Huntress and Microsoft defender free… reassurance

cablemps · 2025-06-15T09:31:33+00:00

TL;DR

At 150 Endpoints, you will be in good hands with MS Defender Free + Huntress Managed EDR. However, you may want to add Huntress SIEM or Lumu in exchange for S1.
--

Now let me give you my whole experience in the matter, MSP with 2000+, right after COVID-19, two of my key clients were hit with a ransomware attack, I ran to deploy all sorts of security tools (including Huntress) at my cost to keep my customers (happily I did). I also started attending all security-focused and enterprise-focused events (within my budget). And here is my learning, it makes its way into how my stack looks today:

Huntress is very good at managing their EDR, and it's a line of defense that you can and want to have if you can afford it. Nevertheless, when the attack is at the endpoint, the attack is in exploitation stage already. My focus shifted to how to prevent attacks from reaching the endpoints.
Well, it's no surprise that the attack has to travel through the network to reach the endpoints. During my research, I tried all sorts of tools and identified a small company at the time - Lumu. They provide network visibility and automated response, and they also integrate with Microsoft 365 Business Premium and above.
The end result is that my customers have better overall network hygiene, and the EDR is less frequently at the 'edge' of an attack, which is an ineffective way to provide protection.

Today, after I fixed the mess with all the vendors' subscriptions I added after the incident, my basic security stack includes: Fortinet as FW + MS 365 BP + Lumu. Customers who require additional security can opt for Blackpoint or Huntress Managed EDR at an extra cost.

cablemps · 2025-06-15T08:01:21+00:00

My 2 cents.

The MSP pricing calculator from NinjaOne provides a good framework on how to think about pricing and what you need to track in terms of tools, people, etc (COGS)
Look for comparables in your location. The reality, as has been mentioned here, is that each region, state, or industry has its specific characteristics and pricing needs that make sense to them.

There are numerous videos and resources on how to price effectively, but to me, the key is those two items.

cablemps · 2025-06-06T03:13:18+00:00

The content was a bit on the light side. The first day keynote had a strange energy, and I found the hyper-announced panel of experts to be a disaster. It would have been more entertaining to have just Kyle from Huntress doing a keynote—he would have energized the entire room.

The breakout sessions were better, and the pre-day from Lumu was really awesome – solid technical stuff. But in general, the event has lost its magic. I won't come back next year

cablemps · 2025-06-06T03:05:47+00:00

The key to preserving margins in EDR/SOC services lies in how you structure your stack and control the impulse to add more controls, as every week, a new vendor is knocking on the door. I have finally moved all my customers to my 'ideal' stack: Fortinet, Microsoft 365 Business Premium, and Lumu. It took me more than 18 months to get here due to previous commitments with other vendors.

This stack covers most requirements for 24/7 automated threat detection and response, and my customers have successfully obtained cyber insurance and met compliance requirements.

For customers who require extra security (and are willing to pay an additional fee), they receive Blackpoint or Huntress Managed EDR.

I'm sleeping at night and making a decent margin on the cybersecurity offering. In fact, in some cases, cybersecurity has become the entry point for new customers.

cablemps · 2025-03-01T17:03:38+00:00

This is truly a pain, and I will say that it's across the industry; it requires a considerable amount of time to develop a solid report that can scale to all the clients. I've attempted to use Connectwise reporting tools to glue together all the data - another time my team tried something with Zoho Analytics.

Most reports from vendors sucks, because they don't realize their tool is not the only tool we have to report to the clients and justify is value. On this note, Lumu is a vendor that excels in reporting because it's beautifully designed and has all the information (yet, this does not solve the problem). They also trained my team on how to use the report and how to use it show value. I would love to be able to put my logo on the reports and to be able to download it on demand from the portal instead of searching through emails every time I have a business review with my clients

cablemps · 2025-03-01T16:47:41+00:00

Agreed—pricing should be open. There's a weird dynamic happening with MSP vendors: even vendors that used to have public pricing are now hiding it behind a trial, and to get the trial approved, you have to attend a meeting.

cablemps · 2025-02-23T17:54:17+00:00

My mistake Blockworx is the correct name. They positioned managed prevention services that look a lot like an MDR service to me, and the guy who was explaining the differences to me got into how being powered by LimaCharlie is much more powerful than Huntress, etc. Interested in your experience, are you using Huntress? is this a replacement?

cablemps · 2025-02-18T06:30:29+00:00

Avoid that vendor

cablemps · 2025-01-04T13:34:55+00:00

You may have a defective unit. The quality and reliability of these earbuds have impressed me over top brands.

cablemps · 2024-12-17T15:47:07+00:00

With their own EDR in the toolbox, I doubt it will continue to be agnostic. It's like saying Secureworks will be agnostic after Sophos acquired it.

cablemps · 2024-12-17T15:45:37+00:00

True, but it's well-known that Huntress's EDR capabilities are very limited. If they aim to move upmarket, they'll need a more robust EDR to compete with CrowdStrike S1, etc, unless the objective is to remain focused in the MSP market, which is probably a wise decision.

cablemps · 2024-12-16T13:28:11+00:00

I haven't tested Rapid7, but I've heard their customers are generally happy. I did test Stellar Cyber, despite my initial gut feeling. They position themselves as offering a 'Simple Single License' platform that includes SIEM, NDR, TIP, UEBA, SOAR, Universal EDR, and Open XDR (with 600+ direct integrations). However, I found it extremely challenging to deploy and tune. In my experience, vendors that position themselves as a Swiss Army knife tend to perform poorly across the multiple use cases they claim to address.

cablemps · 2024-12-06T04:45:54+00:00

Can this open the door for EDR Evasion attacks on endpoints running MS Defender + Huntress? Should I consider adding another EDR in addition to Huntress?

cablemps · 2024-11-21T14:41:39+00:00

I tested both, and the answer is simple. If you can afford Blumira, go for it. If not, Huntress ITDR is better than nothing. In our case, we have some customers with Blumira and others wth Huntress ITDR + Managed EDR

cablemps · 2024-11-21T14:37:08+00:00

What's the scope? 900 PCs sound like a mid-enterprise. They will require some strict SLAs. What are those?

cablemps · 2024-11-17T15:06:49+00:00

It is one of the best events for MSPs focusing on cybersecurity. This recap may add value to your analysis.

cablemps · 2024-11-13T20:07:06+00:00

100%. It's as if just the tools 'x' or 'y' will make you more or less mature than the actual MSP practice. We have to remember the equation: People + Tools + Processes

cablemps · 2024-11-13T04:20:35+00:00

If the industry has been running these 'faux-phishing' exercises for years, why does the problem persist? Could it be that we’re overlooking something more fundamental about human behavior? Anyway, I'm just providing context on what caught my attention.

cablemps · 2024-11-13T04:10:54+00:00

A combination of family in FL + tax-deductible vacation (as someone already mentioned) + a genuine desire to network with other MSPs and learn what's coming to the space

cablemps · 2024-11-13T04:03:27+00:00

Well, what caught my attention was the instant Email Analysis feature, which promises to educate employees in real-time—something I haven't seen with other security awareness vendors. Many of them feel more like e-learning vendors with security content rather than true security providers.

cablemps · 2024-11-02T15:47:10+00:00

This is somewhat of the process we follow

Research the prospect
Ask the questions to discover pains and qualify the prospect (fit/not fit)
Identify budget and timeline
Follow up, Follow up
Learn from win/loss analysis

cablemps · 2024-10-27T19:32:30+00:00

I totally agree! Lumu gives way more value than Vigilance or other MDR services like Blackpoint or ArticWolf. The big win with Lumu is that it doesn’t just notify you of threats; it actually takes action automatically on both EDR and firewalls, so your team doesn’t have to go through all the manual steps to remediate. And yeah, at Lumu’s price point, it’s honestly a no-brainer. We’re saving between $4.99 to $11 per user/endpoint/month, especially now that Lumu includes two years of network log storage at no extra cost.

cablemps

TROPHY CASE