Huntress has added new endpoint detection and response functionality to its managed security platform for MSPs.
Available at no extra charge to everyone in the vendor’s subscriber base since yesterday, the new Process Insights service searches real-time, round-the-clock telemetry from the more than 1.5 million devices Huntress currently monitors for suspicious activity. Analysts in the company’s SOC then filter out false positives and upload an automated recovery “playbook” to a partner’s PSA system in response to legitimate threats.
“They’re able to click a single button and have our remediation recommendation run for them,” says Huntress CEO Kyle Hanslovan.
That allows MSPs to provide expert security services through junior technicians and meet the increasingly stringent EDR-related requirements many cyber insurers now impose, he continues. “You have to actually do attestation and say, ‘I have 24×7 monitoring in my EDR’ to be able to get some of these insurance policies.”
According to Hanslovan, Process Insights is designed to fill a gap in the security marketplace for MSPs. “There are a lot of EDR technologies like this for enterprise customers,” he notes. MSPs who actually use those products, however, typically get only limited value from them.
“They don’t actually have the team and capacity to monitor them 24×7, or when they do find something and they do respond they don’t necessarily know what it means or what the next step is,” Hanslovan says.
Process Insights draws heavily on technology Huntress acquired last January along with network-aware detection and response vendor Level Effect. Figuring out how to provide an effective EDR service based on that software at a price MSPs can afford has taken most of the 19 months since then.
“Most of our partners are looking for a solution that’s somewhere in the $2 to $4 per endpoint per month range,” Hanslovan notes. They prefer managed solutions too, he adds, noting that Huntress polling data shows that while half of its partners provide EDR services themselves to at least one client at present, just 30% of them are satisfied with the product they’re using. Only 20% of partners are currently using a managed EDR solution, by contrast, but some 80% of them are happy with it.
Zeroing in on the most prevalent source of EDR incidents—application processes—proved to be the key to providing a managed EDR solution cost-effectively. “We had to go and figure out what was the, call it, 20% of the problem that could deliver 80% of the value,” Hanslovan explains. “That’s how you build products meant for the mid-market and below.”
Monitoring applications alone is still a big undertaking, he continues. Huntress’s SOC currently observes some 6 billion unique processes in a typical two-week period.
Process Insights isn’t Huntress’s first foray into detection and response. The vendor’s first offering, which finds “persistent footholds” in compromised networks, fits in that category too, as does the anti-ransomware solution Huntress introduced in 2020. The new service finds threats more rapidly than those earlier ones though, says Hanslovan, adding that Process Insights was responsible for 24% of the incidents Huntress detected last month.
“That’s a pretty big gap we were missing,” he says.
Process monitoring is the latest addition to Huntress’s steadily expanding platform, which in addition to persistent foothold and ransomware detection has included a managed anti-virus service since last January, and provides attack surface management and host isolation functionality too.
Future additions to the platform will target phishing-based attacks on the cloud solutions end users increasingly rely on. “The cloud is starting to become a very key part of where hackers are becoming more comfortable attacking small and midsize businesses,” Hanslovan says. “I’m making some pretty heavy investments to go and not only be a managed security platform for the endpoint but for that identity for that user of that cloud solution.”
Announced last month, the first such investment was Huntress’s $22 million acquisition of security awareness training vendor Curricula. A solution based on Curricula’s software and informed by expertise from Huntress analysts is likely to ship in about a year.
A fully managed detection and response service for Microsoft 365, meanwhile, will arrive early in 2023. “That’s the number one ask from our partners,” Hanslovan says.
Hanslovan, who has long vowed to add more capabilities to the Huntress platform without charging more for as long as he could do so without eroding profits, raised rates several months ago. “We finally got to the point in April of this year where my cost of goods sold were dropping down and my margins didn’t look like a SaaS company anymore, so we did a small price increase,” he says.
Huntress announced a “Neighborhood Watch Program” that gives MSPs free internal-use access to the company’s entire platform, whether they’re Huntress partners or not, in July.