Endpoint security is entering another phase of realignment. WatchGuard has announced a new portfolio of endpoint protection products aimed at challenging one of the most established models in the market: EDR licenses with advanced features sold separately, more cloud storage than necessary, and operational complexity that doesn’t always fit MSPs and medium-sized businesses. The company announced this move on April 8, 2026, accompanied by a clear message: integrate more core capabilities, reduce commercial friction, and make it easier to scale managed services.
The new offering is structured into four levels — Basic, Prime, 360, and Elite — supported by a single agent and a unified management console. WatchGuard states that each license includes proactive features such as vulnerability visibility, device control, and URL filtering—capabilities that, according to the company, are often offered as extras or modules by other manufacturers. Additionally, it enables activation of supplementary services like Core MDR 24/7, patch management, SASE, or MFA directly from WatchGuard Cloud.
A direct assault on the traditional EDR model
The core of the announcement isn’t just the products, but the commercial message surrounding them. WatchGuard suggests that part of the EDR market has become complacent, accepting an ecosystem where many features now considered basic are treated as premium add-ons. In its statement, the company explicitly mentions functions like vulnerability scanning, URL filtering, USB control, or host firewalls as examples of features that, in its view, should be better integrated into the standard offering.
This approach aligns with the target customer profile WatchGuard has pursued for years: MSPs, channel partners, and IT teams with limited resources that need to deploy security across many clients or sites without multiplying consoles, licenses, and manual processes. The company emphasizes that its goal is to enable managed service providers to offer more advanced protection with less operational overhead, leveraging tools like multi-client management, policy inheritance, and automatic updates.
This isn’t just a rebranding. In fact, WatchGuard previewed this reorganization as early as March 5, 2026, explaining that its previous lineup was evolving to better match the current threat landscape. In that redesign, EPP became Endpoint Security Basic, EPDR was rebranded as Endpoint Security 360, and Prime was introduced as a new intermediate level offering EDR with enhanced visibility and less operational burden. Official documentation confirms that Prime was scheduled for global availability starting from April 1, 2026.
More automation, more layers, and a clear focus on managed services
Functionally, WatchGuard aims to address three simultaneous needs. The first is traditional prevention and detection at the endpoint, including ransomware protection, attack surface reduction, and device control—all available within the entire portfolio. The second is the ability to scale managed services through a pay-as-you-go model for MSPs and the option to expand with MDR 24/7 when needed. The third is commercial flexibility, with tiered systems that enable upgrading without starting from scratch each time.
The company supports this message by referencing threat intelligence. WatchGuard claims that its Threat Lab detected a 1500% increase in new endpoint malware variants, citing this to justify the need for automated, intelligent protection. While this data originates from the company itself, it helps illustrate the tone of the launch: endpoint security is again positioned as a critical layer in an environment where attackers automate more, move faster, and exploit the lack of skilled personnel in smaller and medium-sized customers.
Additionally, WatchGuard offers a perspective closely tied to the mid-market. Analyst Jay McBain from Omdia, quoted in the press release, summarizes the core selling point well: many medium-sized organizations face enterprise-level threats but lack the resources and budgets of larger companies. In this scenario, platforms that unify prevention, detection, and response with simplified management become more attractive. Although this quote is part of the manufacturer’s promotional material, it reflects a real market tension: advanced security continues to grow, but not as quickly as the resources available for deployment and operation.
A logical move in an increasingly bundled market
Beyond the promotional tone, WatchGuard’s announcement points to a broader trend across cybersecurity segments: the restructuring of capabilities that used to be sold separately. Customers, especially MSPs, no longer want to accumulate disconnected tools or deal with yearly explanations of why a new add-on is necessary for a feature considered almost standard. They seek less friction, fewer consoles, fewer license discussions, and more ability to activate services on demand without complicating support.
This doesn’t mean the EDR market will change overnight or that all competitors are in the same position. However, it signals an important shift: the focus is no longer solely on AI-based detection but on how to package, operate, and make it cost-effective for channel partners, MSPs, and customers with small teams. In that regard, WatchGuard has chosen to move forward with a proposal that aims to be simpler, more integrated, and easier to sell.
Frequently Asked Questions
What exactly has WatchGuard announced in Endpoint Security?
WatchGuard introduced a new portfolio of endpoint security with four levels — Basic, Prime, 360, and Elite — designed to simplify licensing, include more features by default, and facilitate scalability for MSPs and IT teams.
What are the key differences compared to the classic EDR model?
According to WatchGuard, all licenses now include vulnerability visibility, URL filtering, and device control, along with core protections like ransomware defense and attack surface reduction—reducing reliance on additional independent modules.
What does WatchGuard Endpoint Security Prime entail?
Prime is a new intermediate tier within the lineup, aimed at providing EDR with enhanced visibility and protection while reducing operational overhead. WatchGuard indicated it would be available globally starting April 1, 2026.
Is this offering primarily designed for MSPs?
Yes. WatchGuard emphasizes that the platform is tailored for MSPs and resource-constrained IT teams, featuring multi-client management, policy inheritance, automatic updates, and a pay-as-you-go model for managed services.
via: watchguard