WatchGuard Host Ransomware Prevention
Prevent Ransomware Before File Encryption
Despite existing security solutions, small to midsize businesses (SMBs) and distributed enterprise organizations continue to fall victim to ransomware attacks that can have a disastrous impact on business operations and continuity. WatchGuard Host Ransomware Prevention (HRP), a module within the WatchGuard Host Sensor, leverages behavioral analytics to not only detect and remediate these types of attacks, but actually prevent them as well.
- Utilizes a behavioral analytics engine to determine if a given action is associated with ransomware attack
- In Prevent mode, HRP automatically prevents a ransomware attack before encryption takes place
- ThreatSync correlates the threat data to provide a comprehensive threat score for a ransomware attack
- HRP is a component of Threat Detection and Response and included with WatchGuard Total Security Suite
- APT Blocker, WebBlocker & HRP work together to detect and prevent ransomware attacks
- The Host Sensor leverages minimal CPU, allowing TDR to work alongside existing AV deployments
Behavioral Analytics for Endpoint Protection
Ransomware is one of the greatest threats facing SMBs and distributed enterprise organizations today. WatchGuard’s Host Ransomware Prevention Module within the WatchGuard Host Sensor leverages a behavioral analytics engine to monitor a wide array of characteristics to determine if a given action is associated with a ransomware attack.
Automated Remediation for Ransomware Prevention
Ransomware attacks take hold of a device by either locking the user out entirely or encrypting files so that the device cannot be used. The hacker will then post a ransom that must be paid for the user to receive the decryption key to regain access to their device. When HRP detects that a threat is in fact ransomware, it can halt the attack before encryption takes place, effectively mitigating the threat completely.
Threat Correlation and Prioritization
ThreatSync is WatchGuard’s new cloud-based correlation and threat scoring engine, improving security awareness and response across the network to the endpoint. ThreatSync collects event data from the WatchGuard Firebox, WatchGuard Host Sensor and cloud threat intelligence feeds, correlates this data to generate a comprehensive threat score and rank based on severity. Visibility into the network and endpoint provides improved protection against ransomware attacks.
Email Alerts & Notifications
ThreatSync includes email alerts and notifications to let you know when HRP has detected and remediated ransomware from your network and endpoint. Notifications are configurable to ensure that you receive the alerts you want when you want them.
Total Security against Ransomware Attacks
With WatchGuard’s Total Security Suite, organizations can win the fight against ransomware attacks. By leveraging multiple security services, including APT Blocker, WebBlocker and Host Ransomware Prevention, SMBs can benefit from protection against advanced malware attacks on the network and the endpoint through one comprehensive solution.
How It Works
Host Ransomware Prevention is a module within the WatchGuard Host Sensor that leverages behavioral analytics to detect and determine if an event is malicious. If the threat is malicious, HRP will automatically block the threat from acting on the device ensuring that file encryption does not take place. HRP will then report to ThreatSync that a ransomware attack has been mitigated allowing for further investigation.