histats

WatchGuard EPDR Review: An incredible array of security measures

WatchGuard EPDR Review: An incredible array of security measures

WatchGuard has a strong reputation in the network security space, and the acquisition of Panda Software has enabled it to complement its firewall with enterprise-class endpoint protection. Three versions are available; we reviewed top EPDR (endpoint protection, detection and response), which delivers a bunch of security measures, including some you’d be hard-pressed to find anywhere else.

You don’t have to worry about extra administration costs. EPDR is fully integrated into the WatchGuard Cloud portal, allowing you to remotely monitor and manage all Firebox devices, security policies, wireless access points and endpoint protection services from one console.

Instead of relying on reactive signature updates, EPDR analyzes and classifies every app that runs and blocks those it doesn’t know about. That won’t stop them from running permanently as WatchGuard’s cloud service runs background checks on the app and instructs the endpoint client to let it through if it’s cleared as safe.

Basically, EPDR can be run in a passive audit mode to gather information about your everyday apps. Once you’re satisfied with the results, you can enable a “hardening” mode that allows pre-installed unknown apps to run but blocks them from accessing external data sources, or choose lock mode to fully protect against zero-day attacks and newly released malware EPDR provides file, web, and email anti-malware scanners and combines them with a Windows client firewall, removable device controllers, and a Windows shadow copy service to recover ransomware-encrypted files.

The web content filtering service uses the same database as WatchGuard’s Fireboxes and offers 118 URL categories that can be blocked or allowed. The main cloud portal provides a status overview of all licensed products, and selecting the EPDR header opens a new page with full access to all functions. Agents for Windows, Linux, and macOS systems can be downloaded directly from the console’s Computers page, or you can email users with a download link.

See also  Cryptocurrencies to watch: Week of January 9

A nice touch for LAN deployment is that the first system to receive an agent is automatically nominated for network discovery tasks. Using a Windows 10 PC as the discovery client, we let it scan the network, select desktops and servers from the list, and push the agent to them.

You can send a QR code to Android users for the mobile security app, which provides protection against malware and a smart anti-theft feature that secretly emails a photo of the user after three failed unlock attempts.

New to EPDR is iOS support, where it provides a built-in mobile device management (MDM) service for Apple’s push notification service and certificate signing requests. The portal dashboard provides an overview of your security posture with charts and graphs for endpoints, trusted apps, malware, exploits, PUPs, apps currently under investigation and an overview of website access. WatchGuard’s new “indicators of attack” service maps threats against the Miter ATT&CK matrix and shows their evolution from reconnaissance and access to detected lateral movement and data exfiltration attempts.

Policies control all endpoint security services and can be assigned to individual computers and custom groups. Threat responses are fast: When we ran our ransomware simulator on protected Windows clients, alerts were posted to the dashboard in one minute with email alerts flying in 15 minutes later.

WatchGuard’s EPDR isn’t the cheapest option, but it makes up for it with an incredible array of security measures. Smart detection and response services further enhance threat protection, and seamless integration with the cloud portal allows all WatchGuard security products to be managed from one place.

Selected resources

Big gains from big investments in AI-powered automation

Automation disruptors realize 1.5 times higher revenue growth

Free download

Hyperscaler cloud service providers top ten

Why it’s important for companies to consider hyperscale cloud service providers and why they matter

Free download

Strategic app modernization drives digital transformation

Address business needs both now and in the future

Free download

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *