WatchGuard Technologies has announced the WatchGuard Zero Trust Bundle, a package designed to simplify the adoption of Zero Trust security and make it accessible for organizations of any size, especially SMBs and Managed Service Providers (MSPs). The company presents this product as an alternative to traditional “Zero Trust” deployments, which for years have been perceived as costly, complex, and often disruptive to business operations.
Announced on December 17, 2025, the release is built around a clear idea: the problem isn’t that companies don’t want Zero Trust, but that they often try to build it using separate tools — identity on one side, endpoints on another, remote access on a different platform, plus the correlation and response components — resulting in high costs, operational friction, and more “blind spots” than the security measures aim to eliminate.
Context: identities and endpoints under pressure
WatchGuard frames the launch within a scenario where attackers are focusing on identities (compromised credentials, unauthorized access, session abuse) and endpoints (evasive malware, persistence, stealth execution). According to the company, its latest Internet Security Report indicates a 40% quarterly increase in evasive malware and that 70% of malware is now delivered over encrypted channels, a pattern that complicates detection using traditional controls.
In other words: if malicious traffic is increasingly “hidden” by encryption and credential theft remains an effective attack vector, security based solely on perimeter defenses or static rules is less effective. Hence, WatchGuard promotes a narrative of continuous validation: authentication once isn’t enough; identity, device, and context need to be verified throughout the session.
What the package promises: unify identity, device, access, and XDR
The Zero Trust Bundle is presented as a cloud-delivered solution built on a continuous validation architecture. WatchGuard highlights two practical elements to lower deployment barriers:
- A single purchase to cover all capabilities.
- A single agent for seamless deployment within the environment.
At the core of the package, WatchGuard groups together three components:
- Total Identity Security
Includes adaptive MFA, SSO, risk scoring, and a particularly notable feature: Dark Web Credential Monitoring, designed to detect exposed credentials and act before they’re used in attacks. - EPDR (Endpoint Protection, Detection & Response)
Aimed at keeping devices in a “known and trusted” state, with ongoing health checks, automated prevention, and Zero-Trust Application Control. - FireCloud Total Access
The secure access layer focused on cloud, combining FWaaS, SWG, and ZTNA, with the goal of replacing VPNs with faster, context-aware access (user, device, risk, session).
Everything is managed through WatchGuard Cloud and ThreatSync XDR, which provide unified signal correlation, automated containment, simplified licensing, and multi-tenant operation designed for MSPs. This shared governance is described as a Zero Trust Control Plane: a control plane that continuously validates and applies policies consistently.
“Zero Trust works when tools work together”
WatchGuard accompanies the announcement with messaging targeted at its channel and integrators. Andrew Young, chief product officer and SVP of product, summarizes the approach with a phrase that defines the strategy: Zero Trust is not a sum of tools, but a system. He notes that this is the “first step” to unify Zero Trust and modernize security, with plans for this integration to extend “directly” into the network stack over time, creating a continuous and adaptive security model.
Additionally, WatchGuard incorporates third-party insights to reinforce its positioning. Pete Finalle, research manager at IDC (Security and Trust), emphasizes the value of an architecture where identity, device trust, and session enforcement operate natively under a single control plane—something, according to his analysis, that is often not accessible for SME/MSP segments with such a high level of cohesion.
A “market-ready” product: repeatable for MSPs and a replacement for Passport
Beyond the technical pitch, the announcement also reads like a catalog offering: WatchGuard states that the Zero Trust Bundle replaces the legacy “Passport” product and offers a “modern” pathway to advancing Zero Trust maturity with minimal friction.
It highlights five “business” benefits:
- More precise, risk-based access decisions.
- Devices hardened and maintained in good health.
- Secure access without VPN bottlenecks.
- Faster containment through unified signals.
- A repeatable, cost-effective service model for MSPs.
The announcement even includes a testimonial from Felicia King, vCTO/vCISO at QPC Security, underscoring the main promise: enabling rapid Zero Trust deployment without added complexity, enhancing security outcomes for clients.
The real battle: reducing complexity without diluting the concept
In the market, “Zero Trust” has been a ubiquitous but often ambiguous label: each vendor uses it to describe different components. WatchGuard aims to ground it within a packaged offering: identity + endpoint + access + XDR, all under a common control plane. The goal is that adoption among SMBs doesn’t fail due to friction, but because of how easily it can be reduced. The winner will be the one who simplifies Zero Trust without turning it into just a slogan.
Frequently Asked Questions
What exactly is included in the WatchGuard Zero Trust Bundle?
It combines Total Identity Security (adaptive MFA, SSO, risk scoring, credential monitoring), EPDR for endpoints, and FireCloud Total Access with FWaaS, SWG, and ZTNA, all managed from WatchGuard Cloud and ThreatSync XDR.
How does it improve upon a typical VPN-based strategy?
WatchGuard positions it as a replacement for VPNs via ZTNA and policy-based context/session management, avoiding the “all or nothing” tunnel access and reducing friction when risk, device, or identity change.
What is Dark Web Credential Monitoring, and what does it do?
It is a feature integrated into AuthPoint Total Identity Security designed to detect compromised credentials early, allowing organizations to mitigate risks before they’re exploited by attackers.
Does this launch replace any previous WatchGuard products?
Yes. The company indicates that the Zero Trust Bundle replaces the legacy Passport offering as a modern, scalable path to Zero Trust maturity.
via: watchguard