ThreatSync is a WatchGuard Cloud service that provides XDR technology for WatchGuard Network and Endpoint Security products that:
- Provides a UX primarily for incident responders
- Displays malicious detections as incidents
- Correlates events to create new malicious detections
- Enables responders to respond on-demand or configure automated responses to malicious detections and abnormal behaviors
- Has service provider capabilities including aggregated dashboards, automation templates, and email notifications
ThreatSync provides extended detection capabilities by correlating data from different WatchGuard security products that indicate the presence of threat actors in the organization. By using multiple products and correlating activities monitored from different security products, ThreatSync scores and detects malicious scenarios that could be indicators of compromise (IoCs), enabling mean-time-to-detect (MTTD) reduction and swift containment of the impact, severity, and scope.
How do I get ThreatSync?
ThreatSync is a WatchGuard unified security feature included by default with any Firebox Total Security Suite (TSS) subscription and WatchGuard Endpoint Protection, Detection and Response (EPDR) and Endpoint Detection and Response (EDR) products. The more WatchGuard products you have, the more visibility and expanded XDR features you gain access to. And deployment is as easy as it gets. You simply browse to a ThreatSync page and click Enable to get ThreatSync to start using the products you already own.
What about TDR?
With the arrival of ThreatSync as the WatchGuard Cloud service that correlates network and endpoint data to detect new malicious activity, it is time to start to phase out the use of Threat Detection and Response (TDR). We recently released EDR Core as a replacement for the TDR Host Sensor to provide you with equivalent or superior capabilities to those you have with Threat Detection and Response today. In conjunction with that release, we will mark specific Threat Detection and Response features end-of-sale and end- of-life.
Here is the full schedule for this transition:
|End-of-support for legacy Firebox logging to TDR
(logging not through WGC Firebox Visibility)
|9 March 2023|
|End-of-life for AD Helper||9 March 2023|
|End-of-sale for TDR Host Sensor Add-on Packs||30 April 2023|
|End–of-life for TDR||30 September 2023|
Find out more For more information about ThreatSync, go to About ThreatSync in the Help Center.