Enforce USB policies in real time across every Windows endpoint — no Group Policy delays, no PowerShell scripts, no complexity. Just push a toggle and it's done.
PortGuard uses AWS IoT Core MQTT to push policy changes directly to every agent the moment you flip a switch. No waiting for Group Policy refresh cycles. No reboots required. Changes propagate in under two seconds.
Every PortGuard agent continuously monitors USB bus events and reports device presence to the cloud in real time. Get a live inventory of every USB storage device plugged into every endpoint — no manual scanning, no guesswork.
Don't apply a blanket policy and hope for the best. PortGuard lets you control USB access on a machine-by-machine basis. Roll out restrictions incrementally, test on a small group first, and expand with confidence.
The PortGuard web console at app.portguard.tech gives you a real-time view of your entire fleet. See which machines are online, what USB devices are present, and toggle policies — all without touching a single endpoint.
Every PortGuard action is available via a clean REST API. Automate provisioning, sync with your SIEM, or trigger policy changes from your incident response playbooks. Webhooks keep your systems in sync in real time.
Every feature in PortGuard was designed around real operational needs — not checkbox compliance.
Respond to USB incidents on the go. The PortGuard mobile app gives you the same policy controls as the web console, push notifications for USB events, and one-tap lockdown from anywhere.
No runtimes, no PowerShell scripts, no .NET dependency hell. The PortGuard agent is a single Go binary that runs as a native Windows service. Zero performance impact, USB-only scope, installs in 30 seconds.
Locked out a machine by mistake? Toggle USB back on from the console and the policy propagates instantly. No endpoint access required. No support ticket. No panic. Rollback takes under two seconds.
Agents enforce the last known policy when offline. When connectivity is restored, any queued policy changes are applied automatically. Your endpoints are always in the correct state — connected or not.
Every policy change, device event, and admin action is logged with a timestamp, user identity, and machine ID. Export logs for compliance reports — SOC 2, ISO 27001, PCI DSS, and HIPAA requirements covered.
Each agent authenticates to AWS IoT Core with a unique X.509 certificate. No shared secrets. No static passwords. Certificates can be revoked per device. Built for zero-trust endpoint security from the ground up.
Group Policy gets the job done eventually. PortGuard gets it done now.
| Capability | Traditional GPO | PortGuard |
|---|---|---|
| Policy delivery speed | 15–90 minute GPO refresh cycle | Under 2 seconds via MQTT |
| Works off-domain / remote | Requires VPN or domain connectivity | Any internet connection |
| Per-machine granularity | OU-level only — limited targeting | Every machine individually |
| Real-time device inventory | No — requires separate tooling | Built in, live view |
| Webhook / API integration | No native support | Full REST API + webhooks |
| Setup time | Days (AD schema, GPO design, testing) | 30 minutes to full deployment |
| Works without Active Directory | No | Yes — standalone or hybrid |
| Mobile management app | No | iOS & Android |
| Safe instant rollback | Requires GPO refresh to propagate | Under 2 seconds |
Know instantly which machines in your fleet are encrypted — and which aren't. DriveGuard monitors BitLocker status on every endpoint and alerts you when a machine falls out of compliance.
$3/device/month — add to any PortGuard plan. See pricing
Know exactly which machines are behind on updates — before auditors do. PatchGuard tracks Windows Update status across your fleet and alerts you when machines fall behind your patch policy.
$2/device/month — add to any PortGuard plan. See pricing
Start your free trial in minutes. No credit card required. Install the agent on your first machine in under 30 seconds.
No credit card required · Free trial · Cancel any time