The best kept secret from Indian SMBs

Why SMBs need zero trust next generation endpoint security

Why Endpoint Security?
Why SMBs need zero trust next generation endpoint security
Cybersecurity Landscape
Complexity is coming at you from both the technical and business sides of your work.

Evolving cyber Increasingly Complicated Chronic

threat landscape complex management staffing
• Continually growing environments demands shortages
number of threats • Rise of BYOD • Complex security • Not enough
• Increasing • Remote workers policies qualified
sophistication of • Unique requirements cybersecurity
• Continued shift
threats for every customer professionals
to the Cloud
• Many solutions to learn
from many different
vendors 3
Traditional AV Protection is Not Enough

• Baseline protection for all endpoints

• No proactive detections

• Based on decades old methodologies

• No protection for unknown threats

• No protection for fileless attacks/in-memory exploits

• No protection for malwareless attack using Living-off-the-land

techniques
4
Problems That Need To Be Solved…

• More attacks, more complexity, across more of the network

• More infected endpoints as they are increasingly targeted

• More time to detection allows for more damage from breaches

• More unfilled cybersecurity positions

• More alerts without automated remediation

5
Cybersecurity & Threat Dynamics

• Ransomware is still lucrative

• Breaches are destructive
• Open security gaps
• Regulatory compliance demands
• Security staffing shortage

• Modern IT environments are “target rich”

• Advanced cybersecurity solutions are the new
baseline
• Essential protection & intrusion prevention are
now entry-level security
• IT must be more flexible than ever
Your New Reality
• More attacks, more complexity, across more of the network

• More infected endpoints as they are increasingly targeted

• More time to detection allows for more damage from breaches

• More unfilled cybersecurity positions

• More alerts without automated remediation

WatchGuard Endpoint Security

9
Our Differentiators

Cloud-Native Zero-Trust Flexibility and

Simplicity
Platform Service Extensibility

Prevent, detect
and respond to
Easy and
A single known and
straightforward A single agent for
endpoint pane of unknown
to configure, a complete range
glass & advanced threats
deploy, and of products
lightweight agent without added
centrally manage
cost or
complexity

10
 WatchGuard Cloud Platform
Streamlined Management with WatchGuard Cloud

Create and onboard any number and type of customer accounts

• NOT Infrastructure in the customer’s environment:
Cloud-native platform
• Offers a single pane of glass with a lightweight
agent
• Offloads the work associated with analyst services
and maintenance of the solution
• Easy SaaS deployment
• View and track licensing across all customers
• Manage your entire WatchGuard security stack

11
Zero Trust Application Service

12
Simplicity for End Customer Organizations

Zero-Trust Application Service Threat Hunting Service

Integrated Prevention, Maximizes Prevention, Light footprint. Deploy Visibility of past and
Detection, Response and Minimizes Time to Detect fast, Quick ROI present endpoint
Managed Security Services and Response. Reduces activity
TCO.

Adapts to the evolution of file- Zero-malware attacks mean less Cloud-native platform It enables Root cause
based, in-memory and operating costs Local technologies and analysis, anomalies
malwareless attacks. Services make the initial cost & cloud-based ML and big detection, IT insights and
Ensures trustability of process. TCO very convenient, no data Platform Attack Surface Reduction
Detects and Responses to hackers delegation and no alert plans
and Insiders noise/fatigue

13
 Industry-Recognized with Top Honors

Common Criteria “EAL2+” High “ENS” Classification Qualified IT Security Product

Information Technology ENS (National Security Centro Criptológico Nacional
Security Evaluation Framework) (National Cryptology Center)
 Many Happy, Long-Time WatchGuard Partners

“By far the best, among all other EPP & EDR that I tested
and can withstand direct or targeted attacks. No Antivirus or
EDR and EPP solutions can offer 100% but, this is the
closest.”
4.6 out of 5
Infrastructure and Operations. Education. Gov’t/PS/ED
<5,000 Employees

“Quite better than other EDRs. AD is a powerful tool and

2 ND
position in EDR category the advanced console integrated with ART is very useful.
135 Reviews Panda is able to block and classify different malware and to
make the user feel safe.”
“WatchGuard Security is helping to lead the way in endpoint security
including antivirus and EDR, and we’re excited to award the Silver Security and Risk Management. Communications.
certification for compatibility with industry-leading NAC, CASB, SSO, and Gov’t/PS/ED 50,000 + Employees
SSL-VPN solutions.”
Cristina Stet
Certification Manager at OPSWAT
A Single Lightweight Agent With Maximum Workload in the Cloud

WatchGuard Endpoint Security agent is extremely light from a performance

perspective with most of the processing done in the cloud.

 Initial Bandwidth:
• 13MB Installer and communications agent
• 89MB Endpoint protection package
• Bandwidth consumption can be minimized using the CACHE
 Communication with the server:
• Download – 3.2MB/day*
• Upload – 1MB/day*
 Real-time on-access protection:
• 500 KB: Bandwidth used on the first day, when the cache is empty
• 35-100 KB: Bandwidth used after the first day, once the information is cached
 Compatible with other security vendor solutions
• Using the standards recommended by the manufacturer

22
WatchGuard EPDR
Endpoint Protection, Detection and Response
WatchGuard EPDR Delivers Superior Security

It goes beyond the traditional security with the Zero-Trust approach, the combined
classification service, machine learning and threat hunting service.

Zero-day, ransomware, crypto-jacking and advanced targeted attack are not a

challenge anymore for any SMB, mid-size company or large enterprise.
• On top of its EPP capabilities against known & zero day malware
• Advanced protection against never-seen before threats
• Proactive defense against emerging and APT threats
• Built on new and evolving ML and Deep Learning models
• Automatic detailed forensic analysis
• Immediate protection against all threat, known and unknown
• True “Zero-Trust” Model:
• Zero-Trust Application Service: 100% classification of applications
• Threat Hunting Service: detecting hackers and insiders 25
Zero-Trust Model: a Layered Protection

26
 WatchGuard EPDR: Our EPP and EDR in a Single Solution

Unique combination of best-of-breed EPP and EDR capabilities

Automated Automated Automated Automated

prevention detection forensics remediation
Block non-goodware Targeted and zero-day Forensic information for Automated malware removal
applications and exploits to attacks blocked in in-depth analysis of to reduce burden on
prevent future attacks real-time without signature every attempted attack administrators
files

Key differentiators

Continuous monitoring and analysis of Extremely lightweight agent Cross-platform security Easy to manage
all running applications

Fills the detection gap Virtually zero performance impact Covers all infection vectors in No maintenance or infrastructure
of AV products Windows, Linux, Mac OS X and required
Android computers
Cloud-based malware database
Minimizes risk of Browsing, email and file system Each endpoint communicates with the
unknown malware protection Cloud

Highly automated solution minimizing cybersecurity risks

27
How the Zero-Trust Application Service Works

28
Threat Hunting Service
• LotL (Living-off-the-Land) and fileless attacks are a growing concern: they
are more difficult to detect and make it easier for cybercriminals to attack
stealthily
• Hacker detection
• Find attackers using Living-off-the-Land techniques
• Lateral movements
• Compromised credentials
• Identification of malicious employees
• User behavior modeling

• New or improved IoAs produced to block before damage

• Our Cybersecurity Team continuously monitors endpoint activity in real time

in the form of event telemetry (12 months).

• In case of a validated breach, the Cybersecurity Team notifies the customer

WatchGuard EDR + WatchGuard EPP

30
 WatchGuard EPP WatchGuard EPDR
Protection against known and zero day malware, ransomware, exploits o
Anti-spyware, anti-phishing protection o o
More features. More Protection for multiple attack vectors (web, email, network, devices)
Traditional protection with generic and optimized signatures
o
o
o
o
SMBs protection Protection against advanced persistent threats (APTs) o
Zero-Trust Application Service o
Protection Threat Hunting Service (indicators of attack) o
Personal and managed firewall o o
IDS / HIDS o o
Authorized software by hash or program properties o
Ability to block unknown and unwanted applications o
Device control o o
URL filtering by category (web browsing monitoring) o o
Monitoring Data retention for one year for retrospective attack investigation o
Zero-Trust Application Service o
Detection
Fully configurable and instant security risk alerts o o
Ability to roll back and remediate the actions taken by attackers o o
Response and Centralized quarantine o o
remediation
Automatic analysis and disinfection o o
Information about each computer's hardware and software components o o
Attack surface reduction Information about the Microsoft updates installed on endpoints o o
Automatic discovery of unprotected endpoints o o
Centralized Cloud-based console o o
Ability to configure and apply settings on a group basis o o
Ability to configure and apply settings on a per-endpoint basis o o
Ability to customize local alerts o o
Endpoint security
management User activity auditing o o
Installation via MSI packages, download URLs, and emails sent to end users o o
On-demand and scheduled reports at different levels and with multiple granularity options o o
Security KPIs and management dashboards API availability o o
Endpoint system Host platform certifications ISO27001, SAS 70 ISO27001, SAS 70
management
*** Compatible systems with the following
types of virtual machines: VMWare Desktop, Supports Windows Intel, Windows ARM, macOS ARM, macOS, Linux o o
VMware Server, VMware ESX, VMware ESXi, Supported operating Supports Android o o
Citrix XenDesktop, XenApp, XenServer, MS systems Supports iOS
Virtual Desktop and MS Virtual Servers.
Support for virtual environments - persistent and non-persistent (VDI)*** o o
WatchGuard EPDR solution is compatible with
Citrix Virtual Apps, Citrix Desktops 1906 & Citrix
31
Workspace App for Windows.
Add on packages
Patch Management, Data Control, Full Disk Encryption, Advanced
reporting

32
WatchGuard Patch Management
WatchGuard Patch Management is a module for managing vulnerabilities of the operating systems and third-party
applications on Windows workstations and servers.
• Prevent incidents, systematically reducing the attack
surface created by software vulnerabilities

• Assess, monitor and prioritize operating systems and

application vulnerabilities and Updates

• Contain and mitigate vulnerability exploitation attacks with

immediate updates

• Reduce operating costs. It does not require the deployment

of additional agents. Updates are launched remotely and
provides complete, unattended visibility into all
vulnerabilities, pending updates and EoL applications
 WatchGuard Data Control*
Protect personal and sensitive data stored in your
organization.

• WatchGuard Data Control is designed to assist organizations in

complying with data protection regulations, as well as
discovering and protecting personal and sensitive data both in
real time and throughout its lifecycle on endpoints and servers

• WatchGuard Data Control discovers, audits and monitors

unstructured personal data on endpoints: from data at rest to
data in use and data in motion.

*WatchGuard Data Control is available in the following countries: Spain, Germany, UK, Sweden, France,
Italy, Portugal, Holland, Finland, Denmark, Switzerland, Norway, Austria, Belgium, Hungary and Ireland.
WatchGuard Full Encryption
WatchGuard Full Encryption leverages BitLocker, a proven and stable Microsoft technology, to encrypt and decrypt
disks without impacting end users and providing organizations with the added value of centrally controlling and
managing the eRecovery keys stored on Panda Security's cloud-based management platform, Aether.

• Prevent loss, theft and unauthorized access.

Recovery keys are stored and recovered
securely from the cloud.

• No need to deploy or install additional agents.

No servers or additional costs for additional
servers.

• Be compliant with regulations by monitoring

and enforcing encryption activation on
Windows devices, thanks to its intuitive
dashboards, detailed reports and change
audits.
Advanced Reporting Tool (ART)
Advanced Reporting Tool automatically generates security intelligence and provides IT
departments tools to pinpoint attacks, unusual behaviors and detect internal misuse of the
corporate network.

• ART is an intelligence gathering and compiling service that

works with Adaptive Defense and AD360

• Insights are provided without the investment in

infrastructure or maintenance

• ART delivers real-time, deep insight into the day-to-day

behavior of your applications, your network, and your users
Case Studies

37
WatchGuardAdaptive Defense 360
WatchGuard Adaptive Defense 360 + Patch Management
WatchGuard Adaptive Defense 360 + Patch Management
+ Advanced Reporting Tool
WatchGuard Adaptive Defense 360 + Systems Management
The perfect endpoint solution for Indian SMBs
A first for Indian
More devices Easier to deploy market
and operating and manage
systems covered
Zero trust
approach finds
more malware
Application and ransomware
doesn’t slow down
your device
performance
42
 43

Thank You
The Endpoint is the Epicenter of Today’s Cybersecurity Attacks

Advanced threats like ransomware, crypto-jacking and hacking

attacks remain a major concern…preying on distributed
endpoints with inadequate protection

An evolved endpoint solution offers a preventive zero-day

approach.
 Antivirus - endpoint protection is a necessary security layer
 EDR (Endpoint Detection and Response) solution complements existing
endpoint protection
 Integrated endpoint AV + EDR is a comprehensive solution

44
Attacks and Complexity Continue to Rise

45
Cybersecurity Skills Crisis

What are organizations reporting? Predictions for 2022

A lack of Cybersecurity expertise(1)
Cybersecurity market

grows to $173
82% 34,5% billion by 2022 (3)
in their teams in the industry

Even if they have the budget to close the gap, there is

3.5
million UNFILLED
a gap of Cybersecurity experts cybersecurity positions
globally by 2021 (4)
When hiring, they are unsure of what skills are
most important.(4)

(1) CSIS (Center for Strategic and International Studies) (3) Cybersecurity Insiders: Cyber Security market to touch $173.57 billion mark by 2022
(2) 451 Research study (4)Security Magazine, “
Cybersecurity Talent Crunch To Create 3.5 Million Unfilled Jobs Globally By 2021
46
Security Solutions Often Alert, but Don’t Act. Including Some EDR

“Two-thirds of the time spent by

security staff responding to
malware alerts is wasted
Only 4% of alerts because of faulty intelligence”
are ever
investigated. “It costs organizations an
average of $1.27 million
annually in time wasted
responding to erroneous or
inaccurate malware alerts”

Source: EMA
47
Endpoint Detection and Response (EDR) Solutions

• Endpoint Detection and Response (EDR) is a category of endpoint security tools, built to
provide endpoint visibility, and are used to detect and respond to cyber threats and exploits.
• They provide an accurate, firsthand view of a hacking operation as it unfolds (and traces of
such)
• Endpoints provide critical forensics information including process actions, file access
information, network events and endpoint configuration changes.
• EDR solutions were built to provide complete visibility to endpoints and servers, monitor
and spot abnormal behaviors that are indicative of malicious activity.
• True “Zero-Trust” Model:
• Zero-Trust Application Service: 100% classification of the applications
• Threat Hunting Service: detecting hackers and insiders
48
With a Zero Trust App Service that works

49
Support
• L1 – TATA Teleservices ( India )
• L2 – Firstwave Cloud ( India )
• L3 – WatchGuard OEM ( India )
• Uptime 99%
• Support 24*7
• Product origin https://www.watchguard.com/wgrd-about
• Indian Partner – Tata Teleservices Ltd.

50
PANDA, A WATCHGUARD BRAND

51