Skip to main content

Introduction to Endpoint Security

Updated yesterday

What is it all about:

Endpoint security threats can compromise an organization's confidential data, financial stability, and user identities. The Guardz endpoint agent ensures that security admins can protect and monitor company-managed laptops and desktops from malicious threats by providing Managed Antivirus and Device Posture security.

For more advanced EDR (Endpoint Detection & Response) security, Guardz is partnered with SentinelOne to embed real-time active device protection directly into the platform. This ensures endpoints benefit from the most advanced detection technology, with expert threat analysts in the loop via MDR (Guardz Managed Detection & Response).

Agent Types:

1. Guardz Agent:

With the Guardz agent we provide two primary security capabilities for endpoints:

  1. Device Posture Monitoring – identifies gaps in security settings, OS updates, AV tool versions, firewall status, disk encryption, and more. Security risks will generate issues in the platform including actionable playbooks for administrators to remediate.

  2. Managed Antivirus (AV) with Active Protection – works in sync with Windows Security Center to enforce security policies, detect and respond to threats with a single click, and continuously monitor all devices through Microsoft Defender.

2. SentinelOne agent (licenses included for ‘Ultimate’ customers):

The SentinelOne agent provides real-time threat detection using AI engines to block ransomware, fileless, and zero-day attacks without relying on the cloud. It autonomously responds by killing malicious processes, quarantining files, and rolling back changes. Additional capabilities include adaptive firewall control, device access restrictions (USB, Bluetooth, HID), centralized policy management, integrated threat investigations with MITRE and VirusTotal, and vulnerability scanning for third-party apps.

  • ‘Bring Your Own’ Licenses

    In this scenario, the customer already has SentinelOne agents deployed on their endpoints and does not wish to migrate to Guardz managed licenses. There’s no need to reinstall or reconfigure the existing setup. Through our API integration, Guardz consolidates the SentinelOne telemetry, allowing customers to view and manage all security issues directly through the Guardz portal.

    Please note: these licenses are NOT monitored or secured by the 24/7 Guardz MDR team

  • SentinelOne ‘Managed’ Licenses

    For Ultimate Plan customers that are migrating their SentinelOne endpoints or deploying SentinelOne for the first time, Guardz simplifies provisioning and deployment while facilitating a fully managed service:

    • A dedicated MSP account is provisioned on the SentinelOne platform

    • For each tenant under the MSP, a new site and site token are generated, enabling agent deployment on that tenant's endpoints

    • The MSP can optionally enable console access, granting them direct visibility into their SentinelOne environment. Service users are available for API access

    • Once deployed, the Guardz MDR team begins actively monitoring the environment, mitigating threats and communicating directly with the MSP as required to ensure fast response and expert support

Ongoing Management

Updating & Managing the Device Agent

Guardz and SentinelOne agents automatically upgrade themselves to newer versions.

If the installed Guardz agent version is 0.0.87 or below, it is recommended to uninstall the agent and deploy an updated version to enable the auto-upgrade functionality.

Device Management & Monitoring

The ‘Devices’ view in Guardz provides an overview of all enrolled devices—meaning devices with either the Guardz or SentinelOne agent installed.

To access the view go to the ‘Devices’ section via the left navigation:

Key Fields Appear in the ‘Devices’ View:

  • Device details such as: Hostname, Serial, Linked users, OS, OS version and status

  • Agent details such as: Agent Type (Guardz, SentinelOne, or both), Version, Status, 3rd Party AV

  • Please note:

    • If both agents are installed, the Guardz agent will appear in ‘Passive’ mode

    • If a 3rd party AV is installed, the Guardz agent will appear in ‘Passive’ mode

Actions Admins Can Perform via the “Devices” View:

  • Use filters to identify high-risk devices

  • View issues related to each device

  • Export device data or telemetry as a CSV report for further analysis

  • Isolate a device

  • Uninstall an agent from a specific device

Handling Detected Issues

All issues detected by either the Guardz agent or SentinelOne will appear under the same security control within 3 issue types (Endpoint Posture, Antivirus Threat and Antivirus Policy) in the ‘Detection & Response’ section.

To remediate the issue:

  1. Click on the relevant issue record

  2. Review the detection details and click on remediate

  3. Select the desired remediation method (manual / automatic) and click ‘Continue’

  4. Review the summary and take further action items if required

For more information about remediation options for SentinelOne detections, please refer to this article.

Device Isolation & Incident Response

If ransomware or malware is detected, Guardz allows admins to isolate the device from the network to prevent further compromise.

How to isolate a device:

  1. Go to the ‘Detection & Response’ section and filter by ‘Endpoint Protection’

  2. Locate the affected device

  3. Go to the ‘Devices’ section and click on the relevant device

  4. Scroll down and click on the ‘Isolate Device’ button to block all network activity

Device isolation can be executed regardless of the installed agent type.

Related Articles
Enhanced Endpoint Security (Release Notes August 2023)
SentinelOne Integration (Release Notes July 2024)
Guardz + SentinelOne Integration Guide (BYO-S1)
SentinelOne (S1) Integration and MDR (Release Notes September 2024)
Ultimate Plan feat. SentinelOne (Release Notes January 2025)
Did this answer your question?