Skip to main content

Guardz MDR Services

Updated over a week ago

What is it all about?

MDR (Managed Detection & Response) is a cybersecurity service that combines advanced technology with human expertise to help organizations:

  1. Continuously detect threats across endpoints and identities.

  2. Investigate and triage alerts to separate real attacks from noise and false positives.

  3. Respond to incidents in real time, containing or remediating them before damage spreads.

  4. Provide 24/7 monitoring, so organizations aren’t left exposed outside of business hours.

Please note:

  • Guardz operates a follow-the-sun SOC model with analysts distributed across North America, Europe, and Asia-Pacific. This structure ensures 24/7 monitoring with geographically distributed coverage.

  • MDR is only available for customers on the Ultimate plan.

  • The automated actions and SLAs are tailored to each incident type and analyst assessment (rather than documented in a single uniform list).

MDR service models

Guardz provides MDR services that can be delivered in two primary models. Both models are powered by the same dedicated SOC team, ensuring consistent monitoring, triage, and incident handling.

1. MDR as Part of the SentinelOne Managed Package

  • Customers purchase and deploy SentinelOne agents directly through Guardz.

  • Once deployed, the Guardz SOC team provides continuous monitoring of all endpoint activity and security alerts.

  • Any suspicious activity or confirmed incidents are investigated and handled directly by the MDR team as part of the managed service.

2. MDR on Top of ITDR

  • In this setup, the SOC team monitors incidents detected by Guardz ITDR services

  • The MDR team performs full incident response, investigation, and escalation as needed, ensuring security incidents are actively managed rather than left unattended.

Activating the Service

​​Customers don’t need to take any special action to enable MDR. As soon as they purchase the Ultimate plan and have their SentinelOne agents deployed, the service is activated automatically.

The only requirement is to provide basic policy preferences and contact details (your own MSP contact details), which allow the Guardz SOC team to tailor responses and escalation paths to the organization’s needs.

Policies Configuration

1. Provide emergency contact information:

  • Go to the ‘Security Controls’ tab and open the ‘MDR’ section

  • Click on the edit button under the ‘Emergency Contact & Preferences’ section and provide the relevant information

  • Click ‘Save Globally’

  • To change the settings for a specific customer, select the relevant tenant and override the global information by entering different contact details at the customer level

2. Set the preferred emergency approval process (managed by the MDR team)

  • Admins are required to provide the MDR team with their preferred method of response once an incident or issue is detected:

    • Take action immediately

    • Wait for admin approval

  • Go to the ‘Security Controls’ tab and open the ‘MDR’ section

  • Click on the edit button under the ‘Emergency Contact & Preferences’ section and provide

  • Select your preferences

MDR Workflow Overview (High-Level)

Below is the standard flow Guardz MDR follows from detection to closure:

1) Validation & Triage

The MDR team validates the alert to confirm whether it is:

  • No-impact

  • Or suspicious and requires action

At this stage, we determine: urgency, impacted user/device and initial scope and confidence.

2) Classification & Context Gathering

If action is needed, the MDR examines the broader context such as:

  • Incident type and classification

  • Related detections and indicators

  • Relevant user/device/account information

  • Whether it is a broader campaign (example: phishing campaign behavior)

3) Customer Contact Decision (when required)

Not every incident requires customer involvement.

The MDR team will take an action if permitted to, according to the customer defined policies. If indeed required, the team will:

  • Contact the primary security contact

  • Confirm unusual activity

  • Request additional information when necessary

  • Align on response actions

4) Response Actions

As detailed above, when a response is required, Guardz MDR takes action based on configured permissions. Typical actions may include:

  • Quarantining a file

  • Isolating a device (endpoint containment)

  • Suspending a user

  • Providing further remediation guidance to the admins

5) Resolution & Closure

MDR verifies:

  • The threat was contained

  • Risk is no longer present

Incidents are then may be formally closed.

Related Articles
Guardz Applications for Google
Introduction to ITDR
ITDR: From Detection to Resolution in One Click
Services Level Agreement (SLA)
ITDR now supports Google Workspace
Did this answer your question?