WatchGuard ThreatSync+ SaaS
Coud-native Cloud and SaaS threat detection and response for M365, Azure, Google and AWS environments

Features:

Cutting-Edge Cloud AI

Using unsupervised and semi-supervised machine learning operating in a multi-tier neural network, ThreatSync+ SaaS ingests and correlates Cloud and SaaS application logs to surface risks and threats across Cloud environments. The AI engine identifies misuse and risky file access or sharing, risky user/account activity, and risky admin activity associated with password attacks, privileged escalations, and data exfiltration stages of cyberattacks.

Surface Hidden Cloud Risks

ThreatSync+ SaaS watches all your Cloud environments 24/7, offering a unified view of Azure, M365, Google, and AWS risks and threats. Gain visibility into application, account, and file risks, including privileged account creation and management, application usage, and file movement from controlled to public locations with a simplified view.

Deploy Rapid Threat Detection and Response

ThreatSync+ SaaS efficiently detects, identifies, and enables remediation actions for threats detected across SaaS applications and Cloud accounts. Attacks are identified quickly so that remediation efforts prevent further damage. Threat coverage includes brute-force password attacks, account compromise, lateral movement, privilege escalation, and data theft. Remediation is executed via ThreatSync or through open SOAR systems.

Reduce TCO with Cloud-Native Architecture

With its 100% open Cloud-native architecture, there is no need for additional hardware. ThreatSync+ SaaS operates in the WatchGuard Cloud and is compatible with your ThreatSync and ThreatSync+ NDR deployments. Secure log collection is managed from the Cloud and ingests data from AWS, Google, and Microsoft Cloud platforms. This minimizes costs while maximizing risk and threat visibility.

Expand Coverage: Upgrade to the ThreatSync Suite

Expand threat detection and response coverage across your hybrid environment with ThreatSync Suite. Correlate risks and threats across network, Cloud, and SaaS applications and directories with our open XDR platform. The ThreatSync Suite includes ThreatSync Core and ThreatSync+ with NDR, Cloud/SaaS coverage, and WatchGuard Compliance Reporting, delivering expansive risk and threat detection and remediation with a cost-saving compliance reporting capability.

Anatomy of a Threat Report:

Understanding the risks and threats hidden in your organization’s Microsoft 365 (M365) deployment is no easy task. The security capabilities native to M365 are significant, but they are also complex and challenging to manage. Understanding the risks and threats in M365 activities is crucial for protecting your entire organization and your suppliers, partners, and customers.

By actively monitoring your M365 deployment with automated risk and threat reporting, you can identify vulnerabilities or cyberattacks that get lost in the complexity of Microsoft Defender. This proactive approach empowers you as a cybersecurity professional to address M365 issues before damage occurs, thereby boosting your cybersecurity hygiene and defenses.

M365 Risk and Threat Reporting

ThreatSync+ SaaS includes M365 Risk and Threat Reporting. The report provides a detailed look at risky and threatening activity and policy control violations across M365 users. It begins with a visualization and timeline of your overall M365 threat score and trends based on fifteen best-practice control policies. It provides a detailed look at each of the fifteen controls actively monitored by the system. Each control effectiveness section shows the individual threat score and trend line for the control being monitored, and if any gaps or failures are found, guidance on how to remediate them is provided.

The report is easily configurable to meet the specific needs of organizations or cyber defense programs. New controls can be easily built in ThreatSync+ SaaS and added to the M365 report. Its purpose is to quickly and accurately highlight M365 issues, provide managers with a way to establish M365 security objectives, and track progress and improvements toward them.

The Microsoft 365 Risk and Threat report is a comprehensive resource that offers detailed insights into the activities within your Microsoft 365 deployment. It provides a thorough overview of the risks and threats related to all fifteen critical controls and objectives, ensuring that your Microsoft 365 environment and users are safeguarded. These insights are crucial for your cybersecurity program as they furnish the necessary information to comprehend your security position and identify steps for enhancing it. The specific information included in the report may vary based on the deployed controls but typically encompasses:

• A prioritized view of top threats to your M365 environment.
• The criticality level of each risk, typically classified as critical, high, or medium.
• A description of each risk, including the type, severity, and potential impact.
• Recommendations for removing each risk, such as installing security updates, removing malware, isolating devices, changing credentials, or configuring security settings.

Examples of specific security risks that may be identified in the assessment:

• Internal files share externally
• Suspicious file activity by rate
• Anonymous file activity
• Internal files made public

• Brute force password attack
• Suspicious admin changes, rate
• Suspicious admin changes, time
• Suspicious access location

• Suspicious access time
• Impossible travel/access
• Suspicious access rate

ThreatSync Purchase Options:

ThreatSync Core offers a base set of XDR capabilities with qualifying network and endpoint security product purchases at no additional charge. Additional ThreatSync+ product licenses can be purchased separately to add advanced XDR capabilities such as third-party product feeds and deep AI-based detections, monitoring, and analysis.

WatchGuard’s family of XDR products enables MSPs and companies of every size to deploy a foundational core of XDR functionality and add advanced options to quickly expand protection across threat surfaces and attack vectors. Choose the ThreatSync products that best suit your environment to deploy a custom solution that fits your needs and capabilities.

• ThreatSync Core includes foundational XDR capabilities:
  • Threat information correlation
  • Incident scoring and management
  • Intelligent automated remediation
  Features are platform-ready and available for each network and endpoint security product activation at no additional charge.
• ThreatSync+ XDR products can be purchased separately to add advanced XDR capabilities, including third-party product feeds and AI-based detections, monitoring, and analysis.
• ThreatSync+ NDR: 100% Cloud-native, AI-powered threat detection and response solution that requires no hardware and protects on-premises network, VPN, and identity threat surfaces.
• ThreatSync+ SaaS: 100% Cloud-native, AI-powered threat detection and response solution that requires no hardware and protects SaaS applications, Cloud platforms, and Cloud identity threat surfaces.
• WatchGuard Compliance Reporting enhances ThreatSync and WatchGuard Cloud reports, providing comprehensive compliance reporting for business and regulatory needs.
• ThreatSync Suite: Single integrated package including ThreatSync Core, ThreatSync+ products (NDR, SaaS, and future identity/EDR integration), and WatchGuard Compliance Reporting, offering a complete integrated XDR solution.

Specifications:

Documentation:

Download the WatchGuard ThreatSync+ SaaS (.PDF)