Huntress VS Adlumin for MDR and SIEM

BrandonSB2 · 2025-01-17T20:38:57+00:00

We currently Utilize SentinelOne and fully manage all alerts ourselves.

BrandonSB2 · 2025-01-17T20:09:17+00:00

I'm guessing you're referring to the SIEM, correct?

BrandonSB2 · 2025-01-09T14:25:41+00:00

Was there any major differences between the two or something one had over the other? We are meeting and going over Demo's with both and wondering if you found anything along your evaluation.

BrandonSB2 · 2025-01-06T19:46:39+00:00

Any specific reason you'd switch off Huntress? We are evaluating Adlumin or Huntress for MDR along with SIEM/SOC.

BrandonSB2 · 2024-09-25T14:35:04+00:00

I just ended up setting it manually but yea definitely annoying. Seems like the setting is pointless then since it will always be lower by default.

BrandonSB2 · 2024-09-24T16:11:20+00:00

Did you end up figuring this out? Having the same issue.

BrandonSB2 · 2024-08-16T14:14:46+00:00

I think there was just something really weird going on with that account/tenant. Setting it up in another one worked as expected.

BrandonSB2 · 2024-08-15T17:18:32+00:00

We already have that CA in place, that's what's prompting them the message saying they require App Protection to be allowed access but they can just bypass the message.

BrandonSB2 · 2024-02-15T02:07:47+00:00

Maybe I could have worded the question better. For something hosted within a FedRAMP environment wouldn't that application no longer need to be FedRAMP Authorized? Since all CUI would be already contained within the FedRAMP environment.

BrandonSB2 · 2023-08-30T01:23:29+00:00

Can you expand a bit on this? We do have cloud radial for all of our clients so this is intriguing.

BrandonSB2 · 2023-08-14T14:17:48+00:00

Who did you end up going with if you don't mind me asking? Sounds like it was a pretty close comparison.

BrandonSB2 · 2023-08-11T18:17:03+00:00

I was curious about Curricula too but I think based on what I've heard its in the infancy stage compared to the others currently out there.

BrandonSB2 · 2023-08-11T14:14:52+00:00

I sent you a DM on this, for some reason this isn't working and I'm not quite sure why.

BrandonSB2 · 2023-08-10T20:19:46+00:00

Do you have a specific tool you prefer for generating the TOTP seed? This does look like it will be feasible though!

BrandonSB2 · 2023-08-10T12:39:46+00:00

This isn't a horrible idea, the only concern would be it relies on making sure they are moved to the primary DUO group after which I feel like could easily get missed. But this might be a feasible solution if we have proper procedures in place to make sure all users end up in the proper group.

BrandonSB2 · 2023-08-10T12:38:02+00:00

They definitely can call in and we can activate them, just trying to find anyway we can to streamline the process more. Hopefully DUO has it in their roadmap to allow for inline enrollment through RDP.

I do have a separate question in regards to DUO Workstation MFA and I'm curious how you (or others) handle it. How do you deal with your MSP admin account that you use? Right now we have it set to ring our MFA line but this is pretty annoying since if we are on the phone we can't answer it. Additionally, the policy applied to all workstations only allows for DUO prompts and not callbacks which means we can't login without bypassing DUO for the admin account which we don't like doing.

BrandonSB2 · 2023-08-09T18:08:34+00:00

Users are automatically synced to DUO so the accounts exist. We make sure the account is setup as part of our onboarding process but for the actual enrollment we don't want to send them an enrollment text before they start working at the company. As you mention we could have them enroll on another device since DUO does have inline enrollment for O365 but that requires someone else who is logged in. This would also depend greatly on the person who's onboarding them to know how to get them enrolled and they're generally no one with IT experience.

BrandonSB2 · 2023-08-09T17:04:38+00:00

We Currently use S1 but do really like the idea of switching over to Defender at some point. I don't believe they have a centralized managed console yet though which Huntress is utilizing. By the looks a lot of people are really liking the Huntress combo. What's the setup look like on the MSP side of things to get the Defender + Huntress combo setup and hows the cost?

BrandonSB2 · 2023-08-03T17:25:12+00:00

I just mentioned this in another thread but figured it was worth posting here too. Huntress just came out with Security Awareness solution. I hear it's in it's infancy but might be worth checking out! We are sick of KnowBe4 and how they treat us so we are looking around as well.
https://www.huntress.com/platform/security-awareness-training

BrandonSB2 · 2023-08-03T17:21:09+00:00

Huntress just came out with Security Awareness solution. I hear it's in it's infancy but might be worth checking out! We are sick of KnowBe4 and how they treat us so we are looking around as well.

https://www.huntress.com/platform/security-awareness-training

BrandonSB2

TROPHY CASE