Introduction to INSIGHT

GuardWare INSIGHT is a data visibility and monitoring solution that helps your organisation understand how data is being accessed, shared, and used across both internal and external environments. It provides a unified view of user activity and file movement, allowing you to detect unusual behaviour, potential data leaks, and policy violations in real time. By analysing user behaviour patterns and access trends, INSIGHT highlights anomalies and potential insider threats before they escalate.

INSIGHT continuously tracks activities such as data uploads, downloads, copies, email transfers, and print actions across corporate and non-corporate channels. This visibility helps your organisation identify where sensitive data resides, how it moves, and who interacts with it, enabling proactive data-loss prevention and compliance management.

INSIGHT works across desktops, servers, and cloud environments. Once installed, it begins collecting and displaying activity data in the GuardWare INSIGHT Management Console, where you can view dashboards, run reports, and manage alert configurations.

GuardWare INSIGHT Architecture

GuardWare INSIGHT consists of three main components: the Web Management Console, Windows Endpoint Devices (Agents), and Exchange & SharePoint Cloud Services, which communicate securely using HTTPS and Microsoft Graph API.

1. Windows Endpoint Devices (Agents)

The GuardWare INSIGHT Agent is installed on each endpoint device, such as desktops, laptops, and servers, within your organisation. It continuously monitors user activities and file interactions, such as file uploads, downloads, and copies, email attachments, and print actions, access to non-corporate websites and applications, and so on.

The agent securely transmits all collected activity data to the Web Management Console using HTTPS (TLS-encrypted communication).

2. Web Management Console

The Web Management Console is the central monitoring and reporting component of GuardWare INSIGHT. It can be deployed on-premises or hosted in the cloud, depending on your organisation’s infrastructure.

Key functions include:

• Receiving and processing data sent by endpoint agents.

• Communicating with Microsoft 365 services (Exchange and SharePoint Online) using the Microsoft Graph API.

• Applying policy rules, detecting risk levels, and correlating endpoint and cloud events.

• Displaying information through predefined and custom dashboards such as Risk Summary, General, Risks, and SharePoint.

• Managing alerts, reports, user permissions, and configurations.

3. Exchange & SharePoint Cloud Services

GuardWare INSIGHT integrates directly with Microsoft 365 cloud services, specifically Exchange Online and SharePoint Online, to extend visibility to cloud-based activities. The Management Console communicates with these services through the Microsoft Graph API. This allows the collection of audit and activity logs, such as file access, sharing, downloads, email attachments, and external user activities.

GuardWare INSIGHT unifies endpoint and cloud data visibility, ensuring that every user action, whether on-premises or in the cloud, is tracked, analysed, and reported through a single management interface.

Next Steps

Once you’ve reviewed the overview, architecture, and system requirements, see the following guides:

• GuardWare INSIGHT Agent Installation: Explains how to install the INSIGHT Agent on endpoint devices using different deployment methods, such as manual setup, Active Directory, Intune, or PDQDEPLOY.

• GuardWare INSIGHT Microsoft 365 Setup: Details the configuration steps required in Azure and Microsoft 365 to enable cloud monitoring for Exchange and SharePoint.

• GuardWare INSIGHT Dashboard Guide: Describes the dashboards and widgets available in INSIGHT for monitoring user activity and system performance.