IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WatchGuard EPDR review: An incredible range of security measures

Clever cloud-managed endpoint protection with a wealth of innovative security measures at a good price

The WatchGuard user interface
£1,693 25 seats, 1-year subscription, exc VAT
  • Clever anti-theft feature
  • Expensive

WatchGuard has a fine reputation in the network security space and its acquisition of Panda Software has allowed it to complement its firewall appliances with enterprise-grade endpoint protection. Three versions are available; we reviewed the top EPDR (endpoint protection, detection and response), which delivers a heap of security measures including some you'd be hard-pushed to find elsewhere.

You won't need to worry about extra management overheads. EPDR is fully integrated into the WatchGuard Cloud portal, so you can remotely monitor and manage all your Firebox appliances, security policies, wireless access points and endpoint protection services from one console.

Instead of relying on reactive signature updates, EPDR analyses and classifies every app being run and blocks those it doesn't know about. It won't stop them running permanently as WatchGuard's cloud service runs background checks on the app and instructs the endpoint client to let it through if it is cleared as safe.

Initially, EPDR can be run in a passive audit mode to gather information about your everyday apps. When you're happy with the results, you can enable a "hardening" mode that allows pre-installed unknown apps to run but blocks them from accessing external data sources, or choose the Lock mode to fully protect against zero-day attacks and freshly released malware EPDR provides file, web and email anti-malware scanners and teams them with a Windows client firewall, removable device controls and a Windows shadow copy service for recovering ransomware-encrypted files. 

The web content-filtering service uses the same database as WatchGuard's Fireboxes and offers 118 URL categories that can be blocked or allowed. The main cloud portal provides a status overview of all licensed products, and selecting the EPDR heading opens a new page with full access to all functions. Agents for Windows, Linux and macOS systems can be pulled down directly from the console's Computers page, or you can email users with a download link. 

A nice touch for LAN deployment is that the first system to receive an agent is automatically nominated for network discovery duties. Using a Windows 10 PC as a discovery client, we left it to scan the network, selected desktops and servers from the list and pushed the agent to them.

You can send a QR code to Android users for the mobile security app, which provides malware protection and a clever anti-theft feature that secretly emails a photo of the user after three failed unlock attempts. 

New to EPDR is iOS support, where it provides a built-in mobile device management (MDM) service for Apple's push notification service and certificate signing requests. The portal dashboard provides an overview of your security posture with charts and graphs for endpoints, trusted apps, malware, exploits, PUPs, apps currently being examined and a rundown of website access. WatchGuard's new "indicators of attack" service maps threats to the Mitre ATT&CK matrix and shows their evolution from reconnaissance and access through to detected lateral movement and data exfiltration attempts.

Policies control all endpoint security services and can be assigned to individual computers and custom groups. Threat responses are quick: when we ran our ransomware simulator on protected Windows clients, warnings were posted in the dashboard in one minute with email alerts flying in 15 minutes later.

WatchGuard's EPDR isn't the cheapest option but it makes up for this with an incredible range of security measures. Smart detection and response services harden threat protection even further and seamless integration with the cloud portal allows all WatchGuard security products to be managed from one place.

Featured Resources

What 2023 will mean for the industry

What do most IT decision makers really think will be the important trends and challenges in the coming year?

Free Download

2022 Magic quadrant for Security Information and Event Management (SIEM)

SIEM is evolving into a security platform with multiple features and deployment models

Free Download

IDC MarketScape: Worldwide unified endpoint management services

2022 vendor assessment

Free Download

Magic quadrant for application performance monitoring and observability

Enabling continuous updating of diverse & dynamic application environments

View Now


Cloud security market to hit $106 billion by 2029
cloud computing

Cloud security market to hit $106 billion by 2029

11 Apr 2022

Most Popular

Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
GTA V vulnerability exposes PC users to partial remote code execution attacks

GTA V vulnerability exposes PC users to partial remote code execution attacks

23 Jan 2023
European partners expect growth this year, here are three ways they will achieve it

European partners expect growth this year, here are three ways they will achieve it

17 Jan 2023