Guardz Elite: a step up for AgileSECURE clients with compliance obligations

Guardz, the cyber security platform Agile IT layers over our clients' Microsoft 365 environments, has released a new top tier called Elite. It sits above the Ultimate plan that every AgileSECURE client already runs as standard. Nothing about AgileSECURE changes. Elite is simply an optional step up for a specific group of clients: the ones carrying particular compliance and data-regulatory obligations.

This post covers what Elite adds, why those additions matter in an Australian compliance context, and how to tell whether your business is one that should consider it. The short answer for most businesses is that the standard is already the right level. The longer answer depends on what you have to be able to prove.

Ultimate is the standard. Elite is the step up.

AgileSECURE runs on Guardz Ultimate as its core. As we set out in why we chose Guardz Ultimate, Ultimate already delivers 24/7 managed detection and response across identity, email and endpoints, with the detection itself continuously validated rather than just left running. For most small and medium businesses, that is the right level of protection, and it is included in every AgileMANAGED engagement.

Elite does not replace any of that. It layers on top, adding depth in three areas that matter most when a business has to evidence its security to an outside party. If Ultimate is about detecting and responding well, Elite is about detecting, responding, preventing data from leaving, and being able to prove exactly what happened.

What Elite actually adds

Outbound email data loss prevention and encryption

Ultimate protects inbound email well, catching the phishing, malware and impersonation that arrive in the inbox. Elite adds protection in the other direction. Outbound data loss prevention watches mail leaving the business and stops sensitive information, client records, financial data, identifiers, from going out by email in the clear, whether by accident or intent. Email encryption means the messages that should be protected actually are. For a business that handles other people's sensitive data, this is the difference between hoping nothing leaks and controlling what can.

Deeper endpoint telemetry and active threat hunting

Elite upgrades the endpoint layer so it captures deep, forensic-grade telemetry, the detailed record of what happened on a device, and adds active threat hunting. Active hunting means analysts proactively go looking for threats that have not yet tripped an alert, rather than only responding when one fires. It shortens the window an intruder can sit quietly in an environment before anyone notices.

Forensic deep-dive investigations

When an incident does happen, Elite enables a full forensic investigation: root cause, scope, and timeline. This is the part that turns an incident from a frightening unknown into a documented event you can explain. It is also the evidence you can hand to an insurer, a regulator or a client when they ask what occurred and how you responded.

Why this matters for compliance and data regulation

The common thread through all three additions is evidence. As came through clearly in our first SecureVIC webinar, the gap for most businesses is not between doing and not doing. It is between doing and being able to prove it. Regulators, insurers and clients increasingly ask you to demonstrate your controls, not just assert them, and the controls Elite adds are exactly the ones that get asked about.

The Privacy Act. If your business holds personal information about customers, clients or staff, you carry obligations under the Australian Privacy Act, and the anti-money laundering reforms landing on 1 July 2026 bring many professional services into scope for the first time. Outbound DLP and encryption directly support keeping personal information from leaking out of the business.

SMB1001 Gold. AgileSECURE is aligned to the SMB1001 framework, and Gold is the level where governance and evidence come to the front: documented policies, incident response, and the ability to show your controls are real. Elite's DLP, encryption and forensic capability are the kind of technical controls that underpin a credible Gold position.

Cyber insurance. As we covered in how to answer cyber insurance renewal questions, applications now ask specifically about outbound DLP, email encryption, endpoint detection depth and forensic readiness. Elite lets you answer those accurately rather than reaching, and it provides the forensic evidence you would need if you ever had to support a claim.

Who should consider Elite, and who is fine without it

Elite earns its place for a defined group of businesses:

• Regulated industries: accounting, legal, financial services and health practices.
• Businesses moving client funds or holding sensitive personal or financial data.
• Businesses targeting an SMB1001 Gold position, or that have it and need to maintain it.
• Businesses whose cyber insurer is now asking for DLP, encryption or forensic readiness as a condition of cover.

For everyone else, Ultimate remains a strong, complete managed security baseline, and Elite would be paying for depth you do not need. We will not push it where it is not warranted.

How we would approach it

We do not upsell tiers by default. Within an AgileSECURE engagement we look at your actual obligations, your industry, the data you hold, your client contracts and your insurer's requirements, and we recommend Elite only where it earns its place. Where it does, we scope it to suit. The "Need more?" note on the AgileSECURE page is the short version of this.

One honest caveat on the marketing. Guardz lists HIPAA compliance under Elite, which is United States health regulation and not directly relevant to Australian businesses. For an Australian business the drivers are the Privacy Act, the SMB1001 framework and your cyber insurer, not HIPAA. The underlying controls, though, DLP, encryption and forensics, are the same ones those Australian obligations call for.

Frequently asked questions

Is AgileSECURE changing?

No. Guardz Ultimate remains the standard core of AgileSECURE for every client. Elite is an optional upper tier for the subset of clients with specific compliance or data-regulatory needs.

What does Guardz Elite add over Ultimate?

Three things on top of the Ultimate baseline: outbound email data loss prevention and encryption, deeper endpoint telemetry with active threat hunting, and forensic deep-dive investigations.

Do I need Elite?

Most businesses do not. Ultimate is a complete managed security baseline. Elite is for regulated industries, businesses holding sensitive personal or financial data, those targeting SMB1001 Gold, or those whose cyber insurer now requires DLP, encryption or forensic readiness.

Does Elite help with cyber insurance?

Yes. Cyber insurance renewal applications now ask specifically about outbound DLP, email encryption, endpoint detection depth and forensic readiness. Elite lets you answer those accurately, and provides forensic evidence if you ever need to support a claim.

Is Guardz Elite about HIPAA?

Guardz lists HIPAA under Elite, which is United States health regulation. For Australian businesses the relevant drivers are the Privacy Act, the SMB1001 framework and your cyber insurer, but the underlying DLP, encryption and forensic controls are the same.