We use their EDR product essentially to protect the endpoints that we have. It is an additional line of defense in most cases. We have traditional antivirus, and then we layer Huntress on top of it for additional protection.
President at CNWR, INC
Fair price, great support, and catches things that no one else catches
Pros and Cons
- "It catches things that no one else catches. We occasionally have things slip through antivirus and other things, but Huntress catches them. It is awesome as an additional layer of defense on top of other things."
- "I would like the API to be a little better. They are getting there."
What is our primary use case?
How has it helped my organization?
By implementing Huntress, I wanted something that was an additional level of protection on top of the things we were already doing. They offered it for a fair price.
We could realize its benefits immediately because when you install it on a new endpoint, it immediately tells you the bad things that are happening on it. You get it right away.
The solution is fully managed by Huntress 24/7. It has affected our workload. My team has to do less work. They do the work of triaging the issues that come in, and then they just escalate the ones that need to be escalated to me, which saves me time and effort.
For remediation, we have used the remediation button, but we do not have any auto or unattended remediation on because we like to review that. We have unattended isolation on so that they can isolate, but we do not have unattended remediation on.
Huntress has allowed us to hold off the need for an in-house full-time SOC. Eventually, we will get there, but it helps push that off a little further.
We have combined Huntress Managed EDR with other solutions. We use it on top of next-generation antivirus. It works very well. Very occasionally, Huntress can miss something, but AV catches it. The combination of these two gives me more effective protection than anyone individually.
What is most valuable?
It catches things that no one else catches. We occasionally have things slip through antivirus and other things, but Huntress catches them. It is awesome as an additional layer of defense on top of other things.
It is very easy to use. You install it, and then it does its thing, and it tells you when it needs you to do something. It does what it says on the box.
It is a good solution for the SMB market. When you get to the enterprise level, there are other solutions that can do similar things with other enterprise-type price points, but for up to mid-market, and even small enterprises, it is a very good bang for your buck. You can also use Huntress for big enterprises.
What needs improvement?
I would like the API to be a little bit better. They are getting there.
Buyer's Guide
Huntress Managed EDR
November 2024
Learn what your peers think about Huntress Managed EDR. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
817,457 professionals have used our research since 2012.
For how long have I used the solution?
It has been about six years.
What do I think about the stability of the solution?
I have not had any issues related to stability.
What do I think about the scalability of the solution?
It scales just fine.
How are customer service and support?
I have contacted their technical support, and it has gone very well. They are very responsive. They provide good answers to the questions that you ask. It is not like they are just on a script. They actually care, and they are actually doing the research and reading your messages and not just sending you standard responses. I would rate them a ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were just using an AV. We had Bitdefender.
How was the initial setup?
I was involved in its initial deployment. It is a SaaS application with an agent that you push down. We just push the agent down via our RMM tool. It was easy.
What about the implementation team?
We did it ourselves. There was just one person required. I just pushed it via a tool I already had. It took a couple of hours to roll it out everywhere.
In terms of maintenance, you occasionally get agents that stop checking in, but it is very rare. They send notifications about them, and we deal with them.
What's my experience with pricing, setup cost, and licensing?
It is fair. They provide good value for the product that they deliver. I have had one price increase in the entire time I have used them. They added a bunch of features and then said that they have to increase our price a little bit. That is a fair way to handle it.
Which other solutions did I evaluate?
We did not evaluate other options. There were no other alternatives when Huntress came out. They are still the best at what they do.
What other advice do I have?
I would rate Huntress a ten out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
President at I Divide By Zero Technical Services
Integrates seamlessly with RMM, making it easy to roll out and use
Pros and Cons
- "After deployment, it takes some time to scan and process everything. Huntress has effectively flagged issues such as password files on desktops, which it identifies as low-level alerts. It also handles more significant threats effectively."
- "I had been requesting Huntress support for macOS for a while, and they recently rolled it out, making it generally available within two months. Having a regular support line would be good."
What is our primary use case?
It integrates seamlessly with RMM, making it easy to roll out and use. Many fixes are automated, so you can approve them and let the system handle them, avoiding the need to go through individual steps. If something serious comes up, they proactively make phone calls and lock things down in advance. It simplifies my job rather than adding it.
How has it helped my organization?
It has improved my organization by making things easier.
What is most valuable?
After deployment, it takes some time to scan and process everything. Huntress has effectively flagged issues such as password files on desktops, which it identifies as low-level alerts. It also handles more significant threats effectively. The system runs in the background and uses sample files to detect ransomware attacks quickly. If an attack occurs, Huntress can isolate the affected machine promptly. We noticed benefits and problem-solving capabilities within the first week.
What needs improvement?
I had been requesting Huntress support for macOS for a while, and they recently rolled it out, making it generally available within two months. Having a regular support line would be good.
For how long have I used the solution?
I have been using Huntress for a year and a half or two.
What do I think about the stability of the solution?
There are no issues with stability.
What do I think about the scalability of the solution?
This solution is used by 400 machines. It scales independently. When we add clients to our RMM, the script runs every night and automatically adds Huntress to the new clients and their machines.
How are customer service and support?
Support was quick. They made it easy for us to get assistance when needed. They responded promptly to our inquiries about upcoming products and provided timely support to get things rolling. We were tweaking our scripts, and they directed us to their repository of scripts and resources. When I encountered an issue, they suggested hopping on a call to walk me through it rather than just relying on chat. They resolved the issue relatively quickly.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Huntress provided ease of use and a lower spend. The sales team was supportive throughout the process, not just during the initial setup. They helped with scripting and ensured we were fully operational before stepping back, which made things much easier for me.
How was the initial setup?
What's my experience with pricing, setup cost, and licensing?
The pricing is great.
What other advice do I have?
Their minimum spend is quite low, unlike some vendors that require $500 or $1,000 a month. It's around $50, so you can start with just a few clients if you're new or scale up if you're larger. Their products integrate well with our existing systems and perform effectively.
I’ve worked with some vendors whose implementations were so complex that managing the solution required almost a full-time person. In contrast, Huntress was straightforward to deploy. You set a few permissions, and then it just runs in the background. This simplified things and made managing the software much easier.
Huntress is largely set-it-and-forget-it. The only real maintenance involves handling remediation for attacked machines rather than ongoing upkeep. The recent addition of Mac support required a new script.
Overall, I rate the solution a ten out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: MSP
Last updated: Sep 2, 2024
Flag as inappropriateBuyer's Guide
Huntress Managed EDR
November 2024
Learn what your peers think about Huntress Managed EDR. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
817,457 professionals have used our research since 2012.
Cyber Security Engineer at Apex Computing Services Ltd
Finds password files and offers extra protection to customer machines
Pros and Cons
- "Huntress helps us replace traditional antivirus solutions with an EDR. I like how easy it is to use and deploy. Support is good- they've responded quickly when I've had issues. I like it a lot so far. It reports valuable information and filters out things I don't need to know."
- "I'd like it if Huntress could scan for software that's out of date or has open vulnerabilities. That would be useful for us. Scanning for vulnerable software would be helpful. Also, we've set it up to create a ticket in our ticketing system when there's an alert. It would be nice if closing that ticket would also close the Huntress alert. It doesn't do that right now, but they're working on adding that feature."
What is our primary use case?
We are a Managed Service Provider. We use the solution to offer extra protection to customer machines.
What is most valuable?
Huntress helps us replace traditional antivirus solutions with an EDR. I like how easy it is to use and deploy. Support is good- they've responded quickly when I've had issues. I like it a lot so far. It reports valuable information and filters out things I don't need to know.
The solution is easy to learn. I like the scanning it does for M365. We use Datto RMM for remote machine support. Huntress has a built-in component for Datto RMM that we can deploy immediately. I can push Huntress out to machines in about eight minutes. It does what it's supposed to do, which is amazing.
The tool is suitable for small to medium businesses. It monitors everything going on with their machines and their Microsoft 365 tenant if they have one. Even if they don't have their IT department, it can help flag issues.
The main benefit our customers see is the additional security Huntress provides. We've found that it reports many password files people save on their machines. For example, it might find a Word document full of passwords on someone's desktop. Just highlighting that this is happening is a valuable part of the service.
Previously, I had to go through all the alerts myself and figure out what was important and what wasn't. Now, my time is freed up to deal with the important alerts. I don't have to spend time finding what's important - it's already right before me.
It highlights when new mailbox rules are created in Microsoft 365, which helps us spot breached accounts. It also finds valuable password files on machines. This is one of the biggest security risks—if someone gets into a machine and finds a password file on the desktop, they can easily access things they shouldn't.
We could see the solution's benefits from the very first minute of its deployment.
What needs improvement?
I'd like it if Huntress could scan for software that's out of date or has open vulnerabilities. That would be useful for us. Scanning for vulnerable software would be helpful. Also, we've set it up to create a ticket in our ticketing system when there's an alert. It would be nice if closing that ticket would also close the Huntress alert. It doesn't do that right now, but they're working on adding that feature.
For how long have I used the solution?
I have been working with the product for a few months. We are a new customer.
What do I think about the stability of the solution?
I haven't experienced any downtime.
What do I think about the scalability of the solution?
My company has around 1300 endpoints. The solution is scalable.
Which solution did I use previously and why did I switch?
We previously used SonicWall Capture Client for EDR. But it's not the same thing as Huntress. I don't think I could compare them. I'd say that Huntress is completely new in how we use it.
How was the initial setup?
Since we use Datto RMM, we just had to add their components and a secret key from our Huntress site. Then, when we deploy the agent, it communicates with the Huntress site, and all endpoints appear there. The whole process takes around 15 minutes.
It's not difficult to maintain. I've set it up so that if a machine hasn't reported to Huntress in 30 days, it automatically removes itself from our site. So, it maintains itself. I've also set up a recurring job to check that it's installed on all the machines it should be on.
What about the implementation team?
We did the deployment in-house.
What's my experience with pricing, setup cost, and licensing?
The solution is cheap compared to other alternatives. It offers good value for money. For the whole solution, it's up to about five pounds per device per month. Considering what it does, I think that's very good value.
Which other solutions did I evaluate?
We evaluated Seceon and eSentire. We chose Huntress because it was easy to deploy and does what we need it to do. eSentire seemed more hands-off, but with Huntress, we can handle the problems it flags ourselves. Seceon was hard to set up.
What other advice do I have?
If you are unsure about the solution, try to get a trial and see what it does. I rate it a ten out of ten.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
Last updated: Jul 14, 2024
Flag as inappropriateApplication Compliance Manager at SOS Support
Helped to reduce the need for expensive security tools or higher expensive security analysts
Pros and Cons
- "We saw the benefits of Huntress pretty quickly. Once it started detecting threats, it was great."
- "Not every time, but sometimes when we click on the remediation, the auto-resolution of the alert, the screen gets stuck, and I need to contact support so they can confirm the remediation was applied, and they have to close the ticket."
What is our primary use case?
This is the tool that we use to keep our devices, the endpoints, protected.
How has it helped my organization?
In the beginning, we were using two antiviruses. The first one was Webroot, and the other was Huntress. At that time, we noticed that Huntress was not compatible with iOS devices, with Macs, so we used both services - Webroot for Macs and Huntress for Windows.
I feel very protected. I feel really good having Huntress on my computers. There are certain antiviruses we installed before that basically would never detect anything. I also had a ransomware case when a client used a different antivirus. With Huntress, I've never suffered any attacks.
What is most valuable?
The antivirus protection is very good. With other antiviruses, when you scan the computer, it shows you what was found. However, for Huntress, they don't just show you the threats—they also give you recommendations. There's a simple button you can click to apply the remediation. You don't need to go and do it manually for the most part.
It's pretty straightforward to use. You don't need to spend a lot of time troubleshooting the alerts, and its ease of use is great. I'd rate usability nine out of ten.
Huntress is a really good choice for small and medium-sized businesses since it's pretty easy to use and doesn't consume too many resources. In the past, we had some issues, for example, with Webroot. There were certain situations when, for some reason, WebRTC consumed a lot of resources, and that was a pain for the clients. We never had this kind of issue with Huntress.
It's pretty easy to install and deploy. It has a lot of reports. The way they show the reports is pretty good and easy to understand for the client. In the past, when clients received reports, they did not understand. We don't have to explain Huntress reporting.
We saw the benefits of Huntress pretty quickly. Once it started detecting threats, it was great. When I first started using Huntress, I started comparing it to other solutions were using, and I could see how beneficial Huntress was. For example, you can see what it's doing, and also you can see when it's complete in real-time.
The solution is fully managed by Huntress 24/7, which reduces our workload when managing and triaging alerts. It's a great feature.
Huntress can remediate low-severity threats automatically and take certain actions automatically. For example, if the antivirus detects ransomware, it isolates the computer automatically. I don't need to do anything. I received only the alert that said the computer was isolated. Then, I usually need to check the logs and see if I need to do something manually or something similar.
Huntress helped to reduce the need for expensive security tools or higher expensive security analysts. In fact, we had conversations on how to reduce costs as an MSP. They reviewed the number of seats we have, and they offered us a new plan with better with less cost.
What needs improvement?
Not every time, but sometimes when we click on the remediation, the auto-resolution of the alert, the screen gets stuck, and I need to contact support so they can confirm the remediation was applied, and they have to close the ticket.
Maybe they can add a way to remove unresponsive agents. For example, if I have a client with ten devices, and I deploy Huntress in those ten devices, and for some reason, one device has maybe two or three months offline or not running, maybe they can add automation to remove the agent after a certain amount of time. That way, I will not be paying for a device that has been offline. We do have audits to avoid this. However, it would be useful if the process was automated.
In the beginning, we used other antiviruses. If you install SentinelOne or WebRoot, if you check the device, you will see Huntress is installed, however, you will see it is not doing anything since he other antivirus is installed.
I know that Huntress has a beta version for Macs, so it is not fully deployed or released. We're waiting for the final version to use it on our Macs.
For how long have I used the solution?
I've used the solution for four years.
What do I think about the stability of the solution?
I'd rate the stability eight out of ten. Most of the time, it's working fine. I'd just like it to be fully compatible with all of our OS. For example, we've had clients that use a special version of Windows for a POS, and Huntress isn't fully compatible.
What do I think about the scalability of the solution?
I've never had issues with the scalability.
How are customer service and support?
Not all antiviruses have 24/7 support or management. There are some cases where I read the logs, and I have to contact Huntress support, and they are always available. I never wait more than maybe ten minutes to get support. They always help me with the issue without problems. They are always giving me solutions.
This is the best support I have used.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have also used WebRoot. Huntress is better as the support team is great and I have less issues with the solution. I've had trouble installing and uninstalling WebRoot.
How was the initial setup?
We always install Datto RMM first manually. Then, we share the link with the client. They install Datto RMM, and then we use that to deploy Hunteress. It's pretty simple. It only takes a few minutes to install. A single technician can deploy the solution.
What's my experience with pricing, setup cost, and licensing?
The pricing is a little bit high. However, I understand the service is better. They offer different plans according to tiers. If you have more devices, you get better pricing.
What other advice do I have?
We're an MSP and have a lot of relationships with many vendors.
I'd rate Huntress nine out of ten.
I'd recommend users give Huntress a chance. The MSP portal is free to use and it has a lot of integrations.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
Last updated: Aug 4, 2024
Flag as inappropriateCEO at a computer software company with 11-50 employees
Significantly improves our overall security and offers reasonable pricing and great value
Pros and Cons
- "It is incredibly efficient for our engineering team because Huntress provides all the information needed to fix issues, not just flag them."
- "One area for improvement in Huntress would be to allow for PSA integration from a specific IP address or hostname for better security measures."
What is our primary use case?
We use Huntress for both endpoint threat hunting and as an EDR solution. It helps us manage Microsoft Defender.
How has it helped my organization?
We realized the benefits of Huntress almost immediately after deployment. It became evident during the Exchange zero-day incident when Huntress promptly alerted us about affected customers still using on-premise Exchange, allowing us to respond swiftly.
What is most valuable?
What I like most about Huntress isn't just a specific feature, but how the company operates. It is incredibly efficient for our engineering team because it provides all the information needed to fix issues, not just flag them. It gives me peace of mind knowing our systems are in good hands.
What needs improvement?
One area for improvement in Huntress would be to allow for PSA integration from a specific IP address or hostname for better security measures.
For how long have I used the solution?
I have been using Huntress for about two years.
What do I think about the stability of the solution?
I have not had any stability issues with Huntress.
What do I think about the scalability of the solution?
We haven't faced any scalability issues with Huntress. We have deployed it across thousands of endpoints for all of our customers without any problems, and the platform remains usable and responsive.
Which solution did I use previously and why did I switch?
Before Huntress, we relied solely on traditional antivirus software without threat-hunting capabilities.
How was the initial setup?
Huntress is one of the easiest solutions we have ever deployed. The improvement in our organization's security was immediate after deployment. It is a cloud platform deployed on-premises or in our private cloud. The deployment process was straightforward and could have been completed for our entire customer base in about 60 minutes if done all at once.
Huntress is very self-sufficient and requires minimal maintenance after deployment. It automatically upgrades itself and is well-designed to handle any issues without needing manual intervention.
What about the implementation team?
We handled the deployment in-house with just one person.
What's my experience with pricing, setup cost, and licensing?
The pricing and licensing model for Huntress is very reasonable and offers great value.
Which other solutions did I evaluate?
We explored other alternatives before choosing Huntress, but none in the SMB space offered what Huntress did, especially in terms of threat hunting and persistent foothold detection. None came close in terms of cost-effective value either.
What other advice do I have?
When we first adopted Huntress, our main goal was to enhance security for our client banks in the financial services sector. We were attracted to their innovative approach to threat research and detection, and we appreciated the values the company stands for.
Huntress offers exceptional value for SMBs. I can't think of another company that provides such comprehensive cybersecurity solutions for the SMB market.
Having Huntress fully managed 24/7 has been fantastic because every alert comes with useful information, which significantly reduces the workload for our technicians when triaging and managing alerts.
Using Huntress has reduced the need for extensive security tools and expensive security analysts. This was very important to us.
Huntress has significantly improved our overall security. Their approach to making security accessible and affordable for SMBs, like MSPs, has made it easy and inexpensive for us to implement effective security measures internally.
For new users, I would advise understanding the potential output of Huntress so that you can interpret the reports effectively. Be mindful of all the information it provides, including unexpected findings like exposed passwords, and be prepared to address them appropriately.
Overall, I would rate Huntress as a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP Reseller
Chief Security Officer at a computer software company with 51-200 employees
A great option for the SMB market, enhances visibility into endpoint activity, and reduces the effort needed for handling alerts
Pros and Cons
- "The most valuable aspect of Huntress is its 24/7 SOC service."
- "Huntress' Process Insights feature could benefit from more robust search and filtering capabilities."
What is our primary use case?
We use Huntress to monitor our internal and customer systems for security vulnerabilities.
We chose Huntress for its 24/7 managed detection and response services.
Huntress is deployed entirely in the cloud. We use the Huntress portal to manage it and our RMM tool to distribute the agent to our devices.
How has it helped my organization?
Huntress is a great option for the SMB market. It's competitively priced and offers good value for the money, making it one of the most cost-effective security solutions available. Its team is highly qualified and delivers a quality product at a price point that fits the SMB budget. Enterprise tools can often be overly complex or expensive, and Huntress effectively addresses both of these concerns.
It's extremely easy overall. We deploy the agent and it takes care of the rest.
Huntress enhances visibility into endpoint activity by monitoring running processes. It employs a 24/7 human response team to analyze alerts from both the Huntress agent and Windows Defender Endpoint Protection. This team can then choose to isolate suspicious activity and limit its impact if deemed malicious, or escalate the case for further investigation.
Some endpoint protection solutions may miss early warning signs of suspicious activity, such as unusual system behavior or potential footholds for attackers. This is often the case when deploying such solutions to new customers. However, it's important to remember that malicious activity doesn't happen every day in every environment. So, for some customers, its value might not be immediately apparent. It might take a few years before a serious incident occurs, highlighting the need for Huntress' detection and response capabilities. Therefore, the timeframe to see the benefits of Huntress can vary greatly.
The fully managed service has certainly reduced the effort needed for handling alerts from endpoint protection solutions like Windows Defender. Eliminating the need to deal with false positives has been a significant benefit, greatly reducing our team's workload. Additionally, the SOC within the service effectively handles after-hours issues, minimizing the impact on our on-call staff.
Instead of relying on expensive endpoint protection software, we successfully leveraged the built-in Windows Defender in conjunction with the Huntress agent. This combination, in our opinion, represents a significant improvement over using a potentially more robust but costly solution alone. The key advantage lies in the added human element: Huntress' 24/7 monitoring and endpoint isolation capabilities. This approach has demonstrably improved our security posture. However, it's unclear whether it fully eliminates the need for a high-cost security analyst. While Huntress certainly reduces expenses associated with lower-level resources tasked with the initial triage of false positive alerts, its impact on the role of a specialized security analyst remains to be determined.
It has improved our overall security significantly. It adds another valuable layer of protection and provides greater visibility into endpoint activity. Perhaps the most significant benefit for us is the true 24/7 coverage. While our staff has extended hours, there's a gap overnight when no one is actively monitoring for security incidents. When time is of the essence, as it often is in cyber situations, having someone from Huntress available to instantly respond by isolating threats is invaluable. This service is certainly more cost-effective than attempting to staff our team for round-the-clock coverage.
Our security started improving immediately after deployment. It began searching for pre-existing footholds or remnants of other malware that may not have been fully cleaned up from previous infections. The 24/7 SOC provided instant benefits—knowing we had that extra layer of protection with dedicated experts watching our systems was a reassuring feeling.
What is most valuable?
The most valuable aspect of Huntress is its 24/7 SOC service. If something suspicious is seen on an endpoint, even in the middle of the night, there is always someone available to react quickly and isolate the endpoint to mitigate the potential spread to others.
What needs improvement?
Huntress' Process Insights feature could benefit from more robust search and filtering capabilities. Currently, it's quite basic, offering only a single search bar with limited granularity. Additionally, the data retention period is short, with access restricted to three days. While the SOC team can export a week's worth of data, extending this period to at least thirty days would be highly beneficial.
Overall, we're generally satisfied with the solution. However, deeper integration with other endpoint protection platforms would be valuable. Ideally, Huntress should be able to ingest alerts from systems like CrowdStrike and conduct investigations similar to CrowdStrike's offerings. This would be particularly useful for us as a CrowdStrike partner.
For how long have I used the solution?
I have been using Huntress for three years.
What do I think about the stability of the solution?
Last week, we encountered an issue with the Huntress agent. Essentially, there are two components: the core Huntress agent and the Rio agent, added later about a year into our partnership for process insights. While Rio is valuable, we experienced a communication gap regarding its functionality.
If Rio shut down for any reason e.g., computer reboot, or agent update, it wouldn't restart properly, creating a blind spot for the Hunter team as no data was transmitted. This issue emerged within the past two weeks and took a few days for Huntress to identify and resolve.
Overall, the platform is generally stable, but we've faced some bumps in the road. One issue involved unclear communication about agent check-ins, and the other was the recent Rio shutdown problem.
What do I think about the scalability of the solution?
Huntress scales very well. We've grown from approximately 9,000 to 17,000 endpoints, and I haven't encountered any scalability issues.
How are customer service and support?
We're generally very pleased with the technical support. They respond promptly via chat, and if the frontline team can't resolve an issue, they escalate it swiftly. In one instance, their SOC analysts even helped us investigate malicious activity at our endpoints, something that deeply concerned us and our customers. In that situation, they truly went above and beyond to assist us.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used Webroot, but it was ineffective at stopping the latest ransomware threats. That was the main reason we switched to Huntress. We replaced Webroot with the built-in Windows Defender plus the Huntress agent, and together they proved significantly more effective at stopping those threats than Webroot alone.
How was the initial setup?
The initial deployment was smooth. However, we realized a gap in our internal processes and understanding of how to respond to different alert levels.
Our deployment was rushed due to signing the agreement during the Log4J vulnerability outbreak around Christmas 2020. The widespread threat forced us to prioritize deploying the Huntress agent quickly instead of following a slower, more deliberate approach to replacing Webroot.
Fortunately, the Huntress agent seamlessly integrates with other endpoint protection solutions. This allowed deployment without disrupting existing protection or leaving us vulnerable during the transition.
The additional 24/7 SOC visibility without replacing our current endpoint protection has been immensely valuable. While deployment was simple, we identified the need to refine internal processes and response protocols for different alert levels.
We had a small team, perhaps two or three people, working on the deployment. In all honesty, it could have been done by a single person. Our deployment process is streamlined, and we have a large customer base. As a mid-sized MSP with over two hundred customers at the time, we had the manpower to spare. However, thanks to scripting and RMM tools, even a single individual could theoretically deploy Huntress to a large number of endpoints with ease.
What about the implementation team?
Being an MSP, we implemented the solution internally.
What's my experience with pricing, setup cost, and licensing?
Huntress is priced fairly for the services and value it provides.
What other advice do I have?
I would rate Huntress nine out of ten.
Our team occasionally uses the automatic remediation feature for low-severity threats, but we don't heavily rely on it. When it comes to endpoint protection alerts, we prefer a more hands-on approach. Despite using automatic remediation to some extent, the feature's impact on our workload has been minimal.
The biggest maintenance challenge with Huntress is the potential for certain firewalls, especially Fortinet models depending on their enabled features, to block communication from the agent on the endpoint back to the Huntress portal. This blockage isn't apparent from the endpoint itself. While the Huntress page might appear installed and running, the agent might have only checked in initially and stopped sending data. After a month of inactivity, Huntress removes the agent to prevent the portal from becoming overloaded with inactive agents. This creates blind spots in our monitoring, as we remain unaware of the missing data. Addressing this challenge has been difficult, as we rely on our RMM tool for endpoint management and strive to maintain a consistent active list. Continuously comparing this list with the Huntress portal to ensure they match has proven frustrating.
When using Huntress the most crucial aspect is training our internal staff on how to respond to different alert levels. These levels typically fall into three categories: low, high, and critical. It's essential to have a clear action plan or standard operating procedure outlining how our team should handle each alert type. Additionally, basic training on the Huntress portal is recommended. The portal has various pages, modules, and tabs, so familiarizing our staff with navigating and interacting with it is crucial. This includes skills like isolating endpoints, removing isolation if necessary, and utilizing provided remediation tasks or manual remediation if preferred. Implementing these measures will significantly improve our incident response capability.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
Director of Techology at a tech services company with 11-50 employees
Fully managed, reasonable price, and excellent support
Pros and Cons
- "The EDR product is simple to install. It is low maintenance. All the alerts go to Huntress first, and their analyst team reviews them and sends actionable things our way."
- "I am anxiously watching to see how they evolve their MDR for Office 365. If anything, I would like more automated remediation capabilities in their MDR for Office 365."
What is our primary use case?
We started out using their PC agent, their EDR product, and we deployed that at our office and for all of our customers. We also use their analyst team to keep an eye on things.
Last year in November, we started using their security awareness training product, and I am in the process of trialing their new MDR for the Office 365 product.
How has it helped my organization?
The agent deployment process is simple. You can do it manually. They pre-write scripts for various tools to install. You can install them with RMM or via PowerShell. They give you lots of ways to get their agent installed. You can even do it manually, which is very quick. We have it automated, so it just gets pushed out to every new PC we deploy. It works on almost everything that we need it to work on.
Their SAT product is simple. They have a great way of connecting you to Office 365. In most of our cases, they can automatically pick the phishing type email for the month. The security awareness training they provide is based on what they are seeing out in the real world. They call those Huntress Managed, and their security analysts decide what threats they are seeing this month and make a phishing test or an SAT course based on what they are seeing, which is great. With a lot of other security awareness training products, it takes a considerable amount of time to go in and design the email, pick the course, follow it through, and make sure that people are doing it. Huntress has a lot of that dialed in where we just set it and start it. If somebody fails the phishing test, they automatically get follow-up training. We get a report at the end of the month saying who has completed it and who has not. For the ones who did, we got to know how they did. It cuts a lot of manual time to keep those going month after month.
Huntress is great for small and medium businesses. It is a great tool just about anywhere. We have got it deployed for large organizations and small customers. Insurance requirements are asking for this kind of solution, and Huntress is a great, competitively-priced, feature-rich, and live-human-backed product. When you look at other things and try to put all those pieces into one, it is considerably more expensive, and you do not necessarily get all those things from a single vendor. There is an added headache that goes with that.
In terms of its time to value, I have secondhand knowledge of some of the benefits. We ran it internally, and we used it in point-by-point situations. We were not quite at the point in the early days to just roll it out on all the endpoints we managed, so when there was suspicious activity or something not quite right, we used it to see if it could find something. It did find them in some cases, and in some cases, nothing was found. There were other issues causing performance or other problems with that computer.
We got to a point where they were very active, and they are still very active, in the community. They were very vocal and open about sharing what they saw regarding exploits and breaches. Listening to them talk and seeing how involved they were in trying to raise the entire MSP community, I was sold on their culture. It did not take a lot to go from there to deploying agents on all the machines that we manage.
Our workload has gotten better because they are handling things that my people do not have to handle. Some of what they are doing now, we were not doing before, so I cannot look and say that I flipped the switch and my labor went down by this much. However, we got a lot of benefits that we did not have before. We also have peace of mind.
Huntress has the ability to remediate low-severity threats automatically. It is cool. When they started out and were growing the product and figuring out who and what they wanted to be, they would give a good list of remediation steps. That was another big benefit. When they found something, they gave us the steps to get rid of it on that machine, which was a time saver. Traditionally, when something was found, we had to spend 30 minutes on Google searching how to get rid of it, whereas Huntress gave out the list. Over time, they got more comfortable and decided that they could do this as an opt-in, and now, they can do it automatically. Watching that evolution and being able to say that if something shows up in there, they will remove it is great. We get a report, and we can go to the end user and say, "You had software that should not be there, and we took it off. Do not put it back on because it will be taken off again."
Using Huntress has not reduced the need for security tools, but that is only because I believe in a multi-layered approach and am a security-minded MSP. Huntress, for sure, fills a gap between other products. Even they would not tell you that they are an end-to-end or be-all solution. They are working their way towards it. I will bet you that. What they do and what they handle with their team of security analysts, we were not doing that on our own. The assisted remediation and the fully automated remediation definitely save time.
What is most valuable?
The EDR product is simple to install. It is low maintenance. All the alerts go to Huntress first, and their analyst team reviews them and sends actionable things our way.
They are very good at keeping an eye on persistent threats and pointing out misconfigurations. In some cases, if they get wind of some exploit, they typically use their agent to see if they can identify partners that are at risk. A couple of times, we had an agent on a machine somewhere, and they told us that they saw a new exploit and a specific machine might be vulnerable, and we probably want to check that. We have had cases where the users downloaded something or got an email attachment, and Huntress flagged it and isolated the device before it could spread. It is a handy product. They are a great company to work with.
What needs improvement?
I have not got anything as such. They have already added an agent for Mac. I am anxiously watching to see how they evolve their MDR for Office 365. If anything, I would like more automated remediation capabilities in their MDR for Office 365.
For how long have I used the solution?
I have been using this solution for three and a half years.
What do I think about the stability of the solution?
I have never seen any issues.
What do I think about the scalability of the solution?
If you ask me to deploy another 100 agents, I can do it in five minutes. From my perspective, I can put as many agents out there as I need to because it is all cloud-based, and they do a good job of maintaining their environment. When I add an agent and do an install, I can look in their portal, and within a couple of minutes, I see the agent check-in.
How are customer service and support?
Their support is of very good quality. We talk to security analysts most of the time. When we ask questions, there are times when they have to research. We do not ask simple questions, so sometimes, they do need to research what is going on with that particular machine or that particular incident, but they are responsive. They give intelligent answers. They are always good and friendly people to talk to. I would rate their support a 10 out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did not use a similar solution. We still use traditional AV with Huntress. It is filling in a gap that we did not know was a gap before. We did not replace them with anything. We layered them into our stack.
How was the initial setup?
It is all cloud. Its initial deployment was very easy.
We did not try to do them all at once. We scaled up, and we did a bunch here and there as we were growing it out because we could not take on all the costs without getting some of our clients to buy off on it and pay us for it. It was not an all-at-once.
The way it works is that if you already have an RMM agent on all the machines, after you have it set up initially, it takes 20 to 30 minutes to do the install script and push it out to the first handful of machines. After that, it is just a matter of checking some boxes and hitting install. The installer itself is very fast. It goes and downloads itself, configures itself, and names the locations. They did a great job building this script for installation. If you tell me that I need to put this on a new company with another hundred systems, it would take me five minutes.
In terms of maintenance, you do not have to manually update an agent. Most of the time, they update themselves. We have to keep an eye out to make sure that they do not get uninstalled, but that is there with any software. Overall, there is not much in the way of maintenance. We just need to check everything and make sure it is doing what we think it is doing.
What about the implementation team?
We did it internally. We are an MSP. We are the IT consultants, and there was nothing needed to bridge the gap between Huntress and us. They did a great job of onboarding.
One person was required for its deployment.
What's my experience with pricing, setup cost, and licensing?
It is simple. It is reasonable. They raised my prices this year. We never like price increases, but they continue to add value, so we just keep adding agents as we grow and as our clients grow.
Which other solutions did I evaluate?
We were always evaluating our endpoint security solutions, but there was nothing like this out there.
What other advice do I have?
Stop waiting and just do it.
I would rate Huntress a 10 out of 10.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP Reseller
Managing Partner at InterHyve
A scalable EDR tool to detect, prevent, and block any attacks
Pros and Cons
- "Scalability-wise, I rate the solution a ten out of ten...I rate the technical support a ten out of ten."
- "The solution's UI is an area with certain shortcomings that need improvement."
What is our primary use case?
I use Huntress as an EDR tool to detect, prevent, and block any attacks.
How has it helped my organization?
Huntress offers a lot more of a proactive approach, being an EDR tool. The tool is eligible to be an ISO 27001 product. Huntress streamlines our organization's processes.
What is most valuable?
The solution's most valuable feature stems from the tool providing alerts, which is a very good attribute. The fact that the solution operates proactively for our company is because Huntress has one of the best AIs apart from CrowdStrike.
As the CEO of my company, I am not involved in the technical part of the solution on a daily basis, making it difficult for me to comment on the best features of Huntress.
What needs improvement?
The solution's UI is an area with certain shortcomings that need improvement.
For how long have I used the solution?
I have been using Huntress for two and a half years. I use the solution's latest version. My company is a customer of the solution.
What do I think about the stability of the solution?
Stability-wise, I rate the solution a nine out of ten.
What do I think about the scalability of the solution?
Scalability-wise, I rate the solution a ten out of ten.
My company has around 200 users of the solution.
How are customer service and support?
I rate the technical support a ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
My company operates as an MSSP. I have experience with other solutions in the past. I haven't switched to Huntress from some other product since I still deal with products that were used in the past since my company has to cater to the needs of multiple customers.
How was the initial setup?
I rate the initial setup phase an eight on a scale of one to ten, where one is difficult and ten is easy. In general, the solution's initial setup is pretty straightforward.
The solution is deployed on a public cloud.
The time taken to deploy the solution depends on the size of my company's customers, but I can say that it does not take too long. The deployment process is simple, but it’s time-consuming part stems from the need to put the policy in place, considering which I can say that it takes around four hours presently.
One person was required for the deployment process.
What was our ROI?
I have seen a return on investment in my company with the use of Huntress.
What's my experience with pricing, setup cost, and licensing?
I rate the product's price a five or six on a scale of one to ten, where one is cheap, and ten is expensive since it is a fairly priced product.
There are no costs in addition to the standard licensing fees that I know about for the solution.
Which other solutions did I evaluate?
SentinelOne and CrowdStrike were the two solutions we had evaluated in our company before opting for Huntress owing to the preference of our customers, who had just discovered that they had detected 3CX exploit.
What other advice do I have?
I recommend the solution to those planning to use it since I believe they should try it.
I rate the overall solution a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Huntress Managed EDR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
Intercept X Endpoint
CrowdStrike Falcon Complete MDR
Arctic Wolf Managed Detection and Response
Secureworks Taegis Managed XDR / MDR
SentinelOne Vigilance
Sophos MDR
Red Canary
Blackpoint Cyber MDR
Field Effect MDR
Adlumin Cybersecurity
Fortra's Alert Logic MDR
Trend Micro Managed XDR
Rapid7 MDR
Bitdefender MDR
eSentire
Buyer's Guide
Download our free Huntress Managed EDR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How do you estimate ROI of a Managed Detection and Response (MDR) solution?
- When evaluating Managed Detection and Response (MDR), what aspect do you think is the most important to look for?
- Which solution do you prefer: Optiv Managed Security Services or eSentire?
- Why is Managed Detection and Response (MDR) important for companies?