coming in Q4
▪ Only for new customers
– Migration coming later
Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved11
Integration in WGC
▪ Main features:
– Manage partners and customers from
a single pane of glass (WGC)
– Manage customers’ licenses from
WGC
– Dashboards with protection status
– SSO to Aether Partner view
– SSO to Partner Center to manage
multi-customer policies
– Support to multiple regions (US,
Japan, EMEA)
Customer view
▪ Customer care:
– Merge customers & partners accounts
– Support to delegated service
Copyright ©2021 WatchGuard Technologies, Inc. All Rights ReservedDNSWatchGo Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
13
DNSWatchGO
▪ Block Phishing attempts
▪ Enforce content filtering for remote users
▪ Protect against happy clickers
▪ Detect and block malicious conns from infected
Endpoints
▪ Gain visibility into DNS activity
Copyright ©2021 WatchGuard Technologies, Inc. All Rights ReservedDNSWatchGO – How it works Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
Safe search Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
Content Filtering Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
Authpoint Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
Authentication
▪ Cornerstone to securing a mobile workforce
▪ Protect against phishing by protecting logins
▪ Secure against credential theft with strong MFA
Copyright ©2021 WatchGuard Technologies, Inc. All Rights ReservedWatchGuard Authpoint Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
21
Mobile App as a token
Download the mobile app:
Available for Android and iOS:
Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved22
Online and Offline Multi-Factor Authentication
Push-Based Authentication
Secure authentication with one-touch approval. You see who’s
trying to authenticate, and where, and can block unauthorized
access to your resources.
More secure offline option
QR Code-Based Authentication
Use your camera to read a unique, encrypted QR
code with a challenge that can only be read with the
app. The response is typed in, to finalize the
authentication.
Time-Based One-Time Password (OTP)
Retrieve your dynamic, time-based, one-time password
as displayed, and enter it during login.
Copyright ©2021 WatchGuard Technologies, Inc. All Rights ReservedPush-based Authentication WITH Context
• Secure authentication with one-touch approval.
• You see who’s trying to authenticate
• What time
• Where is it coming from
• Which resource are you trying to access
• … So you can approve, or block if that’s not you
✓ Some solutions just ask you to approve an authentication
✓ How do you know it’s really you and not someone trying
to authenticate at the same time from a different
location?
Copyright ©2021 WatchGuard Technologies, Inc. All Rights ReservedFireware 12.7 Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
WatchGuard’s Family of Firebox Appliances
Appliance FireboxV Firebox Cloud
T15
Small and home offices
(up to 5 users)
T20
Small and branch offices
(20-30 users)
T40
T80
Small and midsize Small Small
business M270
(50-150 users)
M370
Medium Medium
M470
Midsize Business and
Distributed Enterprise M570
(450-850 users) Large Large
M670
Large business and M4800
distributed enterprise Xlarge XLarge
(2500-7500 users)
M5800
Software Scalability: Instant Visibility:
Single version of WatchGuard Fireware® OS WatchGuard’s award-winning threat visibility
runs on all appliances platform, WatchGuard Cloud, comes standard
on every appliance
Automation to the Core: Centralized Management:
WatchGuard Firebox appliances are designed Every appliance comes with built-in features
with automation to the core, allowing your IT to expedite deployment and simplify ongoing
team to do more with less. network and appliance management.
Copyright ©2021 WatchGuard Technologies, Inc. All Rights ReservedPackaged to Your Needs
*
Copyright ©2021 WatchGuard Technologies, Inc. All Rights ReservedCopyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
Wi-Fi Cloud v9.0 Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
29
Remote Access Point (RAP)
Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved30
Support Remote Workforce with Remote Access Point
• COVID-19 forced everyone to go from a traditional office/classroom setting
to figuring out a plan for hybrid work models and online learning
environments.
• Remote Access Point (RAP) is a solution that enables secure and reliable
access to corporate and school applications anytime, anywhere through
an encrypted IPsec VPN.
• No agents or additional licensing required.
NEW! We are adding RAP with VPN tunnel
functionality to the Discover application within Wi-Fi
Cloud. Available with Secure Wi-Fi or Total Wi-Fi
licenses.
Copyright © 2021 WatchGuard Technologies, Inc. All Rights Reserved. | CONFIDENTIALWhich Access Point Models Support RAP?
PICK ME!
AP420
AP225W
AP327X
Copyright ©2021 WatchGuard Technologies, Inc. All Rights ReservedThank You! Copyright ©2021 WatchGuard Technologies, Inc. All Rights Reserved
You can also read
