Guardian
Guardian security monitoring and response
Guardian is the DeskBridge security monitoring layer for managed workspaces, identity, sandboxing, file sharing, support actions and operational evidence.
It is designed to detect suspicious behaviour early, preserve evidence and present clear response options without exposing raw content, secrets or other-tenant data.
What Guardian does now
- Collects and processes tenant-ringfenced security and operational signals
- Writes Guardian evidence files with a hash-chained local ledger
- Feeds Admin Console and dashboard summaries through a client-safe runtime export
- Correlates identity, workspace, network, storage, backup, admin, Helpdesk and file-sharing signals
- Recognises controlled file-sharing risks including high recipient count, external recipients, permissive controls, revoked shares and denied access attempts
- Checks malware/signature health metadata for scanner availability, stale signature stores, missing YARA-style rule packs and malware detections from scan logs
- Plans response actions such as alerting, evidence preservation, session isolation, account restriction, storage freeze, quarantine and tenant containment according to policy and available targets
Account takeover and phishing resistance
Guardian looks for the subtle signs that an account, mailbox, workspace or support route may be under attack. That can include repeated failed authentication, suspicious token behaviour, new-device patterns, unusual mailbox or forwarding changes, impossible-travel style indicators, suspicious support recovery and other signals available inside the DeskBridge service boundary.
Ransomware, malware and unsafe downloads
Guardian is being built as the DeskBridge protective layer against ransomware, malware and unsafe behaviour. The live layer already records malware-signature health and detection metadata where scan logs are available. Full content scanning for downloads, uploads, mail attachments and storage staging depends on the client service design, scanner deployment and approved data-handling model.
Sandbox and file-sharing signals
Guardian links into DeskBridge sandboxing and controlled file sharing. Sandbox events can show drift, blocked actions, cleanup state and exception requirements. Controlled file-sharing events can show risky sharing patterns, revoked shares and denied viewer/download/print/reshare attempts without giving Guardian the file payload or raw storage path.
Response model
- Observe and record
- Alert security operations or nominated administrators where scoped
- Preserve evidence
- Request step-up authentication or user confirmation where safe
- Plan session containment, account restriction, storage protection or quarantine where targets are known
- Require approval for high-impact response unless a narrower tenant policy explicitly permits it
Client dashboard visibility
Guardian can publish client-safe incident summaries and runtime state to authorised dashboards. The dashboard view is deliberately redacted: it excludes raw logs, raw evidence content, host paths, tokens, secrets, private key material and other-tenant information.
Current boundaries
- Guardian is live for monitoring, correlation, evidence, client-safe summaries and response planning
- Autonomous high-impact lockout, quarantine, storage freeze or tenant containment is not treated as live production capability unless it is explicitly enabled by tenant policy, approved adapters and rollback evidence
- False-positive closure requires retained evidence and explicit security approval
- Full malware scanning scope depends on the client deployment and cannot be assumed for every package
- Guardian is not a claim of partnership with any third-party security product or vendor
Why it matters
Guardian strengthens DeskBridge because it understands the managed workspace context: user, tenant, endpoint, workspace, support action, file-sharing policy, sandbox state and evidence record. That gives clients a clearer answer to what happened, why it mattered and what action was taken.
Next step
Review Guardian in context
Guardian is strongest when it is paired with DeskBridge security, Helpdesk, sandboxing, audit evidence and client dashboards.

