WatchGuard continues expansion of Cloud Platform capabilities

WatchGuard enhances their existing UTM and MFA capabilities on Cloud Platform, while adding ThreatSync’s threat correlation service to the platform, which will have even greater import when Panda’s technology is added to it later this year.

Andrew Young, senior vice president of product management at WatchGuard

Today, Seattle-based cybersecurity vendor WatchGuard Technologies is announcing a series of upgrades to their WatchGuard Cloud Platform. Existing  Firebox UTM [Unified Threat Management] and AuthPoint MFA [Multi-Factor Authentication] capabilities see major upgrades. The ThreatSync threat correlation services has also been added to this platform for the first time.

“Our vision of WatchGuard Cloud was always a single pane of glass,” said Andrew Young, senior vice president of product management at WatchGuard. “WatchGuard Cloud was built and designed from the ground up with the MSP in mind, with its focus on automation and how MSPs manage their business and customer base. It is multi-tier and multi-tenancy. The platform was first released with a single application,  AuthPoint MFA, but was built as a platform to bring more services together. What’s special about this release is that it adds a set of new capabilities into the platform.”

WatchGuard Cloud Visibility, which provides full Unified Threat Management [UTM] visibility for the Firebox UTM devices, was added to the platform about a year ago, but the whole UTM management process has been significantly upgraded here.

“We really completely rethought how policy management should happen for UTM devices,” Young said. “Reimagining how network security policy management happens is the first big thing in this release.” Policy creation and management have been simplified with one-click security service implementations, as well as pre-configured policies to deploy content scanning, network inspection, content filtering, and other services at scale. The number of rules MSPs must manage has also been reduced.

“The new policy management also includes remote user and VPN capabilities, a key demand for the Work-From-Home space,” Young noted. “This is an important Work-From-Home enabler, which allows MSPs to do that at scale.”

The second major enhancement, Young stressed, is a major upgrade to how AuthPoint MFA works.

“While the MFA itself is not new, we made a huge leap in how it works with a new risk-based authentication framework that provides a Zero Trust foundation across all security services,” he stated.  The new risk framework policies improve identity management capabilities by providing customizable and flexible rules to configure users and devices based on level of risk. Out of the gate, the risk framework includes network location policies, with additional risk policies such as geofencing and correlated time policies on the roadmap.

The third major upgrade is the addition of WatchGuard’s ThreatSync threat correlation service to the platform.

“This brings telemetry from the various services together,” Young said. “It existed in a separate cloud application before but has now been brought into WatchGuard Cloud and tightly integrated.” It enables unified threat intelligence, correlation and scoring across the WatchGuard security stack, from network to user.

“The threat correlation engine is the foundation for our XDR platform, which lets us build machine learning models on top of the platform,” Young added. “When we bring Panda on, we will be able to feed it into the solution and bring on theatre-based telemetry.”

The technology from Panda, the endpoint protection vendor WatchGuard acquired last year, is noticeably absent from this release. Young stressed that it is coming however, and fairly soon.

“Panda is a very large part of the integration plan,” he said. “The Panda products are available today through the Panda cloud, but the integration with WatchGuard Cloud is well underway, and the plan is to GA it this summer. The  beta is coming up quickly.”

Young said Panda brings a tremendously rich set of endpoint capabilities – including endpoint protection, EDR, patch management, and threat hunting.

“Their EPP [Endpoint Protection Platform] plus Adaptive Defense 360 will be in Cloud Platform this summer, although the names will change as they come into WatchGuard,” he noted.

Look for WatchGuard’s WiFi capabilities, which are in a separate cloud today, to come into Cloud Platform as well, Young added.

Young said that while most WatchGuard MSP partners typically cater to the MSP market, and do not necessarily have deep security expertise of their own, that they will be capable of reselling advanced WatchGuard services like threat hunting.

“A big part of our value is our ability to bring these capabilities to the MSP community,” he indicated. “We did the same thing with sandboxing five years ago. Back then, some people said ‘MSPs can’t do this.’ We made it a check box. We made it easy for them. We also did this with threat correlation, and with EDR. The onus is on us to do this in a way that’s consumable by the masses. Even with Panda. we have to do work to make it all automated and make it easy for MSPs.”