The best kept secret from Global SMBs

Competitive Advantages of WatchGuard

Agenda
• Main Cybersecurity challenges
-How WatchGuard Endpoint Security portfolio addresses them

• Main competitive advantages of our Endpoint Security portfolio

-Simple to use
-Managed services included in our EDR
-Single light agent
-Comparison table
-Summary table

• Additional competitive advantages for

-Mid-size and large accounts
-Service Providers
Cybersecurity challenges

Cybersecurity challenges WatchGuard Endpoint Security

Complex tools Simple to use
Security products can be difficult to deploy, maintain, WatchGuard Endpoint Security portfolio handles all
update and use needs of your Endpoint Security in an outstanding
simple way from a single web console.

Managing daily alerts Unique protection model including managed

Handling hundreds of daily alerts leads to alert fatigue,
leaving alerts invalidated or mishandled
services
Zero-trust application service managing all alerts
effectively and ensuring that only trusted applications
are executed. Threat Hunting services in order to
detect hacking and insiders' attacks.

Multiple agents required Single light agent

Security solutions required multiple agents causing serious Great performance on the endpoint with a single
errors, poor performance and high resource consumption. lightweight agent for all our Endpoint Security portfolio
Not all the systems covered. supporting Legacy Systems and Intel & ARM
processors

Competitive Advantages
Competitive Advantage

Simple to use

4
Simple to use

Complex problems can be solved with Simple solutions

 Complex problems may be solved in a simple

way

 Our customers and partners love how easy is

to install, configure, maintain and use our
solution

 Simplicity = Efficiency

5
Simple to use
Example of Complex problems solved with Simple solutions

 Customer complex problem:

– Stop any kind of attack, including the
ransomware

 Simple solution:
– No actions needed. We just need to deploy
our solution in all the endpoints
– Our default configuration offer maximum
protection to our customers against any kind
of attack, including the ransomware
Simple to use
Complex problems can be solved with Simple solutions

 Customer complex problem:

– An extremely critical vulnerability with an
exploit available is reported
– The vulnerability is identified by the CVE-2021-
0796

 Simple solution:
– Search for the CVE-2021-0796 in the Available
patches list
– Select all the computers where the
vulnerability is found
– Patch all the computers
Simple to use
Complex problems can be solved with Simple solutions

 Customer complex problem:

– End-users are using programs not related to
business productivity which are consuming a
lot of bandwidth
– I would like to avoid the execution of that
software (e.g. Zoom.exe)

 Simple solution:
– Add Zoom.exe in the Program blocking
configuration
– Apply the new configuration to the All group.
Configurations are inherited and applied in
Real-time
Simple to use

Reviews and customer quotes talking about the simplicity of our solutions

AV-Comparatives: Business Security Test March-June 2021

 Verdict
– WatchGuard Endpoint Protection Plus on Aether is a very strong product. It is powerful enough for larger
organizations, but simple enough for smaller businesses too. It is very easy to set up, as it requires no on-site server.
There is an excellent, very clean and useful administrative console. This has a clear installation and deployment
workflow. We were particularly impressed with the clean and obvious design of the user interface, and the speed at
which it could be mastered.
 Everyday management
– Protection status and threat detection history are provided on the Status tab/Security page, which opens by default.
There are excellent graphics for detected threats. These include offline computers, outdated protection, and blocked
URLs here. This provides a solid daily overview of issues. We particularly liked it because it provides a headline view of
the status but allows you to click through for more detailed information. See the review here (page 68)
Simple to use

Reviews and customer quotes talking about the simplicity of our solutions

WatchGuard earns IT Pro Editor’s Choice Award.

 IT Pro, one of the UK’s most influential tech websites, has awarded WatchGuard 5 stars in its latest
review of the advanced cybersecurity suite, stating that this “cloud endpoint protection service fills
the gaps other security solutions leave behind.” Not only that, but it has also been awarded the
website’s IT Pro Editor’s Choice Award.

WatchGuard review: Verdict

WatchGuard is a clever cloud security solution that delivers a wealth of endpoint protection features at a great price. It’s easy to
deploy and manage, offers sophisticated data control features and whereas other security vendors stumble with patch
management, WatchGuard has perfected it.

See the review here

Simple to use
Reviews and customer quotes talking about the simplicity of our solutions
Customers’ reviews
“WatchGuard Adaptive Defense 360 proactive approach to
fighting against malicious software gives me peace of mind. It’s
easy to configure, manage, and remediates issues quickly
through its simple to use web interface”
Jeff Smith Technology Systems Administrator at Sacred Heart
Chicago. See more here
“Implementation was very easy and management console
simple to use. A great solution that works very well for our
company needs, protects us from various cyber attacks”
Industry: Construction. See the review here
“WatchGuard Adaptive Defense 360 is now one of the essential
solutions for the security of our information systems. Covering several
aspects of endpoint security, the solution replaces several
applications. The deployment is easy and very fast, even in mobility.
Dashboards are clear and give good visibility to both IT and
management”.
Industry: Finance
“WatchGuard Adaptive Defense 360 is very good for the
detection of malignant files and any type of malware. It also has
a very simple interface to use, is understood in a very simple
way and has all the necessary resources to have protected your
organization”
Industry: Manufacturing. See the review here
Competitive Advantage

Unique protection model including

managed services

12
Unique protection model including managed services

To ensure the maximum protection is our responsibility

Unique protection model including managed services

To ensure the maximum protection is our responsibility

Zero Trust Application Service Suspicious items

Traditional AV programs and Malware
– Complements previous layers other EDR solutions

– Essential for already-infected organizations ↑ Work

Can identify malware and

and to stop lateral movement attacks inside some suspicious items but ↑ Risk
?
the network nothing else
-> Higher success rate in
– Very important also to protect computers / malware attacks
-> Detection gap
servers in organizations with unprotected
computers or with other solutions with Adaptive Defense / Adaptive Classified items
Defense 360
malware detection gaps Malware
Monitors all running processes,
Managed
allowing to run only those Service

The only solution on the market that classifies processes classified as trusted by
WatchGuard.
100% of running processes. Managed service. Maximum Goal
Zero risk
protection without delegating
Only trusted applications are allowed to run. decisions to customers.
Goodware
Unique protection model including managed services

To ensure the maximum protection is our responsibility

Zero Trust Application Service Main benefits

– This managed service is included without extra
cost to all customers acquiring our EDR
(Adaptive Defense / Adaptive Defense 360 / Malware Reduce No over-
WatchGuard EDR / WatchGuard EPDR) under MTTD &
MTTR
whelming
control alerts

No added No user
or hidden delega-
costs tion
Unique protection model including managed services

EDR (AD / AD360 / WG EDR / WG EPDR)

Transversal service included without extra cost to all customers acquiring our
To ensure the maximum protection is our responsibility

Threat Hunting Services

 Living-off-the-land and Fileless attacks are a growing concern: they are more difficult
to detect and make it easier for cybercriminals to attack stealthily
 Hacker detection
 Find attackers using Living-off-the-Land techniques
 Lateral movements
 Identification of malicious employees
 User behavior modeling
 New threat detections in the endpoints
 Indicators of Attack (IoAs) detected and blocked before damage

 Our Cybersecurity Team continuously monitors everything that happens in the

endpoints in real time in the form of event telemetry (12 months).
 In case of a validated breach with a living-off-the-land tech, the Indicator of Attack is
shown in the Web Console and notified by email to customers and partners.
Unique protection model including managed services

To ensure the maximum protection is our responsibility

Threat Hunting Services: From Hunting to Stop the breach

MSP

Hunt Notify Investigate Stop the breach

Expert hunters analyze
any suspicious activity
and hunt proactively
Notifications of Indicators of
Attack detected in the Web
console and by email to
manage them with the
proper urgency
Investigations using Reduce the MTTD & MTTR.
advanced attack 197 days on average before
investigations, graph views, you realize you have been
MITRE information, etc. breached
Unique protection model

To ensure the maximum protection is our responsibility

Our Main competitive

We are the only solution on the market that classifies 100% of

running processes.
Only trusted items are allowed to run thanks to the
Zero-trust application Service

We are the only solution on the market that includes Threat

Hunting Services as part of our EDR solutions
Unique protection model

Weaknesses of competitors security solutions & Additional

competitive advantages OneDrive Copies
Windows Defender’s anti-ransomware protection This protection lets you copy files to
OneDrive, which is a good option,
– The Windows 10 anti-ransomware protection allows however, consider the following:
you to limit the applications making changes to the
system. • High bandwidth consumption
• Some files may not be synced with
– Ineffective against most
OneDrive for lack of time,
ransomware designed to temporary unavailability of the
inject code in all system Internet connection, etc.
processes and encrypt files
• To reduce the effectiveness of
using ‘legitimate’ processes.
backup systems, attackers threaten
That’s because those to disclose the stolen information on
processes are highly likely to the Internet if the ransom is not paid
have been approved by the
user as applications allowed. • The backup may have been deleted
before launching the attack
Unique protection model

Weaknesses of competitors security solutions & Additional

competitive advantages Ransomware and other
advanced attacks
protection
Microsoft Defender Device Guard
Not enough:
– Device Guard can be configured to allow only signed
applications to run. • Doesn’t protect against fileless
attack techniques exploiting
– Defender Device Guard is limited to Windows 10 and
vulnerable applications
later and Server 2016 and later.
• Doesn’t protect against exploit-
based attacks
• Doesn’t protect against
malwareless attacks

All these attack methods are

frequently used by ransomware and
are under control with WatchGuard
Adaptive Defense’s unique protection
model.
Unique protection model

The competition delegates security decisions to customers!

Cybereason ESET

Microsoft Windows ATP

Unique protection model

Additional competitive advantages

 Our EDR solution  Complete visibility

On the Events Events in New

Endpoints Customers the Data binaries
market per day
Lake classified

5+ years +2M Endpoints +70,000 Customers +10.000M +3Trillions +2M every week

 Artificial Intelligence  No suspicious items. No items under investigation

Applications Application Reduced

Reduced
automatically classified by MTTR
MTTD
classified experts

99,98% 0,02% (Mean Time To (Mean Time To

Detect) Respond)
Unique protection model
What are we seeing in customers' organizations?

 Ransomware attacks shot up 500% in 2019 compared to 2018. See article

Unique protection model

What are we seeing in our customer networks?

#Malware-based infection handled by support team per month 2014-2021

Analysts move from reactively responding to compromised “The Zero-Trust Application service can drastically reduce the
customers to proactively notifying them about suspicious threat surface of endpoints.”
activity in their endpoints Gartner Magic Quadrant for EPP, 2018.
Competitive Advantage

Single light agent

25
Single Light Agent

All the security portfolio with a real single lightweight agent

Single agent for the whole portfolio

– Main products: EP / EPP / AD / AD360
– Modules: Advanced Reporting Tool / Patch Management / Data
Control / Encryption / SIEM Feeder
– Managed Services: Zero-Trust Application Service / Threat
Hunting Service

Single light agent

*Only WatchGuard Systems Management requires a new agent Fu lly c lo ud -n a tive
Sing le lig htwe ig ht a g e nt
Ma c hin e Le a rn in g sc o rin g
EPP, EDR, Th re a t Hu n tin g , Ma n a g e d Se rvic e s
Support to a wide range of platforms
– All the Windows family starting in XP SP3 and Server 2003
</ >

Adva nc e d Pa tc h SIEM
Endpo int Fusio n

– Windows and macOS ARM-based systems

Pro te c tio n Plus Re po rting Ma na g e m e nt Fe e de r

Full Da ta

– Linux Endpo int

Pro te c tio n
Syste ms
Ma na g e m e nt
Ada ptive
De fe nse
Ada ptive
De fe nse 360
Thre a t Hunting
& Inve stig a tio n
Ze ro -trust
Applic a tio n Se rvic e
Enc ryptio n Co ntro l

– macOS ENDPOINTSECURITY &

MANAGEMENT
CYBERSECURITY DATA PROTECTION

– Android smartphones and tablets Pa nd a Ae the r Pla tfo rm Fo r C o m p le te And C e ntra lize d Se c urity Ma na g e m e nt

So lutio ns fo r p a rtne rs (MSSPs, MSPs, e tc .) v ia c lo ud -b a se d p la tfo rm a nd APIs

Single Light Agent performance

The WatchGuard agent is extremely light from a performance perspective with the majority
of processing done in the cloud.

 Initial Bandwidth:
• 13MB Installer and communications agent
• 89MB Endpoint protection package
• Bandwidth consumption can be minimized using the CACHE

 Communication with the server:

• Download – 3.2MB/day*
• Upload – 1MB/day*

 Real-time on-access protection:

• 500 KB: Bandwidth used on the first day, when the cache is empty
• 35-100 KB: Bandwidth used after the first day, once the information is cached

 Compatible with other security solutions

• Using the standards recommended by the manufacturer
 Single Light Agent performance
Better protection and better performance is possible

AV-Comparatives 2021 - Overview of single AV-C

performance scores (March-June 2021):

– Tests were performed in Windows 10 64 bits

– WatchGuard obtained the best results in all the
performance tests
Single Light Agent performance

Better protection and better performance is possible

AV-Comparatives 2021 - Performance Test April 2021
The Performance Test evaluates the impact of anti-virus software on system
performance, as programs running in background – such as real time protection
antivirus software – use some percentage of system resources. Taking these tests
as reference, users can evaluate their anti-virus protection in terms of system
speed (system performance).

– Tests were performed in Windows 10 64 bits

– WatchGuard obtained the best results in all the
performance tests

Link:
https://www.av-comparatives.org/tests/performance-test-april-
2021/
Competitive Advantage

Comparison table

30
 Comparison Table
Pa nd a
Ad a p tive Tre nd Mic ro
WatchGuard We b ro o t ka sp e rsky Bitd e fe nd e r ESET So p ho s Se ntine lOne Mic ro so ft Cro wd strike
De fe nse 360

Sing le lig ht a g e nt
Sin g le a g e n t fo r EPP + EDR + m o d u le s    X  X X  X 
Re a l-t im e  X X       
Mo d ule s inc lud e d in the p o rtfo lio
Ad v a n c e d Re p o rt in g To o l **   X X  X    
Pa t c h Ma n a g e m e n t   X   Partnership X Partnership X Partnership
Da t a C o n t ro l   X X    X  X

En c ryp t io n   X     X  X

Pla tfo rms sup p o rte d

Win d o w s          
Le g a c y Win d o w s: XP / Vist a / 2003  X X X X X X  X X

Win d o w s ARM-b a se d syst e m s *  X X X X X X X  X

m a c OS  Partial (AV) Partial (AV) Partial (AV) Partial (AV) Partial (AV)   Partnership 
Lin u x  Partial (AV) X Partial (AV) Partial (AV) Partial (AV)   Partnership 
An d ro id   X       
iO S X  X   X  X  
Ma na g e d Se rvic e s
Ze ro -Tru st Ap p lic a t io n Se rv ic e (100% At t e st a t io n )  X X X X X X X X X
Th re a t Hu n t in g a n d In v e st ig a t io n Se rv ic e  $$$ X $$$ $$$ $$$ $$$ $$$ $$$ $$$
* The compatibility with Windows ARM-based systems is scheduled for Q4-2021 Information updated on October 1, 2021
** Competitors don't sell it as a separate module but they add advanced reports and telemetry
$$$: Option available at extra cost
Competitive Advantage

Summary table

32
Main competitive advantages: Summary table

Feature WatchGuard Endpoint Security

AI based
DETECTION The only solution on the market that classifies 100% of running processes. 99,98% automatically classified using artificial intelligence and big data analytics in the cloud and
0,02% classified by experts
Simple to use
SIMPLICITY WatchGuard Endpoint Security portfolio handles all needs of your Endpoint Security in an outstanding simple way with a single web console.
In minutes
INSTALLATION Easy deployment. No restart required.
Ability to uninstall automatically protections from other vendors
One agent
Single light agent for all Endpoint Security features
PERFORMANCE <5% local CPU usage
Bandwidth consumption minimized using CACHE
Complete visibility
Community model receiving +10.000M events per day
VISIBILITY +3 Trillions events in the data lake
12 months of event telemetry
Unique protection model including managed services
PROTECTION MODEL Zero-trust application service ensuring that only trusted applications are executed. Threat Hunting services in order to detect hackers and insiders' attacks
ENDPOINT DETECTION AND Advanced EDR
Managed services included at no extra cost ensuring that all alerts are effectively managed
RESPONSE (EDR) Threat Hunting services also included at no extra cost
Additional security
ADD-ONS Ability to mature your security level adding modules (add-ons) with the same agent already deployed on endpoints. Patch Management, Encryption Data Control, Advanced
Reporting Tool and SIEMFeeder.
Multi-platform
EDR capabilities included in Windows, Linux and macOS.
PLATFORMS SUPPORTED Support to legacy systems starting in Windows XP SP3 and Server 2003
Support to Windows and macOS ARM-based
Support to Android
Addition Competitive Advantages

34
Mid-size and large accounts
ADVANCED MANAGEMENT FEATURES EP EPP AD AD360

Real-time configuration and deployment of security settings,

tasks and actions from the Web console X X X X

Automatic discovery of unprotected computers X X X X

– Aether Platform, the management platform Remote installation from the Web console X X X X
where all our Endpoint Security portfolio is Filter-based views and actions X X X X
integrated in a single web console, provides Hardware and software information for each Computer X X X X
greater control, flexibility and granularity, Hardware and software reports X X X X
incorporating highly-demanded advanced Granular settings X X X X

features. Settings inheritance with the ability to assign settings

to individual computers X X X X

Computer isolation X X
– These advanced features benefit both clients Ability to block programs by hash or name X X
and partners (more remediation options for Customizable user roles with granular permissions X X X X
providing a better service). User activity tracking X X X X

WatchGuard proxy for isolated computers X X X X

– Not many competitors provide control, CACHE servers for sharing packages
X X X X

flexibility and granularity while keeping the Ability to configure multiple proxies and/or CACHE servers
X X X X
solutions simple and easy to use. Alerts sent from the server for all types of malware
X X X X
Ability to reinstall agents remotely from the Web console X X X X

2FA enforcement X X X X
Service Providers

Simplifying our Service Providers business including

features for
– Managing customers
– Managing the whole licenses lifecycle
– Managing the security remotely

Including unique features

– License pools
– Ability to manage the configuration of multiple
customers. Use cases examples:
• Enable the Lock mode in a cyberattack crisis
• Stablish a password in the anti-tampering
Thank You!