Monday, September 25, 2023

WatchGuard Endpoint Protection Platform review

WatchGuard is a US company based in Seattle, Washington specializing in network security solutions including endpoint protection.

The company was first founded in 1996 and their flagship product was a single firewall program. Since then WatchGuard has created any number of security solutions, as well as growing through acquiring other organizations like Madrid-based Panda Security in 2020.

WatchGuard claims its endpoint security solutions offer an intuitive, cloud-based console to manage devices, allowing threats to be detected and prevented simply without the aid of an army of security engineers. We're all for keeping life simple but is this really one of the best endpoint protection software platforms out there? 

WatchGuard EPP: Plans and pricing

(Image credit: WatchGuard)

WatchGuard EPP: Plans and pricing

The good news is that WatchGuard allows interested parties to secure up to 100 endpoint devices with a 30-day free trial. No payment information is required upfront.

We mention this as this is one of the few points on which we're certain about WatchGuard's endpoint offerings. The site doesn't seem to have a pricing or plan comparison page.

From accessing the free trial and examining the various licenses available, we were able to discover there are in fact a number of solutions: WatchGuard Advanced EPP, EDR, EPDR and 'Advanced' EPDR.

For the sake of simplicity we chose a trial of WatchGuard EPP, though this doesn't tell the full story: users can subscribe to additional 'security modules'. These handle tasks like patch management, full disk encryption and multi-factor authentication. It's not clear if these cost extra but the cloud console does require users to set up a separate license. This is in contrast to other Endpoint Protection Platforms we've reviewed, which usually bundle features like full-disk encryption with a standard subscription.

When we clicked on the 'Activate' button out of sheer curiosity, we found the page failed to load, even after following the website's advice to clear the cookies.

WatchGuard EPP: Features

(Image credit: WatchGuard)

WatchGuard EPP: Features

Having called out WatchGuard for lacking a page comparing plans and pricing, the main website does have a dedicated page and datasheet on WatchGuard EPP itself.

This is where we learned that the NGAV (Next-Gen Antivirus) goes beyond simple signature based antivirus detection (we were able to confirm this) and provides detailed, real-time detection and reporting. The WatchGuard agent is able to "freeze" (quarantine) malware.

Another feature we're delighted to confirm is that the agent software is compatible with a huge range of devices including Windows, Windows Server, Windows for ARM devices, macOS, Android and iOS. This makes WatchGuard EPP by far the most cross-compatible platform we've ever reviewed.

The platform can also provide a managed endpoint firewall though during our tests (see below), the platform seemed content to allow the Windows 11 firewall to manage threats and we saw no reason to tamper with it.

The cloud console itself is proactive about patch management (another feature we trialed), suggesting security updates as soon as our test endpoint was detected.

WatchGuard EPP: Setup

(Image credit: WatchGuard)

WatchGuard EPP: Setup

After registering an online account with WatchGuard in order to obtain a free trial, we were asked to select a cloud storage data region. (There's a choice of America, Europe or Asia Pacific). Our advice is to choose wisely as once you make a selection, you can't change your data region.

On first login to our WatchGuard cloud account we chose 'Start a Trial' for Endpoint Security. From here you can choose the specific product and modules you want to try out - in our case WatchGuard EPP and Patch Management. We noted that certain security modules like 'Advanced Reporting Tool' aren't available for the standard EPP solution.

On first login it wasn't immediately clear where to go to set up endpoints but after choosing 'Configure' and agreeing to the License, there was no missing the 'add computers' button in the center of the screen.

This was where we started to encounter issues. The agent software downloaded to our Windows 11 test machine very quickly, but after the installation was supposedly complete the program started 'finishing up' by downloading and installing additional components. Twice the installer hung on the 'Getting knowledge' stage and went no further. Our third install attempt simply terminated halfway through. Finally we reset our Windows 11 test machine to factory settings once again and were able to install the agent on the fourth try.

As readers learned in the introduction, WatchGuard acquired Panda Security in 2020. We assume this to be the reason that the agent software is called 'Panda Endpoint Protection Plus'. We mention this, as we initially panicked thinking we'd installed the wrong product. 

WatchGuard EPP: Interface

(Image credit: WatchGuard)

WatchGuard EPP: Interface

The glitchy setup aside, the Panda agent (as we must now call it) opens quickly and offers an excellent overview of both antivirus and firewall settings. Endpoint users can trigger their own scans and view files in quarantine.

However, WatchGuard's cloud console is where the platform really comes to shine. True, we'd have appreciated an idiot-proof "Add Devices" button on first login but the options along the top of the window such as 'Dashboard' and 'Monitor' are clear.

While we're talking dashboards, the main screen provides a very clear view of the number and type of active alerts, as well as a dark web scan for detecting data breaches. Scrolling further down reveals a helpful infographic of your endpoints broken down by type such as 'Protected' or 'Installation Errors'.

If we have one small criticism, it's that the 'Configure' > 'Endpoints' option by default seems to display Security Settings rather than a list of devices. Still, when you click into a device the cloud console provides an excellent, terse summary of key information like the machine name, IP address and last login. There's also a dedicated 'Security' section showing a colored, bulleted list of which features are enabled such as 'File Antivirus' or 'Firewall'.

WatchGuard EPP: Performance

(Image credit: WatchGuard)

WatchGuard EPP: Performance

When reviewing Endpoint Protection Platforms, our first test is always to try to download a fake computer virus, provided by the good people of EICAR. 

We opened the Microsoft Edge Browser on our Windows 11 test machine with the 'Panda' agent installed and navigated to the site containing the malware. Although WatchGuard's 'Web browsing antivirus' was supposedly enabled the agent didn't interfere with us loading the website, although Edge itself did try to prevent us downloading the fake virus in compressed (ZIP) format.

We next tried to extract the virus. A few moments later the Panda Agent leapt straight to life and informed us that it had quarantined the threat via a pop-up. We clicked in to learn more information and read a full report as to the nature of the 'malware'.

Our next test was to try to copy a new, real trojan virus that we'd caught in the wild to the 'Downloads' folder of our test machine. We do this in order to make sure that EPP antivirus can detect threats based on file behavior, not just through signature analysis. Sure enough almost as soon as the file was copied to 'Downloads' it was immediately quarantined and removed by the Panda Agent.

Our final test involves logging in to the cloud console to check if the threats had been detected. We went to 'Configure' > 'Endpoints' and clicked into the overall 'Status' but nothing showed in the 'Risks' category. Similarly the 'Security' section of the Status area showed no threats detected by antivirus. 

We were able to remedy this by right-clicking the agent in the system tray and choosing 'sync', at which point the detected threats were shown in a helpful graph. We were also able to click in to view a more detailed list explaining the nature of the two viruses.

WatchGuard EPP: Final verdict

There's no disputing WatchGuard's Panda Agent passed our malware detection tests, though we noticed that it took a few seconds for it to quarantine files. Still, when we ran our tests again to see if we could run the files before the WatchGuard platform could detect the threat we found that even when we ran the virus program, the Panda Agent stopped it in time.

The cloud console itself is very easy to navigate and the menu options are well laid out. Our only critique is that it was a little sluggish when it came to threat reporting, only displaying alerts when we manually synced the software agent.

Despite our best efforts, we couldn't find any issue on our end during setup which would have led to the installer crashing 3 times before working. We used a clean install of Windows 11 in our test machine with no third-party programs installed beside the agent itself. 

On the plus side, WatchGuard offers a 30-day free trial of all its endpoint security solutions, so you have nothing to lose by registering and trying to deploy the agent on your organization's devices. 

We've featured the best cloud firewalls.

0 comments:

Post a Comment

!!!!!!!!!!

Popular Posts

Categories

Blog Archive