GuardianIQ

GuardianIQ protects intellectual property during offboarding by time-boxing enhanced monitoring for exiting employees. It correlates HR changes with file, email, data, and access behavior to surface real risks and trigger automated, compliant actions.

Key Features

· Insider threat detection:

Monitors for anomalous or malicious actions in the critical window before employee departure.

· Comprehensive visibility:

Correlates activity across identity (Entra ID), devices (Defender for Endpoint), communications (Microsoft 365) and development platforms (Azure DevOps/GitHub).

· Analyst productivity:

Replaces hours of manual log correlation with structured evidence bundles and anomaly scoring.

· Risk reduction:

Prevents last-minute data exfiltration, privilege abuse, or intellectual property theft.

· Policy-driven logic:

Supports custom business rules (e.g., flag privileged role usage after LWD notification).

How It Works

When an employee is marked as exiting in HRMS—or during a scheduled offboarding hunt—the agent runs correlated detections across Microsoft Sentinel, including:

• Unusual file downloads, uploads, or mass deletions
• Suspicious email behavior (forwarding rules, bulk sends, external sharing)
• Abnormal sign-ins or privileged role usage after LWD notification
• Endpoint activity indicating unauthorized data staging or access

If multiple indicators align, GuardianIQ calculates a risk confidence score and produces an enriched SOC-ready report. High-confidence findings can automatically trigger Sentinel incidents or downstream response actions for analyst review.