Huntress has added new endpoint detection and response functionality to its managed security platform for MSPs.
Available at no extra charge to everyone in the vendor’s subscriber base since yesterday, the new Process Insights service searches real-time, round-the-clock telemetry from the more than 1.5 million devices Huntress currently monitors for suspicious activity. Analysts in the company’s SOC then filter out false positives and upload an automated recovery “playbook” to a partner’s PSA system in response to legitimate threats.
“They’re able to click a single button and have our remediation recommendation run for them,” says Huntress CEO Kyle Hanslovan.
That allows MSPs to provide expert security services through junior technicians and meet the increasingly stringent EDR-related requirements many cyber insurers now impose, he continues. “You have to actually do attestation and say, ‘I have 24x7 monitoring in my EDR’ to be able to get some of these insurance policies.”
According to Hanslovan, Process Insights is designed to fill a gap in the security marketplace for MSPs. “There are a lot of EDR technologies like this for enterprise customers,” he notes. MSPs who actually use those products, however, typically get only limited value from them.
“They don’t actually have the team and capacity to monitor them 24x7, or when they do find something and they do respond they don’t necessarily know what it means or what the next step is,” Hanslovan says.
Process Insights draws heavily on technology Huntress acquired last January along with network-aware detection and response vendor Level Effect. Figuring out how to provide an effective EDR service based on that software at a price MSPs can afford has taken most of the 19 months since then.
“Most of our partners are looking for a solution that’s somewhere in the $2 to $4 per endpoint per month range,” Hanslovan notes. They prefer managed solutions too, he adds, noting that Huntress polling data shows that while half of its partners provide EDR services themselves to at least one client at present, just 30% of them are satisfied with the product they’re using. Only 20% of partners are currently using a managed EDR solution, by contrast, but some 80% of them are happy with it.
Zeroing in on the most prevalent source of EDR incidents—application processes—proved to be the key to providing a managed EDR solution cost-effectively. “We had to go and figure out what was the, call it, 20% of the problem that could deliver 80% of the value,” Hanslovan explains. “That’s how you build products meant for the mid-market and below.”
Monitoring applications alone is still a big undertaking, he continues. Huntress’s SOC currently observes some 6 billion unique processes in a typical two-week period.
Process Insights isn’t Huntress’s first foray into detection and response. The vendor’s first offering, which finds “persistent footholds” in compromised networks, fits in that category too, as does the anti-ransomware solution Huntress introduced in 2020. The new service finds threats more rapidly than those earlier ones though, says Hanslovan, adding that Process Insights was responsible for 24% of the incidents Huntress detected last month.