Guardz Ultimate now uses Check Point for email security: what it means for AgileSECURE

Source material: the Guardz Email Security solution page, the Guardz Check Point Email Protection support article, and the LinkedIn announcement from Yasser Hassan (post). The product change and the underlying engineering belong to Guardz and Check Point. This piece is Agile IT’s view of what it means for the businesses we look after.

What changed

Guardz has replaced the in-house email protection layer inside the Guardz platform with Check Point Email Protection, powered by the technology Check Point acquired with Avanan in 2021. Inside the AgileSECURE arrangement, where Guardz Ultimate sits as our managed security overlay on top of Microsoft 365, this means the email defence layer for our clients is now Check Point’s, not the previous in-house Guardz one.

Importantly: the rest of the Guardz Ultimate stack does not change. Identity protection, posture monitoring, data loss prevention, and the broader managed detection and response we rely on Guardz for, all continue exactly as they were. The change is targeted at the email layer, which is also the layer where most attacks against Australian SMBs still begin.

Why Check Point matters here

Check Point Software Technologies has been one of the most respected names in cyber security since 1993. Their email protection lineage comes through Avanan, an Israeli company that built one of the first AI-native cloud email security platforms for Microsoft 365 and Google Workspace, acquired by Check Point in 2021 and folded into the Check Point Harmony product line.

For most of the past five years, Check Point Harmony Email & Collaboration has been considered one of the strongest email security products in the enterprise market. The fact that it is now the engine inside Guardz Ultimate is what makes this announcement more than a vendor reshuffle.

What is technically different

A few of the changes that actually matter day-to-day, drawn from the Guardz documentation:

1. AI-driven detection across the full email lifecycle

The platform analyses email at delivery time, not just at the perimeter. Phishing, business email compromise, payload delivery and weaponised URLs are detected using AI models trained on a continuously updated stream of real-world attacks across the Check Point customer base. Detection is contextual: the system learns the patterns of who normally emails whom, what attachments are normal for a given relationship, and what counts as a deviation.

2. Post-delivery remediation

This is the feature that distinguishes modern email security from older approaches. If a message is delivered, and is later determined to be malicious (because attacker patterns evolved, or new threat intelligence arrived), the platform can retract the message from the recipient’s inbox after the fact. The window for an attacker to be opened by an unaware user shrinks dramatically.

3. URL rewriting and time-of-click protection

Links inside email body text and inside attachments are rewritten to pass through Check Point’s sandbox at the moment the user clicks them, not just when the email arrives. If a link goes from clean to malicious between delivery and click, the user is still protected.

4. API-based, no MX record changes

The integration is via Microsoft 365 (or Google Workspace) APIs rather than mail gateways. There is no need to redirect mail flow through a separate hop, which means no risk of mail loops, no MX record changes, and no impact on email delivery times. The security operates inside the cloud you already have.

5. Password-protected attachment handling

Attackers have learned that sending malware inside a password-protected attachment (with the password supplied in a subsequent message or the body text) gets past most older filters. The Check Point engine now handles this case deliberately, including extracting and scanning these attachments where the password is detectable.

What this means for AgileSECURE clients

For businesses where Agile IT runs AgileSECURE on top of Microsoft 365, the upgrade is delivered through the same Guardz Ultimate layer that has been running all along:

• No project, no migration disruption. The cutover from Guardz’s previous email engine to Check Point happens behind the scenes. The console you log into, the alerts you see, and the response actions you can take all stay inside Guardz
• A measurable uplift in catch rate. Check Point’s detection engine has been independently benchmarked as one of the strongest in the email security market. The probability of a sophisticated phishing or BEC attack reaching a user inbox is meaningfully lower
• Better protection against the modern attack patterns. Post-delivery remediation and time-of-click URL protection are specifically the features that older email security tooling does not handle well, and these are exactly the patterns we have seen evolve over the past two years
• No additional licensing cost. The Check Point capability is included inside the existing Guardz Ultimate subscription that AgileSECURE clients already have

Where this fits inside the broader AgileSECURE stack

It is worth mapping how the various pieces of AgileSECURE work together, because email is one part of a layered model:

• Microsoft 365 Defender as the first layer of email defence inside the Microsoft tenant
• Guardz Ultimate with Check Point Email Protection as the second, more capable layer, catching what gets through Defender and applying post-delivery remediation
• SentinelOne EDR on the endpoint, catching anything that does make it to a device through any vector, not just email
• Identity protection through Guardz, watching for the credential-compromise signs that often follow a successful phishing email
• AgileSECURE governance and review at the service-management layer, with the team monitoring the detections and acting on what matters

The Check Point upgrade strengthens the email layer specifically. The rest of the layered model is unchanged, which is the point. A layered defence is only as good as its weakest layer, and the email layer has been the historical weak point for most Australian SMBs. That is now noticeably better.

What we would say if you are not yet on AgileSECURE

If you are an Agile IT client on AgileMANAGED but not yet on AgileSECURE, this announcement is one of the clearer reasons to have the conversation. Email is, by a long way, the most common entry point for the attacks that cause real damage to Australian SMBs. Putting a Check Point-grade engine on that layer, inside a managed arrangement that is being actively monitored, is a meaningful change in your security posture.

If you are not yet on AgileMANAGED at all, the broader point is the one we always make about cyber security: the platform is one part of a posture, not the whole thing. Check Point email protection inside a well-run AgileSECURE engagement is genuinely strong. Check Point email protection bolted onto an environment that has not had the foundation work done is still better than nothing, but does not produce the same outcome.

Either way, the announcement is good news for the businesses we look after. Credit where it is due, to Guardz and Check Point.