Huntress Managed EDR Reviews

Over the years, Huntress has gained many features, but initially, it was the foothold detection that drew us to the solution. It excels at uncovering persistent threats that evade other security measures. Our staff often compares it to a baseball backstop: you might not hit every pitch, and the catcher might miss a ball, but the backstop is there to prevent a disaster. In the same way, Huntress acts as a safety net, a team of experts searching for threats that slip past other security layers.

We observed threat actors continually refining their attack methods against the managed endpoints of our diverse clientele. We sought a security tool that avoided exaggerated claims of absolute protection. We understand that perfect security doesn't exist. Instead, we prioritized finding a partner with integrity and a genuine commitment to the SMB security mission, both for our clients and the broader community. Even before becoming an investor and customer, Huntress impressed us with their educational approach. They actively engage the MSP community, providing valuable knowledge, training, and insights into current threats. Their focus on raising security awareness before securing contracts resonated deeply with us. We admire their company culture and approach.

Our client base presents a mixed deployment landscape. Some, particularly those in manufacturing, maintain significant on-premises infrastructure. In contrast, others have fully embraced the cloud and haven't adopted serverless technologies like the ones we offer. Therefore, our platform must cater to this diverse range of deployment models.

Huntress was likely the easiest tool we've ever deployed. It's low-touch, and we didn't anticipate any problems. The worst-case scenario would be an issue with their internet connection, but otherwise, it requires minimal interaction with the machines. Users are unaware of its background operation; it doesn't make changes or enforce rules initially, making the rollout very smooth. We even deployed it internally before broader implementation to familiarize ourselves and ensure it wouldn't cause any harm. My confidence stemmed from its ease of use and the high quality of its product.

It is a cost-effective solution for the SMB market. It allows us to keep our costs competitive while ensuring optimal protection for our clients. Additionally, it instills a sense of quality and reliability in our operations. After all, we are human, and mistakes are inevitable. Huntress provides peace of mind for the MSP side by helping us mitigate those potential oversights.

We observed the benefits of Huntress within the first two weeks of deployment. We discovered several previously unknown aspects of the managed environment. Subsequently, after implementing the change to simply push them out of their base stack, we were able to quickly identify well-responding machines, those requiring attention, and malfunctioning Wi-Fi protection. This process effectively illuminated areas requiring improvement from a management perspective.

The fact that the Huntress system is managed 24/7/365 is extremely helpful for our workloads. Our staff typically works from seven in the morning to five in the afternoon, so there's only a small overlap with Huntress' coverage. However, we greatly benefit from them keeping an eye on things and being able to alert us in the middle of the night if something suspicious happens. We're very thankful for their round-the-clock monitoring, as it saves us from having to keep our staff up late or hire additional workers for overnight hours. This, in turn, saves us money on labor costs.

There’s a feature that allows us to automatically remediate low-severity threats, and we have enabled it for certain clients. This feature has significantly reduced the number of minor issues that our SOC team would usually deal with, freeing them to focus on higher-level threats and more strategic tasks.

Huntress has significantly improved our security posture. Their team provides exceptional vigilance, staying informed about emerging threats and tracking the tactics of bad actors. We've seen numerous instances where they've detected threats just as they activated. In some cases, we simply isolated the affected machine, while in others it didn't require such immediate action. Remarkably, a month later, the FBI contacted us to inquire about one of these potential threats. Fortunately, thanks to Huntress' swift intervention, there was no actual danger. This experience highlights their cutting-edge expertise, not just in technology, but also in understanding the evolving tactics of cybercriminals. They consistently stay ahead of the curve, or at least keep pace with, the ever-changing threat landscape.

Huntress helps to reduce the need for expensive security tools and analysts. We have a superior base layer compared to just offering a standalone product. While it is a tool, it's also a product and service that includes access to the Huntress team's expertise. Their threat operations team monitors potential threats, so we don't need to dedicate our own time and resources to analyzing logs and information. They essentially do it for us.

Finding cost-effective security partners is crucial, as we navigate competing demands. Some clients expect high effectiveness and demonstrably high value, while other vendor tools see rising costs. It's key to identify partners who deliver demonstrably good value for our investment, maximizing our effectiveness through optimized time and resource allocation.

We begin to see improvements in our company's security within two days of deployment. Pushing the installation requires minimal effort. Typically, suspicious activity becomes apparent within the first 24 to 48 hours, which the system highlights immediately. After a week or two, the system learns usage patterns and adapts to the environment, providing us with a comprehensive understanding of our security posture. By then, we've proactively addressed any identified issues, resulting in a swift and efficient security monitoring process.

Foothold detection is a valuable feature, acting as a valuable second set of eyes for both us and our clients. However, what truly convinced us to make it a core part of our security stack, instead of just deploying it selectively based on specific needs, was Huntress' introduction of Managed AV. This allowed us to replace our basic antivirus solution often Windows Defender for our predominantly Windows environment with a more robust option managed by Huntress. Managed AV essentially made Huntress our new baseline antivirus, replacing Windows Defender, while still allowing us to utilize premium solutions like SentinelOne for specific situations. Ultimately, this shift enabled us to expand our footprint from around 400-500 machines to an impressive 4,600.

I'd like Huntress to implement a component that can analyze network traffic for specific sites. This involves deploying network sensors that monitor beyond just endpoint data, which they currently gather, and identity information through their 365 integration. This additional layer would offer site-level visibility, allowing us to detect suspicious traffic even on devices where the Huntress endpoint agent can't be installed. For example, in manufacturing environments, network devices and IoT devices might not be compatible with the agent. Comprehensive site-wide visibility would significantly enhance our security posture.

I have been using Huntress for around four years.

Huntress is stable. We have not encountered any issues.

Easy scalability that requires minimal time investment from us. Their platform readily handles our needs.

We've been using their service for years now with minimal technical issues. However, I've contacted their technical support several times, usually regarding security-related alerts. In some cases, it was a matter of needing clarification, while other times we simply couldn't find the relevant documentation. We wanted additional information about these alerts to improve our understanding and prevent future issues. Sometimes they get busy and their response time is slow but the quality of their service is great.

Positive

Previously, we used a variety of security solutions, but none specifically addressed the gap where users require items to be forwarded to other security layers. We solely relied on antivirus software or various EDR solutions at the time. We simply made the most of those tools available. Huntress did replace antivirus programs like Bitdefender and Webroot for us. Because we could utilize Managed AV, we no longer needed those other products. In that sense, it did take their place. However, Huntress entered the market to fill a previously unmet need and created a new market segment.

The initial deployment was smooth, even when we encountered some misalignments between our expectations and reality, or when we had to adjust initial assumptions. Fortunately, we were able to rectify these issues quickly by modifying the agents. For example, if an agent was assigned to the wrong client, we could make a prompt correction.

Overall, the deployment was very straightforward thanks to the ease of using PowerShell. The developers did a fantastic job making the process as user-friendly as possible.

One person was required for the deployment.

We handled the deployment internally, leveraging our existing RMM tool which already manages and deploys other software.

Huntress boasts a high return on investment. This translates to needing fewer staff dedicated to analyzing security tools, which is a significant benefit for us. Consequently, labor costs associated with incident monitoring decrease. Additionally, it provides a dedicated Security Operations Center team that continuously monitors for threats. Essentially, it's like getting two solutions for the price of one. I imagine the reduction in personnel costs would at least cover half the expense of incident investigation and response, which are typically more costly with other solutions. Overall, the ROI from Huntress is evident in our daily operations. The peace of mind and improved sleep Huntress brings are invaluable.

While other options have emerged since Huntress' arrival, I believe it still offers the best value for the features and services it provides.

Many alternative security solutions originated from the enterprise market, resulting in high pricing that didn't fit our MSP pricing model for smaller clients. Additionally, while existing antivirus vendors offered bolted-on MSP options, standalone SOC services often lacked cost-effective models per endpoint. At the time, nothing quite like Huntress existed in the market.

I would rate Huntress ten out of ten.

Huntress is doing exactly what we need. However, we haven't fully explored its potential for expansion. Previously, my main request was Microsoft 365 integration, which they are now working on. We're currently conducting some early pilot tests with it. In essence, that integration addressed the major gap I identified.

Most multi-tenant tools involve a dashboard, user interface, and the ability to create sub-organizations or child accounts. Each child account has access to all purchased products under its parent account. The key requirement is ensuring machines are accurately tagged to their respective companies. While infrequent, maintaining these tags involves verifying their correctness and fixing minor issues, such as typos or inconsistencies. This applies to most multi-tenant tools, not specific to Huntress. However, Huntress simplifies this process compared to other solutions. Unlike requiring uninstallation or redeployment in other tools, Huntress allows seamless correction and movement of tagged machines, minimizing errors and streamlining management.

As long as we understand the platform's capabilities and the value it provides, we can avoid any misconceptions. I believe many MSPs tend to get overly excited about any new tool. We've faced similar challenges in the past, so it's crucial to remember that this isn't a "deploy and forget" solution. While the platform simplifies the process significantly, some effort is still required on our end to ensure proper configuration before deployment. It's more of a "set it and manage" tool compared to the others we use. Therefore, understanding the product, its position in our security stack, and how it complements existing tools is essential. We need to know how to explain its role and support it effectively for our clients. That's the key takeaway. Knowing its place in the security stack is fundamental.

We're a managed service provider, so we resell Huntress Managed EDR to our customers. We use the EDR and the MDR products, which provide endpoint and 365 protection.

Huntress Managed EDR is remarkably user-friendly. It excels at identifying threats and provides transparent, actionable information about the following steps to take when a threat is detected.

We use Huntress in both the SMB and enterprise markets. I don't differentiate between them, as it works great for both.

We saw the benefits of Huntress Managed EDR immediately.

The Huntress team's consistent monitoring is excellent for triaging and managing alerts, which benefits our workloads. They are also a great team to work with.

Huntress's ability to automatically remediate low-severity threats helps reduce our workload.

The way Huntress's SOC team collaborates with us is significantly better than other solutions.

There are a few key aspects of Huntress that we appreciate. What stands out most is their human element: when faced with an unknown threat, real people, not just automated processes, are investigating it, and they're people we trust. Their security team is excellent; they proactively contacted vulnerable partners during the Exchange vulnerability a couple of years ago, urging them to apply fixes. They also adapt to customer needs, continuously developing new products and features, such as their upcoming SIEM product, and expanding upon their existing platform. Ultimately, while their software and product are great, what we value most is their company culture - they are incredibly easy to work with.

Huntress has a cyber education platform, but it lacks all the languages we need. Since we support customers in different countries, expanding the language options for their training would be beneficial.

I have been using Huntress Managed EDR for approximately four to five years.

Huntress Managed EDR is stable. We have not experienced any issues with lagging, crashing, or downtime.

We have never encountered any issues with Huntress being scalable.

Our team on the security side has contacted Huntress support, and they have been pleased.

Positive

We used SentinelOne before switching to Huntress. The main reasons for switching were the lower cost and that Huntress is fully managed.

The initial setup of Huntress Managed EDR was easy.

The deployment typically requires only one person.

Huntress has a favourable pricing structure, and I appreciate the cost-effectiveness compared to previous solutions.

I rate Huntress Managed EDR a ten out of ten.

We use other security products in conjunction with Huntress Managed EDR.

Occasional maintenance is required for agents that lose connection and to manage unidentified threats.

Huntress is one of our favourite products. It's easy to deploy for new users; they simply push out the agent. The ability to filter low-severity threats and automate their remediation can save valuable time.

We use their EDR product essentially to protect the endpoints that we have. It is an additional line of defense in most cases. We have traditional antivirus, and then we layer Huntress on top of it for additional protection.

By implementing Huntress, I wanted something that was an additional level of protection on top of the things we were already doing. They offered it for a fair price.

We could realize its benefits immediately because when you install it on a new endpoint, it immediately tells you the bad things that are happening on it. You get it right away.

The solution is fully managed by Huntress 24/7. It has affected our workload. My team has to do less work. They do the work of triaging the issues that come in, and then they just escalate the ones that need to be escalated to me, which saves me time and effort.

For remediation, we have used the remediation button, but we do not have any auto or unattended remediation on because we like to review that. We have unattended isolation on so that they can isolate, but we do not have unattended remediation on.

Huntress has allowed us to hold off the need for an in-house full-time SOC. Eventually, we will get there, but it helps push that off a little further.

We have combined Huntress Managed EDR with other solutions. We use it on top of next-generation antivirus. It works very well. Very occasionally, Huntress can miss something, but AV catches it. The combination of these two gives me more effective protection than anyone individually.

It catches things that no one else catches. We occasionally have things slip through antivirus and other things, but Huntress catches them. It is awesome as an additional layer of defense on top of other things.

It is very easy to use. You install it, and then it does its thing, and it tells you when it needs you to do something. It does what it says on the box.

It is a good solution for the SMB market. When you get to the enterprise level, there are other solutions that can do similar things with other enterprise-type price points, but for up to mid-market, and even small enterprises, it is a very good bang for your buck. You can also use Huntress for big enterprises.

I would like the API to be a little bit better. They are getting there.

It has been about six years.

I have not had any issues related to stability.

It scales just fine.

I have contacted their technical support, and it has gone very well. They are very responsive. They provide good answers to the questions that you ask. It is not like they are just on a script. They actually care, and they are actually doing the research and reading your messages and not just sending you standard responses. I would rate them a ten out of ten.

Positive

We were just using an AV. We had Bitdefender.

I was involved in its initial deployment. It is a SaaS application with an agent that you push down. We just push the agent down via our RMM tool. It was easy.

We did it ourselves. There was just one person required. I just pushed it via a tool I already had. It took a couple of hours to roll it out everywhere.

In terms of maintenance, you occasionally get agents that stop checking in, but it is very rare. They send notifications about them, and we deal with them.

It is fair. They provide good value for the product that they deliver. I have had one price increase in the entire time I have used them. They added a bunch of features and then said that they have to increase our price a little bit. That is a fair way to handle it.

We did not evaluate other options. There were no other alternatives when Huntress came out. They are still the best at what they do.

I would rate Huntress a ten out of ten.

It integrates seamlessly with RMM, making it easy to roll out and use. Many fixes are automated, so you can approve them and let the system handle them, avoiding the need to go through individual steps. If something serious comes up, they proactively make phone calls and lock things down in advance. It simplifies my job rather than adding it.

It has improved my organization by making things easier.

After deployment, it takes some time to scan and process everything. Huntress has effectively flagged issues such as password files on desktops, which it identifies as low-level alerts. It also handles more significant threats effectively. The system runs in the background and uses sample files to detect ransomware attacks quickly. If an attack occurs, Huntress can isolate the affected machine promptly. We noticed benefits and problem-solving capabilities within the first week.

I had been requesting Huntress support for macOS for a while, and they recently rolled it out, making it generally available within two months. Having a regular support line would be good.

I have been using Huntress for a year and a half or two.

There are no issues with stability.

This solution is used by 400 machines. It scales independently. When we add clients to our RMM, the script runs every night and automatically adds Huntress to the new clients and their machines.

Support was quick. They made it easy for us to get assistance when needed. They responded promptly to our inquiries about upcoming products and provided timely support to get things rolling. We were tweaking our scripts, and they directed us to their repository of scripts and resources. When I encountered an issue, they suggested hopping on a call to walk me through it rather than just relying on chat. They resolved the issue relatively quickly.

Positive

Huntress provided ease of use and a lower spend. The sales team was supportive throughout the process, not just during the initial setup. They helped with scripting and ensured we were fully operational before stepping back, which made things much easier for me.

The pricing is great.

Their minimum spend is quite low, unlike some vendors that require $500 or $1,000 a month. It's around $50, so you can start with just a few clients if you're new or scale up if you're larger. Their products integrate well with our existing systems and perform effectively.

I’ve worked with some vendors whose implementations were so complex that managing the solution required almost a full-time person. In contrast, Huntress was straightforward to deploy. You set a few permissions, and then it just runs in the background. This simplified things and made managing the software much easier.

Huntress is largely set-it-and-forget-it. The only real maintenance involves handling remediation for attacked machines rather than ongoing upkeep. The recent addition of Mac support required a new script.

Overall, I rate the solution a ten out of ten.

We are a Managed Service Provider. We use the solution to offer extra protection to customer machines. 

Huntress helps us replace traditional antivirus solutions with an EDR. I like how easy it is to use and deploy. Support is good- they've responded quickly when I've had issues. I like it a lot so far. It reports valuable information and filters out things I don't need to know.

The solution is easy to learn. I like the scanning it does for M365. We use Datto RMM for remote machine support. Huntress has a built-in component for Datto RMM that we can deploy immediately. I can push Huntress out to machines in about eight minutes. It does what it's supposed to do, which is amazing.

The tool is suitable for small to medium businesses. It monitors everything going on with their machines and their Microsoft 365 tenant if they have one. Even if they don't have their IT department, it can help flag issues.

The main benefit our customers see is the additional security Huntress provides. We've found that it reports many password files people save on their machines. For example, it might find a Word document full of passwords on someone's desktop. Just highlighting that this is happening is a valuable part of the service.

Previously, I had to go through all the alerts myself and figure out what was important and what wasn't. Now, my time is freed up to deal with the important alerts. I don't have to spend time finding what's important - it's already right before me.

It highlights when new mailbox rules are created in Microsoft 365, which helps us spot breached accounts. It also finds valuable password files on machines. This is one of the biggest security risks—if someone gets into a machine and finds a password file on the desktop, they can easily access things they shouldn't.

We could see the solution's benefits from the very first minute of its deployment. 

I'd like it if Huntress could scan for software that's out of date or has open vulnerabilities. That would be useful for us. Scanning for vulnerable software would be helpful. Also, we've set it up to create a ticket in our ticketing system when there's an alert. It would be nice if closing that ticket would also close the Huntress alert. It doesn't do that right now, but they're working on adding that feature.

I have been working with the product for a few months. We are a new customer. 

I haven't experienced any downtime. 

My company has around 1300 endpoints. The solution is scalable. 

We previously used SonicWall Capture Client for EDR. But it's not the same thing as Huntress. I don't think I could compare them. I'd say that Huntress is completely new in how we use it.

Since we use Datto RMM, we just had to add their components and a secret key from our Huntress site. Then, when we deploy the agent, it communicates with the Huntress site, and all endpoints appear there. The whole process takes around 15 minutes.

It's not difficult to maintain. I've set it up so that if a machine hasn't reported to Huntress in 30 days, it automatically removes itself from our site. So, it maintains itself. I've also set up a recurring job to check that it's installed on all the machines it should be on.

We did the deployment in-house. 

The solution is cheap compared to other alternatives. It offers good value for money. For the whole solution, it's up to about five pounds per device per month. Considering what it does, I think that's very good value.

We evaluated Seceon and eSentire. We chose Huntress because it was easy to deploy and does what we need it to do. eSentire seemed more hands-off, but with Huntress, we can handle the problems it flags ourselves. Seceon was hard to set up. 

If you are unsure about the solution, try to get a trial and see what it does. I rate it a ten out of ten. 

This is the tool that we use to keep our devices, the endpoints, protected.

In the beginning, we were using two antiviruses. The first one was Webroot, and the other was Huntress. At that time, we noticed that Huntress was not compatible with iOS devices, with Macs, so we used both services - Webroot for Macs and Huntress for Windows. 

I feel very protected. I feel really good having Huntress on my computers. There are certain antiviruses we installed before that basically would never detect anything. I also had a ransomware case when a client used a different antivirus. With Huntress, I've never suffered any attacks. 

The antivirus protection is very good. With other antiviruses, when you scan the computer, it shows you what was found. However, for Huntress, they don't just show you the threats—they also give you recommendations. There's a simple button you can click to apply the remediation. You don't need to go and do it manually for the most part. 

It's pretty straightforward to use. You don't need to spend a lot of time troubleshooting the alerts, and its ease of use is great. I'd rate usability nine out of ten.

Huntress is a really good choice for small and medium-sized businesses since it's pretty easy to use and doesn't consume too many resources. In the past, we had some issues, for example, with Webroot. There were certain situations when, for some reason, WebRTC consumed a lot of resources, and that was a pain for the clients. We never had this kind of issue with Huntress. 

It's pretty easy to install and deploy. It has a lot of reports. The way they show the reports is pretty good and easy to understand for the client. In the past, when clients received reports, they did not understand. We don't have to explain Huntress reporting. 

We saw the benefits of Huntress pretty quickly. Once it started detecting threats, it was great. When I first started using Huntress, I started comparing it to other solutions were using, and I could see how beneficial Huntress was. For example, you can see what it's doing, and also you can see when it's complete in real-time. 

The solution is fully managed by Huntress 24/7, which reduces our workload when managing and triaging alerts. It's a great feature. 

Huntress can remediate low-severity threats automatically and take certain actions automatically. For example, if the antivirus detects ransomware, it isolates the computer automatically. I don't need to do anything. I received only the alert that said the computer was isolated. Then, I usually need to check the logs and see if I need to do something manually or something similar.

Huntress helped to reduce the need for expensive security tools or higher expensive security analysts. In fact, we had conversations on how to reduce costs as an MSP. They reviewed the number of seats we have, and they offered us a new plan with better with less cost.

Not every time, but sometimes when we click on the remediation, the auto-resolution of the alert, the screen gets stuck, and I need to contact support so they can confirm the remediation was applied, and they have to close the ticket.

Maybe they can add a way to remove unresponsive agents. For example, if I have a client with ten devices, and I deploy Huntress in those ten devices, and for some reason, one device has maybe two or three months offline or not running, maybe they can add automation to remove the agent after a certain amount of time. That way, I will not be paying for a device that has been offline. We do have audits to avoid this. However, it would be useful if the process was automated. 

In the beginning, we used other antiviruses. If you install SentinelOne or WebRoot, if you check the device, you will see Huntress is installed, however, you will see it is not doing anything since he other antivirus is installed.

I know that Huntress has a beta version for Macs, so it is not fully deployed or released. We're waiting for the final version to use it on our Macs. 

I've used the solution for four years. 

I'd rate the stability eight out of ten. Most of the time, it's working fine. I'd just like it to be fully compatible with all of our OS. For example, we've had clients that use a special version of Windows for a POS, and Huntress isn't fully compatible. 

I've never had issues with the scalability. 

Not all antiviruses have 24/7 support or management. There are some cases where I read the logs, and I have to contact Huntress support, and they are always available. I never wait more than maybe ten minutes to get support. They always help me with the issue without problems. They are always giving me solutions.

This is the best support I have used. 

Positive

We have also used WebRoot. Huntress is better as the support team is great and I have less issues with the solution. I've had trouble installing and uninstalling WebRoot.

We always install Datto RMM first manually. Then, we share the link with the client. They install Datto RMM, and then we use that to deploy Hunteress. It's pretty simple. It only takes a few minutes to install. A single technician can deploy the solution. 

The pricing is a little bit high. However, I understand the service is better. They offer different plans according to tiers. If you have more devices, you get better pricing. 

We're an MSP and have a lot of relationships with many vendors. 

I'd rate Huntress nine out of ten.

I'd recommend users give Huntress a chance. The MSP portal is free to use and it has a lot of integrations.

We use Huntress for both endpoint threat hunting and as an EDR solution. It helps us manage Microsoft Defender.

We realized the benefits of Huntress almost immediately after deployment. It became evident during the Exchange zero-day incident when Huntress promptly alerted us about affected customers still using on-premise Exchange, allowing us to respond swiftly.

What I like most about Huntress isn't just a specific feature, but how the company operates. It is incredibly efficient for our engineering team because it provides all the information needed to fix issues, not just flag them. It gives me peace of mind knowing our systems are in good hands.

One area for improvement in Huntress would be to allow for PSA integration from a specific IP address or hostname for better security measures.

I have been using Huntress for about two years.

I have not had any stability issues with Huntress.

We haven't faced any scalability issues with Huntress. We have deployed it across thousands of endpoints for all of our customers without any problems, and the platform remains usable and responsive.

Before Huntress, we relied solely on traditional antivirus software without threat-hunting capabilities. 

Huntress is one of the easiest solutions we have ever deployed. The improvement in our organization's security was immediate after deployment. It is a cloud platform deployed on-premises or in our private cloud. The deployment process was straightforward and could have been completed for our entire customer base in about 60 minutes if done all at once.

Huntress is very self-sufficient and requires minimal maintenance after deployment. It automatically upgrades itself and is well-designed to handle any issues without needing manual intervention.

We handled the deployment in-house with just one person.

The pricing and licensing model for Huntress is very reasonable and offers great value.

We explored other alternatives before choosing Huntress, but none in the SMB space offered what Huntress did, especially in terms of threat hunting and persistent foothold detection. None came close in terms of cost-effective value either.

When we first adopted Huntress, our main goal was to enhance security for our client banks in the financial services sector. We were attracted to their innovative approach to threat research and detection, and we appreciated the values the company stands for.

Huntress offers exceptional value for SMBs. I can't think of another company that provides such comprehensive cybersecurity solutions for the SMB market.

Having Huntress fully managed 24/7 has been fantastic because every alert comes with useful information, which significantly reduces the workload for our technicians when triaging and managing alerts.

Using Huntress has reduced the need for extensive security tools and expensive security analysts. This was very important to us.

Huntress has significantly improved our overall security. Their approach to making security accessible and affordable for SMBs, like MSPs, has made it easy and inexpensive for us to implement effective security measures internally.

For new users, I would advise understanding the potential output of Huntress so that you can interpret the reports effectively. Be mindful of all the information it provides, including unexpected findings like exposed passwords, and be prepared to address them appropriately.

Overall, I would rate Huntress as a nine out of ten.

We use Huntress to monitor our internal and customer systems for security vulnerabilities.

We chose Huntress for its 24/7 managed detection and response services.

Huntress is deployed entirely in the cloud. We use the Huntress portal to manage it and our RMM tool to distribute the agent to our devices.

Huntress is a great option for the SMB market. It's competitively priced and offers good value for the money, making it one of the most cost-effective security solutions available. Its team is highly qualified and delivers a quality product at a price point that fits the SMB budget. Enterprise tools can often be overly complex or expensive, and Huntress effectively addresses both of these concerns.

It's extremely easy overall. We deploy the agent and it takes care of the rest.

Huntress enhances visibility into endpoint activity by monitoring running processes. It employs a 24/7 human response team to analyze alerts from both the Huntress agent and Windows Defender Endpoint Protection. This team can then choose to isolate suspicious activity and limit its impact if deemed malicious, or escalate the case for further investigation.

Some endpoint protection solutions may miss early warning signs of suspicious activity, such as unusual system behavior or potential footholds for attackers. This is often the case when deploying such solutions to new customers. However, it's important to remember that malicious activity doesn't happen every day in every environment. So, for some customers, its value might not be immediately apparent. It might take a few years before a serious incident occurs, highlighting the need for Huntress' detection and response capabilities. Therefore, the timeframe to see the benefits of Huntress can vary greatly.

The fully managed service has certainly reduced the effort needed for handling alerts from endpoint protection solutions like Windows Defender. Eliminating the need to deal with false positives has been a significant benefit, greatly reducing our team's workload. Additionally, the SOC within the service effectively handles after-hours issues, minimizing the impact on our on-call staff.

Instead of relying on expensive endpoint protection software, we successfully leveraged the built-in Windows Defender in conjunction with the Huntress agent. This combination, in our opinion, represents a significant improvement over using a potentially more robust but costly solution alone. The key advantage lies in the added human element: Huntress' 24/7 monitoring and endpoint isolation capabilities. This approach has demonstrably improved our security posture. However, it's unclear whether it fully eliminates the need for a high-cost security analyst. While Huntress certainly reduces expenses associated with lower-level resources tasked with the initial triage of false positive alerts, its impact on the role of a specialized security analyst remains to be determined.

It has improved our overall security significantly. It adds another valuable layer of protection and provides greater visibility into endpoint activity. Perhaps the most significant benefit for us is the true 24/7 coverage. While our staff has extended hours, there's a gap overnight when no one is actively monitoring for security incidents. When time is of the essence, as it often is in cyber situations, having someone from Huntress available to instantly respond by isolating threats is invaluable. This service is certainly more cost-effective than attempting to staff our team for round-the-clock coverage.

Our security started improving immediately after deployment. It began searching for pre-existing footholds or remnants of other malware that may not have been fully cleaned up from previous infections. The 24/7 SOC provided instant benefits—knowing we had that extra layer of protection with dedicated experts watching our systems was a reassuring feeling.

The most valuable aspect of Huntress is its 24/7 SOC service. If something suspicious is seen on an endpoint, even in the middle of the night, there is always someone available to react quickly and isolate the endpoint to mitigate the potential spread to others. 

Huntress' Process Insights feature could benefit from more robust search and filtering capabilities. Currently, it's quite basic, offering only a single search bar with limited granularity. Additionally, the data retention period is short, with access restricted to three days. While the SOC team can export a week's worth of data, extending this period to at least thirty days would be highly beneficial.

Overall, we're generally satisfied with the solution. However, deeper integration with other endpoint protection platforms would be valuable. Ideally, Huntress should be able to ingest alerts from systems like CrowdStrike and conduct investigations similar to CrowdStrike's offerings. This would be particularly useful for us as a CrowdStrike partner.

I have been using Huntress for three years.

Last week, we encountered an issue with the Huntress agent. Essentially, there are two components: the core Huntress agent and the Rio agent, added later about a year into our partnership for process insights. While Rio is valuable, we experienced a communication gap regarding its functionality.

If Rio shut down for any reason e.g., computer reboot, or agent update, it wouldn't restart properly, creating a blind spot for the Hunter team as no data was transmitted. This issue emerged within the past two weeks and took a few days for Huntress to identify and resolve.

Overall, the platform is generally stable, but we've faced some bumps in the road. One issue involved unclear communication about agent check-ins, and the other was the recent Rio shutdown problem.

Huntress scales very well. We've grown from approximately 9,000 to 17,000 endpoints, and I haven't encountered any scalability issues.

We're generally very pleased with the technical support. They respond promptly via chat, and if the frontline team can't resolve an issue, they escalate it swiftly. In one instance, their SOC analysts even helped us investigate malicious activity at our endpoints, something that deeply concerned us and our customers. In that situation, they truly went above and beyond to assist us.

Positive

We previously used Webroot, but it was ineffective at stopping the latest ransomware threats. That was the main reason we switched to Huntress. We replaced Webroot with the built-in Windows Defender plus the Huntress agent, and together they proved significantly more effective at stopping those threats than Webroot alone.

The initial deployment was smooth. However, we realized a gap in our internal processes and understanding of how to respond to different alert levels.

Our deployment was rushed due to signing the agreement during the Log4J vulnerability outbreak around Christmas 2020. The widespread threat forced us to prioritize deploying the Huntress agent quickly instead of following a slower, more deliberate approach to replacing Webroot.

Fortunately, the Huntress agent seamlessly integrates with other endpoint protection solutions. This allowed deployment without disrupting existing protection or leaving us vulnerable during the transition.

The additional 24/7 SOC visibility without replacing our current endpoint protection has been immensely valuable. While deployment was simple, we identified the need to refine internal processes and response protocols for different alert levels.

We had a small team, perhaps two or three people, working on the deployment. In all honesty, it could have been done by a single person. Our deployment process is streamlined, and we have a large customer base. As a mid-sized MSP with over two hundred customers at the time, we had the manpower to spare. However, thanks to scripting and RMM tools, even a single individual could theoretically deploy Huntress to a large number of endpoints with ease.

Being an MSP, we implemented the solution internally.

Huntress is priced fairly for the services and value it provides.

I would rate Huntress nine out of ten.

Our team occasionally uses the automatic remediation feature for low-severity threats, but we don't heavily rely on it. When it comes to endpoint protection alerts, we prefer a more hands-on approach. Despite using automatic remediation to some extent, the feature's impact on our workload has been minimal.

The biggest maintenance challenge with Huntress is the potential for certain firewalls, especially Fortinet models depending on their enabled features, to block communication from the agent on the endpoint back to the Huntress portal. This blockage isn't apparent from the endpoint itself. While the Huntress page might appear installed and running, the agent might have only checked in initially and stopped sending data. After a month of inactivity, Huntress removes the agent to prevent the portal from becoming overloaded with inactive agents. This creates blind spots in our monitoring, as we remain unaware of the missing data. Addressing this challenge has been difficult, as we rely on our RMM tool for endpoint management and strive to maintain a consistent active list. Continuously comparing this list with the Huntress portal to ensure they match has proven frustrating.

When using Huntress the most crucial aspect is training our internal staff on how to respond to different alert levels. These levels typically fall into three categories: low, high, and critical. It's essential to have a clear action plan or standard operating procedure outlining how our team should handle each alert type. Additionally, basic training on the Huntress portal is recommended. The portal has various pages, modules, and tabs, so familiarizing our staff with navigating and interacting with it is crucial. This includes skills like isolating endpoints, removing isolation if necessary, and utilizing provided remediation tasks or manual remediation if preferred. Implementing these measures will significantly improve our incident response capability.