BITS·Guard
Endpoint protection
that sleeps when you do.
We built BITS Guard because no off-the-shelf tool did what our clients actually needed: schedule-based, deep lockdown of Windows endpoints after hours. Now it powers our managed clients — and you can put it to work too.
Everything you need to lock down a fleet.
No off-the-shelf endpoint manager does scheduled deep lockdown. We built one. It runs in production today.
Real-time monitoring
Live agent status via WebSocket connections with sub-second updates. Know exactly which machine is online, armed, disarmed, or offline — right now.
Automated scheduling
Schedule arm/disarm operations by category, day, and timezone. Office computers lock down at 6pm Friday, unlock 7am Monday — automatic.
Remote management
Arm, disarm, and restart computers across your entire fleet. From any browser. Bulk operations on hundreds of endpoints in seconds.
Complete audit trail
Every action logged with timestamp, source, user, and full details. Export for compliance, insurance audits, or incident review.
Email notifications
Configurable alerts for security events with full SMTP integration. Know the moment a machine is tampered with — even at 3am.
Multi-site support
Category-based organization for offices, data centers, warehouses, and labs. Different policies per site, all from one console.
Auto-Healing Engine
AI-independent autonomous protection. Auto-rearm, tamper detection, escalation. The agent fights back even when our cloud is unreachable.
Deep Lockdown
Block CMD, PowerShell, Task Manager, Registry, USB, software installs, and more. The hardest endpoint lockdown you can ship.
Built for real environments.
Offices after-hours
Lock down all Windows endpoints from 6pm to 7am. No staff member can install software, plug in a USB, or RDP in.
Branch & retail locations
Schedule per-location: Brooklyn store opens at 9am, Manhattan at 8am. POS stations stay locked between shifts.
Healthcare workstations
HIPAA-aware lockdown when staff leaves the office. PHI never accessible from a logged-in but unattended station.
Compliance-driven environments
Document exactly when each endpoint was protected. Audit-ready trail for SOC2, HIPAA, NY SHIELD.
No mystery black-box.
Production-grade architecture. The Windows agent is .NET 8 (small, signed, no bloat). The console is Node + Express + Socket.IO. Data lives in MySQL. Everything we secure, we secure for ourselves first.
$12 per endpoint per month. That's it.
No tiers. No "contact sales." No per-feature unlocks. Includes the agent, the console, the auto-healing engine, the audit trail, and our Brooklyn-based support.
Volume discounts at 25, 50, 100, and 250+ endpoints.
Lock down your fleet in under a week.
Pilot deploy on 5 endpoints — free for 14 days. We onboard you ourselves. If it doesn't fit, we delete the agent and walk away.
(718) 539-8858