Host Ransomware Prevention
Prevent Ransomware Before File Encryption
Despite existing security solutions, small to midsize businesses (SMBs) and distributed enterprise organizations continue to fall victim to ransomware attacks which will have a disastrous impact on business operations and continuity. WatchGuard Host Ransomware Prevention (HRP), a module within the WatchGuard Host Sensor, leverages behavioral analytics to not only detect and remediate these sorts of attacks, but actually prevent them as well.
Utilizes a behavioral analytics engine to see if a given action is related to ransomware attack
In Prevent mode, HRP automatically prevents a ransomware attack before encryption takes place
ThreatSync correlates the threat data to supply a comprehensive threat score for a ransomware attack
HRP is a component of Threat Detection and Response and included with WatchGuard Total Security Suite
APT Blocker, WebBlocker & HRP work together to detect and stop ransomware attacks
The Host Sensor leverages minimal CPU, allowing TDR to work alongside existing AV deployments
Behavioral Analytics for Endpoint Protection
Ransomware is one of the best threats facing SMBs and distributed enterprise organizations today. WatchGuard’s Host Ransomware Prevention Module within the WatchGuard Host Sensor leverages a behavioral analytics engine to watch a good array of characteristics to see if a given action is related to a ransomware attack.
Automated Remediation for Ransomware Prevention
Ransomware attacks take hold of a tool by either locking the user out entirely or encrypting files so that the device can’t be used. The hacker will then post a ransom that must be purchased the user to receive the decryption key to regain access to their device. When HRP detects that a threat is actually ransomware, it can halt the attack before encryption takes place, effectively mitigating the threat completely.
Threat Correlation and Prioritization
ThreatSync is WatchGuard’s new cloud-based correlation and threat scoring engine, improving security awareness and response across the network to the endpoint. ThreatSync collects event data from the WatchGuard Firebox, WatchGuard Host Sensor and cloud threat intelligence feeds, correlates this data to get a comprehensive threat score and rank supported severity. Visibility into the network and endpoint provides improved protection against ransomware attacks.
Email Alerts & Notifications
ThreatSync includes email alerts and notifications to let you know when HRP has detected and remediated ransomware from your network and endpoint. Notifications are configurable to ensure that you receive the alerts you want when you want them.
Total Security against Ransomware Attacks
With WatchGuard’s Total Security Suite, organizations can win the fight against ransomware attacks. By leveraging multiple security services, including APT Blocker, WebBlocker and Host Ransomware Prevention, SMBs can enjoy protection against advanced malware attacks on the network and also the endpoint through one comprehensive solution.
How It Works
Host Ransomware Prevention may be a module within the WatchGuard Host Sensor that leverages behavioral analytics to detect and determine if an occasion is malicious. If the threat is malicious, HRP will automatically block the threat from working on the device ensuring that file encryption doesn’t happen. HRP will then report back to ThreatSync that a ransomware attack has been mitigated allowing further investigation.