Watch Andy Cormier, Syncro’s Channel Chief, and Doni Brass, Senior VP of Product Strategy at Guardz, walk through how the Syncro + Guardz integration brings unified, agentic cybersecurity into a single MSP workflow.
ThThe Syncro + Guardz partnership webinar, hosted on June 2, 2026, brings together Andy Cormier (Channel Chief, Syncro) and Doni Brass (Senior VP of Product Strategy, Guardz) for a deep-dive look at what makes this integration stand out in the MSP security space. The session covers the philosophy behind the partnership, a full live demo of the Guardz platform, a breakdown of plans and pricing, and an extended Q&A with attendees.
Key Topics Covered:
- Syncro Marketplace provisioning: Set up new Guardz accounts and customer trials directly from Syncro.
- Two-way alert/ticket sync: Guardz alerts open as Syncro tickets; closing the ticket resolves the alert in Guardz.
- Universal billing integration: Ingest per-customer Guardz usage daily and map it to recurring invoices automatically.
- No minimums, no commitments: Billed only for what you consume each month.
- Existing Guardz customer migration: Partners on Pax8 or Guardz Direct can migrate to Syncro for consolidated billing.
- Agentic triage engine: AI-driven alert enrichment, false-positive filtering, and automated response actions.
- 24/7 MDR team (Ultimate plan): Human analysts review incidents, take response actions, and escalate to Partners.
- Per-user licensing model: One license covers all devices for that user, desktop, laptop, or both.
- Guardz platform pillars: Unified security controls (ITDR, EDR, email, SAT, dark web monitoring, cloud data) in a single data lake.
- Checkpoint Avanan (email) + SentinelOne (EDR) integrations: Best-in-class partners embedded within Guardz.
- Prospecting reports: External domain risk scan, branded with your logo, to start security conversations with prospects.
- Security Business Reviews: Branded quarterly reporting for existing clients without exposing the Guardz brand.
- Agentic reporting (coming soon): AI-generated, fully customizable reports built via natural language prompts.
- White-labeling: All customer-facing touchpoints (training portal, notifications, quarantine releases) carry your brand.
- Pro vs. Ultimate plan breakdown: Pro is self-managed with managed AV; Ultimate adds 24/7 MDR and SentinelOne EDR.
- NFR / Community Plan: Available on the Pro plan for Partners protecting their own environments.
The Shared Philosophy: One Portal for Everything
Syncro was built on the belief that no MSP should need a dozen point solutions to run their business. Both the RMM and PSA live in a single portal with a single login. Guardz operates on the same principle for security: endpoint protection, email security, identity threat detection and response (ITDR), security awareness training (SAT), dark web monitoring, and MDR/SOC services all in one portal, one login, one data lake. That alignment is the foundation of this partnership.
What the Integration Actually Delivers
Partners can provision new Guardz accounts, including customer trial instances, directly from Syncro’s App Center. From there, the integration connects in three key ways. First, all Guardz alerts automatically open as tickets in Syncro’s PSA, with a two-way sync that resolves the Guardz alert when the ticket is closed. Second, the universal billing integration pulls per-customer Guardz usage into Syncro daily and maps it to recurring invoices, eliminating manual license quantity adjustments. Third, there are no minimums or time-based commitments. Partners pay only for what they consume each month. Partners already using Guardz through Pax8 or direct can migrate their existing instance to Syncro to gain consolidated billing.
How Guardz Works: The Agentic Security Stack
Guardz protects the full user-centric attack surface, including identity, inbox, endpoint, cloud data, and dark web exposure, through a unified set of security controls that all feed into a single data lake. The platform builds a behavioral baseline for each user (normal working hours, device, location, user agent), then uses agentic triage to surface anomalies, filter false positives, automate low-risk response actions, and enrich incidents before handing them to the Guardz MDR team for human review, all within minutes of an initial detection.
For email security, Guardz partners with Checkpoint Avanan. For endpoint detection and response (EDR), it partners with SentinelOne. These are not stripped-down versions: Ultimate plan Partners get full Checkpoint Advanced Email Protection console access and near-full SentinelOne capabilities, with only minor settings restrictions to protect the Guardz integration.
Licensing: Per User, Not Per Device
Guardz is licensed per user, not per endpoint. A user with both a laptop and a desktop is covered under a single license. The minimum Microsoft license requirement is Business Standard or above. No premium Microsoft licensing is required.
Pro Plan vs. Ultimate Plan
Pro is self-managed. It includes all core Guardz security controls (ITDR, email via Checkpoint Advanced Email Protection embedded in Guardz, dark web, SAT, cloud data) plus a Guardz endpoint agent that functions as managed AV, using Windows Defender or Mac XProtect with posture-level detection and response. Pro does not include SentinelOne EDR or access to the Checkpoint Avanan console.
Ultimate adds SentinelOne EDR, full Checkpoint Avanan console access, and 24/7 MDR coverage from Guardz’s internal analyst team. The MDR team can suspend users, revoke sessions, and isolate devices, with permissions configurable per customer. Partners can set which customers get fully autonomous response and which require escalation before action is taken.
A future higher tier is in development that will include Checkpoint Complete, adding outbound DLP and encryption.
Prospecting and Reporting Tools
Guardz includes a prospecting report tool that scans a prospect’s external domain, checking DNS configuration, dark web exposure, and known compromised credentials, and produces a branded PDF report within a few hours. The report carries the MSP’s logo and contact information, with no Guardz branding visible to the prospect’s business owner.
For existing clients, Security Business Reviews (SBRs) provide branded quarterly reporting on risk posture, detections, and resolved issues, written for a business audience rather than a technical one. Compliance mapping is available for frameworks like HIPAA, with evidence exportable as CSV or PDF for audit use.
Guardz also previewed agentic reporting: a natural language interface for building fully customized reports from the Guardz data lake, with AI assistance for structuring and styling. Templates can be saved and reused across the client base.
White-Labeling
All customer-facing elements, including the training portal, phishing simulation notifications, quarantine release emails, and the user-facing domain, can be white-labeled with the MSP’s own brand and domain. The Guardz brand is not surfaced to end users by default.
NFR / Community Plan
An NFR option is available on the Pro plan, referred to internally as the Community Plan, designed for Partners to protect their own environments. Contact Syncro after setting up an account to have this configured.
Welcome
Andy Cormier: All right. Well, hello, everybody, and welcome to our Syncro + Guardz Partnership webinar. My name’s Andy Cormier, I’m the Channel Chief here at Syncro, and I’m joined by Doni Brass, Senior VP of Product Strategy at Guardz. How’s it going, Doni?
Doni Brass: Going great, sorry about that. Mute got stuck.
Andy Cormier: Today we’re going to be taking a deep dive into Guardz to see what makes this partnership truly special. Now, out of all the vendors Syncro makes available through our marketplace, Guardz is far and away the most aligned to Syncro’s existing model and belief system. Syncro offers an end-to-end solution for MSPs — both the RMM and PSA live in a single portal with a single login, and that’s how you manage your entire business. Traditionally, in the security space, you’ve got separate portals for endpoint security, email security, security awareness training, identity protection or ITDR, dark web monitoring, and MDR/SOC services. It’s a bit of a mess. Enter Guardz, who basically says it doesn’t have to be.
They’re effectively all of those services in a single portal, with a single login — and that’s how you manage the security facet of your business. That’s why we were so interested in bringing Guardz into the Syncro ecosystem. The shared belief that no MSP wants a dozen point solutions to run any aspect of their business is foundational to both of our companies.
What the Partnership Brings
Andy Cormier: So, what does this partnership actually bring? First, you can provision new Guardz accounts directly through Syncro’s Marketplace — including setting up customers in trial states.
Then there’s the integration. All alerts raised in Guardz can be opened directly in Syncro as tickets. That includes a two-way sync: when tickets are closed in Syncro, those alerts are simultaneously resolved in Guardz.
There is also our universal billing integration. This allows you to ingest per-customer usage on a daily basis into Syncro and map that usage to any given customer’s recurring invoices — which means you can bill your customers for dynamically changing counts of licenses each month without ever having to manually adjust those quantities in your PSA.
One of the biggest benefits of buying anything from Syncro’s Marketplace is that there are no minimums you have to meet, and no time-based commitments. You simply get billed for what you consume each month, nothing more, nothing less. All technical support is provided directly by Guardz.
And lastly, if you’re already a Guardz customer through a distributor like Pax8 or even Guardz Direct, you can migrate your existing instance over to Syncro to get access to our universal billing functionality, as well as having everything billed on a single invoice.
Guardz Platform Overview
Doni Brass: This world is moving fast. The last 3 to 6 months — more has changed in how AI and agentic workflows have disrupted what we do — and we’ve seen it amplified on the security side, both on the offensive side of attackers and on the defensive side of how we respond.
Guardz has actually shifted quite a bit to adapt to this new world. We’re really embracing agentic SecOps as the way MSPs are going to need to address security. Security is only as good as your ability to execute on it. If you can’t operationalize the security you’ve built — it doesn’t matter if you have the best stack in the world — if you don’t have the people and operations in place, it fails.
Our vision is protecting small and medium-sized business workspaces by empowering the partners they trust with the technology they need. And our mission is redefining cybersecurity specifically for MSPs.
Why MSPs need this: MSPs are under pressure. Alert fatigue, talent shortages, 4 to 6 different security vendors generating separate invoices, dashboards, trainings, and update cycles. On top of that, threats are evolving and require modern approaches to identify them. Guardz was built with the multi-tenant MSP experience in mind — not just security, but operational efficiency and business growth.
The Four Pillars of Guardz
Doni Brass: At the end of the day, what does it mean to redefine security in the agentic era? Four main pillars:
1. Unified security controls: Connecting identities, endpoints, email, and cloud data into a single platform with a single detection and response engine.
2. Expertise without complexity: An intelligence layer that constantly learns about your clients and guides you on what actions are required.
3. Operational efficiency: Agentic AI cuts through alert fatigue in the triage process. Less noise, more efficiency.
4. Trust: 24/7 MDR coverage in Ultimate and higher tier plans — human analysts in the loop who take response actions and communicate through any incident response.
The Layered Security Story
Doni Brass: Let me tell you a story about how Guardz protects against a phishing attack end to end.
It starts before the email even arrives — with a scan of your mail server. We check if your DMARC, SPF, and DKIM are configured properly to avoid spoofing. We also check the dark web to see if specific users have leaked credentials and are likely targets.
Then our email security engine engages — Guardz partners with Checkpoint Avanan for best-in-class phishing and email protection. Still, some attacks get through. That’s where security awareness training comes in — including an adaptive version in development that replicates the actual attack types hitting your users to harden their training.
If a user clicks a link anyway, ITDR kicks in. Identity Threat Detection and Response watches Microsoft or Google Workspace logs for anomalies — logins from unexpected locations, mailbox rule changes, session hijacking. And if something is downloaded to a device, SentinelOne EDR picks it up. When ITDR or EDR detects a threat, response actions kick in: suspend the user, isolate the device, take the risk offline.
Andy Cormier: And one of the most interesting things for me is that all of this is one SKU at one rate, period. You’re not looking at 300 different SKUs with acronyms you don’t recognize and pricing you can’t decode. That’s by far my favorite part.
Doni Brass: And everything maps back to the user — which user is at risk, what’s happening with their device and inbox. That user-centric approach means you can quickly identify, isolate, or communicate about a specific person in a very practical way.
Plans Overview
Doni Brass: We have two live plans today — Pro and Ultimate.
Pro: Managed by you. Includes all core security controls — ITDR, dark web, email via Checkpoint Advanced Email Protection (embedded within Guardz), SAT, and cloud data. Endpoint protection in Pro is a Guardz endpoint agent — essentially managed AV using Windows Defender or Mac XProtect. No SentinelOne EDR, and no Checkpoint Avanan console access.
Ultimate: Managed by Guardz. Adds SentinelOne EDR, full Checkpoint Avanan console access, and 24/7 MDR coverage. The MDR team monitors all detections — including email threats — and connects them with the rest of MDR detections.
A higher tier is in development that will include Checkpoint Complete — adding DLP and outbound encryption.
Licensing
Andy Cormier: Guardz is licensed per user. If a user has both a laptop and a desktop, both are covered under a single license. It’s no longer “they’ve got two endpoints, I’m charging twice.”
Doni Brass: The only real Microsoft licensing requirement is Business Standard or above. No elevated Microsoft licensing needed.
Platform Demo: Agentic Triage in Action
Doni Brass: Let’s jump into the demo. The Guardz dashboard gives you a radar view of your security controls — ITDR, dark web, cloud data, email, endpoint, security awareness. It’s multi-tenant, so you can toggle between an all-customer view and a single customer view.
Here’s a user with an active incident: Anomalous OAuth Device Code Flow Activity. You get an AI summary, top observations, and you can kick off an AI investigation from the side panel — asking questions in natural language and getting a full timeline. Within 10 to 15 minutes of the initial detection, the MDR team had already commented with context on what happened, and action was underway.
Everything is transparent — no black box. The autonomous analyst logs every investigative step, the evidence behind each decision, and the log lines supporting it. You can drill into any of it.
User-Reported Phishing — Autonomous Workflow:
A user clicks the Microsoft “report phishing” button. In a normal workflow, you’d manually review the email header, check the sender, re-scan it, identify if others received it, quarantine those copies, add the domain to a block list — 15 to 20 minutes of monotonous work, happening constantly.
In Guardz, the autonomous analyst handles it: checks the full user environment, quarantines matching emails across all affected inboxes, runs baseline analysis, IP reputation, geolocation, post-compromise checks — all within seconds. You wake up to information, not a decision backlog.
MDR Permissions and Per-Customer Configuration
Andy Cormier: For people getting into MDR — can you set response permissions on a per-customer basis? Like, customer A gets full autonomous response, customer B needs to be notified first?
Doni Brass: Absolutely. In Security Controls, you can pre-approve the following MDR actions per customer: suspension of accounts, revocation of sessions, and device isolation. Those are the strong, reversible response actions you want the MDR team to be able to take at 2 a.m. without waking you up.
You wake up to a summary of what happened and how it was handled — not a critical decision that’s been sitting for four hours. If a client has internal IT staff, you can configure them as the emergency contact with an escalation path to your team as needed. We support co-managed environments with RBAC and tiered access.
Global Settings and Multi-Tenant Policy Management
Doni Brass: Everything in Guardz has a global setting with a per-customer override. Email protection policies — phishing confidence levels, quarantine vs. spam workflows, user quarantine release permissions, daily digest settings — all configured globally, then overridden at the customer level as needed. Same model applies to SentinelOne and Checkpoint policy management.
For portal access, you can spin up staff users with access to specific accounts or all accounts, and client users with access to their own account only. For SentinelOne, console access is available as a tenant user.
Security Awareness Training and Phishing Simulations
Doni Brass: SAT is designed to be set and forget. Choose a template, customize the video content by topic and region, assign it to your customer base on a recurring schedule — monthly for a year, for example — and it’s running automatically.
Phishing simulations follow the same model: choose from predefined templates based on common brands (1Password, Amazon, AWS, Azure, FedEx), push them out on a schedule, and report on results. All training and simulation content is white-labeled with your brand.
Reporting Suite
Doni Brass: Three main report types:
Prospecting Reports: Enter a prospect’s domain, and within a couple hours Guardz generates a branded risk report — DNS misconfigurations, dark web credential exposure, specific compromised users with obfuscated passwords. The report carries your logo, your contact info, and no Guardz branding.
Security Business Reviews: For existing clients. Branded quarterly reports showing risk posture, detections, and what’s been resolved — written for a business conversation, not a technical audience.
Compliance Reports: Map Guardz evidence to frameworks like HIPAA. Exportable as CSV or PDF for audit use.
Agentic Reporting (coming soon):
Andy Cormier: Doni’s gonna leak some new stuff.
Doni Brass: Why not? We’re building a natural language reporting interface — you describe the report you want, choose the customers and time frame, and an AI agent builds it out. You can then interact with the agent to adjust colors, add your brand, pull in additional data sets. Early stages, but the goal is for you to shape repeatable templates that work for your entire client base.
Threat Intelligence and Research
Doni Brass: Guardz has a dedicated threat hunting team that proactively monitors large data sets across the customer base — not just waiting for detection logic to fire, but actively hunting based on known threats and behavioral patterns. Findings feed back into the platform logic so the entire customer base benefits.
One current example: Kali365 — a phishing-as-a-service kit available on the dark web for as little as $250 to $450 per month, with a good/better/best plan structure. The cookie-link version uses a Cloudflare reverse proxy to steal session cookies from real Microsoft login pages. The adversary-in-the-middle version uses tools like Mudlishka to steal session tokens instead. Session tokens can remain valid for 30 to 90 days, giving attackers persistent access.
Q&A
Attendee Question: Is any part of Guardz web content filtering?
Doni Brass: Not today in a true sense. SentinelOne has some basic web filtering at the device level, but it’s not categorized, full web filtering. It’s a common feature request, and opening the platform to additional data sources — firewalls, DNS filtering, web filtering — is a strong roadmap candidate for the near future.
Attendee Question: What’s the difference between Pro and Ultimate?
Doni Brass: Simplest version: Pro is managed by you, Ultimate is managed by us. Pro includes a Guardz endpoint agent (managed AV using Windows Defender / Mac XProtect) and Checkpoint Advanced Email Protection embedded in Guardz — but no SentinelOne EDR and no Checkpoint Avanan console access. Ultimate adds SentinelOne EDR, full Checkpoint Avanan console access, and 24/7 MDR.
Attendee Question: Are the Checkpoint and SentinelOne integrations the same as purchasing those products directly?
Doni Brass: Yes, with minor caveats. With Ultimate, you get Checkpoint Advanced Email Protection — email only, not the collaboration module. Some settings that would break the Guardz integration are blocked. Otherwise, it’s the full Checkpoint Advanced Email Protection capability. A higher tier with Checkpoint Complete (DLP + outbound encryption) is in development. SentinelOne is effectively full-featured, with only very minor restrictions to protect the Guardz connection.
Attendee Question: If I’m already a Checkpoint or SentinelOne customer, is there a migration path?
Doni Brass: For SentinelOne: very straightforward. Get an API key from Guardz, enter it in the SentinelOne console, and your endpoint agents migrate to the Guardz environment — nothing reinstalled. Settings migration requires some manual work, but Guardz simplifies that setup process. For Checkpoint Avanan: manual work today, but Guardz is working closely with Checkpoint to make that migration smoother.
Attendee Question: I have concerns about single-vendor consolidation and price integrity. What assurances can you give that Syncro won’t use Guardz as a low-cost entry point before raising prices?
Andy Cormier: I can’t promise prices will never go up. What I can say is: this is not an introductory price — it is the price. Syncro’s track record in the Marketplace supports that. We’ve absorbed vendor price increases rather than pass them to Partners, until it was no longer sustainable after multiple back-to-back years. I’d look at what we’ve actually done, not just what I say here.
Attendee Question: Are security awareness trainings white-labeled with our logo or Guardz’s?
Doni Brass: Everything that touches your customer — training portal, notification emails, quarantine release, phishing simulation content — can be white-labeled with your logo and a white-labeled domain. There’s no reason your customers will feel the Guardz brand.
Attendee Question: Do you offer NFR?
Andy Cormier: Yes. NFR is available on the Pro plan. Reach out to Syncro after setting up an account and we’ll get it configured with Guardz.
Doni Brass: It’s called the Community Plan — designed for you to protect your own environment. We’ll keep investing in NFR. It just makes sense.
Closing
Andy Cormier: Thanks everybody for joining. I’m sorry we couldn’t get to all the questions — we had 25 in the queue. If yours didn’t get answered, send it to guards@syncrosecure.com. Doni, thanks for the awesome demo. Really looking forward to expanding this partnership.
Doni Brass: A lot of fun. Great crowd, great questions. Find me on LinkedIn — can’t wait to work with you.
Andy Cormier: Alright, take care, everybody.
See How Syncro Powers Your Business
Schedule a one-on-one walkthrough with a product expert to see the Syncro platform in action. No fluff — just a personalized look at how to unify endpoint management, service operations, and M365 workflows.
Frequently Asked Questions
Guardz alerts automatically open as tickets in Syncro, and closing the ticket resolves the alert in Guardz with no manual reconciliation required.
The two-way sync means your team works entirely within Syncro’s existing ticketing workflow. When a Guardz alert fires, a ticket is created in Syncro automatically. When that ticket is closed, the corresponding Guardz alert is marked resolved. You do not have to toggle between platforms to keep the two systems in sync.
Guardz usage is ingested into Syncro daily via the universal billing integration and mapped automatically to each customer’s recurring invoice.
There are no minimums and no time-based commitments. You pay only for what you consume each month. License counts adjust dynamically based on actual usage, so you never have to manually update quantities in your PSA. If you’re already a Guardz customer through Pax8 or Guardz Direct, you can migrate your existing instance to Syncro to consolidate billing onto a single invoice.
Pro is self-managed with managed AV on endpoints; Ultimate adds 24/7 MDR coverage from Guardz analysts and SentinelOne EDR.
In Pro, the Guardz endpoint agent uses Windows Defender or Mac XProtect as its underlying AV engine, suitable for Partners with price-sensitive clients who still need broad security coverage. In Ultimate, SentinelOne EDR replaces managed AV, Checkpoint Avanan console access is unlocked, and Guardz’s MDR team actively monitors, triages, and responds to threats around the clock. Per-customer MDR permissions (account suspension, session revocation, device isolation) are configurable in Ultimate.
Guardz is licensed per user. A user with multiple devices, such as a laptop and desktop, is covered under a single license.
The minimum Microsoft licensing requirement is Business Standard or above. There is no requirement for premium Microsoft licensing. This per-user model simplifies billing and reflects how modern security works: threats follow identities, not just endpoints.
Guardz combines ITDR, SentinelOne EDR (Ultimate), Checkpoint Avanan email security, dark web monitoring, security awareness training, and cloud data protection into a single platform feeding a shared data lake.
All controls feed into a unified data lake where an agentic triage engine normalizes data, builds user baselines, filters false positives, and enriches incidents before surfacing them to the Guardz MDR team and the Partner. Because everything shares the same data, the platform can correlate a phishing email, an identity anomaly, and an endpoint event into a single incident, something disconnected point solutions cannot do automatically.
Yes. Response permissions are configurable per customer, and the MDR team only takes actions you have pre-approved.
In the Security Controls settings, Partners can grant the MDR team permission to autonomously suspend accounts, revoke sessions, and isolate devices on a per-customer basis. For customers who require MSP oversight before action is taken, the MDR team will alert and escalate rather than act. Co-managed environments with dedicated client IT staff are supported through RBAC and tiered contact configurations.
Yes. All customer-facing content, including the training portal, notification emails, quarantine releases, and phishing simulations, can be white-labeled with your brand and domain.
Guardz offers a white-labeled domain option so customers never see the Guardz brand unless they are actively inspecting network-level calls. There is no “powered by Guardz” attribution on customer-facing materials. The only elements that cannot be white-labeled are the OAuth/enterprise apps installed at initial setup.
SentinelOne migration is straightforward: use an API key to move endpoint agents with no reinstallation. Checkpoint Avanan migration requires manual configuration today, with improvements in progress.
For SentinelOne, obtain an API key from Guardz, enter it in the SentinelOne console, and all endpoint agents migrate to the Guardz environment automatically with no agents needing to be reinstalled. Settings migration from SentinelOne requires some manual work, but Guardz simplifies this process. For Checkpoint Avanan, migration is currently a manual process, and Guardz is actively working with Checkpoint to improve it.
Webinar Hosts
Andy Cormier
Channel Chief, Syncro
Andy Cormier leads Syncro’s partner channel strategy and Marketplace relationships. In this webinar, Andy introduced the Syncro + Guardz partnership, walked through the integration details including alert sync and universal billing, and fielded attendee questions on pricing philosophy, NFR availability, and how the partnership reflects Syncro’s broader vendor commitments.
Doni Brass
Senior Vice President of Product Strategy, Guardz
Doni Brass leads product strategy at Guardz, where he oversees the platform’s development as a unified, MSP-first security solution. In this webinar, Doni delivered a full live demo of the Guardz platform, covering the agentic triage engine, MDR workflow, Pro vs. Ultimate plan differences, reporting tools, and an early preview of the forthcoming agentic reporting feature.
Share
Related Resources
