Threat detection and response is about utilizing big data analytics to find threats across large and disparate data sets. The objective is to find anomalies, analyze their threat level, and determine what mitigative action(s) may be required in response. The demand for threat detection and response solutions has grown as the volume of data being produced by organizations is increasing at an exponential rate.
The key benefit of threat detection and response solutions is their ability to automatically identify and respond to threats in real-time. By combining behavior-based detection capabilities and deep visibility into data activity across endpoints, TDR solutions can catch threats that often go undetected by firewalls and antivirus. Sophisticated analytics are used to detect anomalies and patterns such as rare/suspicious processes, risky activities, and unrecognized connections.
We are excited to announce that Threat Detection and Response (TDR) has some new capabilities! By popular demand, WatchGuard has made pre-configured Antivirus Exclusions a reality! Gone are the days of copying and pasting directory paths one by one into the Exclusions page. These predefined exclusion sets make it easy to add exclusions for the most common antivirus vendors.
To see these changes in the TDR Web UI, select Configuration > Exclusions. The Exclusion page now includes two tabs:
- Custom Exclusions – Shows the exclusions you configured manually before version 5.8.0. Any custom exclusions you added previously still work as expected.
- AV Exclusions – Shows the predefined sets of exclusions for common antivirus vendors.
In addition to the AV Exclusions feature, we have a new Host Ransomware Prevention (HRP) Visualization feature. When you view the details of an HRP Indicator that was successfully remediated, you can now view a graphical representation of the event.
If the Indicator can be graphed, you will see a new Chart button in the Additional Details pop-up of the Indicator. Click the button to open a new window. The chart is interactive, with the following capabilities:
- Processes are displayed as square nodes
- If the Process has Behaviors, a plus sign will display in the Process node.
- Behaviors are displayed as oval nodes and will be expanded when you click on the plus sign
- Hover over any node to show details
- Click on a node to highlight the node and the paths to related nodes
- The Download/Export icon enables you to export the chart as an image
We hope you are as excited about this new feature as we are! Any and all feedback is always welcome!