Freely subscribe to our NEWSLETTER

The report evaluated WatchGuard’s advanced Endpoint Protection Detection and Response (EPDR) solution, which includes Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) for comprehensive protection against sophisticated cyber threats. With continuous monitoring, detection and classification of all activity, WatchGuard Advanced EPDR reveals and blocks anomalous behaviors on computers, servers and processes while proactively alerting security teams to new hacking and evasion techniques.

GigaOm noted that WatchGuard Advanced EPDR is a "very well rounded and capable" solution, calling out as a differentiator its ability to identify previously unknown applications through its Zero-Trust Application Service. WatchGuard Advanced EPDR combines the widest range of endpoint protection technologies (EPP) with automated detection and response (EDR) capabilities. It also has two services, managed by WatchGuard experts, that are delivered as a feature of the solution. The Zero-Trust Application Service classifies 100% of processes by default, denying any execution until it is certified as trusted, and the Threat Hunting Service automatically processes all data gathered from telemetry, identifying indicators of attack (IOAs).

Other key features called out by GigaOm include:

Osquery integration for rapid forensic evidence collection and interrogation
Jupyter Notebook integration for Runbook management
Ability to remotely isolate potentially infected endpoints for further evaluation

In addition, GigaOm pointed out that WatchGuard Advanced EPDR includes managed threat hunting, which often requires a separate license from other vendors. This is especially important for smaller organizations that may not have the resources or expertise to perform threat hunting on their own.