What needs improvement with Huntress?

In terms of room for improvement for Huntress Managed EDR, I think that if they could work with maybe other antivirus vendors to sort of work together with those, it would be beneficial because I know they work with Microsoft Defender, but we chose not to do that. It feels like we're losing out on part of the product there to be able to control things such as maybe firewall or something through Huntress Managed EDR. Sometimes when they introduce new features, they just default them off and you don't really know they're there, and usually it takes a phone call with a rep to figure out about those features. Lastly, the alerting system is a manual sign-up for it; I think if you're a user or admin in the system, you should just be signed up for the alerts instead of being an opt-in system.

One area of improvement that Huntress Managed EDR incorporates is external recon, looking at the externally accessible ports that exist on endpoints. Ports that can be seen from the internet on all the endpoints that they cover is a really cool feature and a pretty powerful attack surface management tool. However, right now it is kind of unmanaged; it is just something you have to go and click into and review from time to time. I really wish that that was incorporated into their detection and response solution, so when we detect a port that is highly sensitive or high risk, I wish they would alert on that rather than having to go in and check on it. Incident reporting could be a little bit cleaner. The incident reports are thorough and we get good insight from them, but it is kind of stylized in a way that can only be ingested internally. If there was a way where they had an incident report that could be shared with clients that is cleaner with some nice graphics and a clear depiction of the attack timeline, that would be great.

I actually haven't used their cybersecurity awareness training, so I'm not sure how that really stacks up against the competition. That probably doesn't seem to be a big push for them. I would to see more work being done on the cybersecurity awareness training because we have other preferred products that we could use. I'd like to see them having more focus on that.

Reporting for Huntress Managed EDR could be better.

One area where Huntress Managed EDR can improve is in alerting. Recently, one of the RMMs I use went crazy and was flagged by Windows Defender antivirus as a Trojan. However, I was not alerted by Huntress Managed EDR about the Trojan detected on my computer, though Windows Defender quarantined it. Huntress Managed EDR indicated this is a normal behavior, but I would prefer to be alerted whenever there is any incident involving Windows Defender on any machines, regardless of the status of the incident.

Huntress Managed EDR could be improved by providing more visibility into each alert that comes in and what action was taken on it. There have been times when an alert was received through Microsoft Defender indicating an account was accessed, when in reality it was blocked by a conditional access policy, yet when checking the Huntress portal, that event does not appear at all, lacking indication that it was raised and investigated as not a threat. The reporting in Huntress Managed EDR is fairly basic, as the only available report is effectively an executive summary. Although it contains useful information, other platforms have reporting engines that are much more robust and customizable, functionality that appears to be missing in Huntress.

I do not have any comments at this time that would help improve Huntress Managed EDR.

I would like to see an easier way to whitelist sites or to monitor some of the reporting that Huntress Managed EDR does. I chose nine out of ten because I would like to see features being rolled out more often.

It would be useful to get a little more information about exactly what Huntress Managed EDR is examining and how it is identifying new and emerging threats so we can show that to our clients and make them more confident that we put a really high-tech security solution in place. Other products are a little more flashy and might have a little more marketing prowess because they have such a huge amount of information and they have security maps and threat portals and all sorts of features that we don't necessarily find to help security, but they do help those products when you're showing them to clients. If Huntress Managed EDR directly integrated with NinjaOne in a seamless fashion where it was automatically deployed and health was automatically maintained and reported on by our RMM, which is NinjaOne, that would push it to a 10. Alternatively, if it had an antivirus engine directly in the product, that would be beneficial. Many businesses still believe they need an industry-known antivirus product like a SentinelOne or a Bitdefender, something they recognize. If Huntress Managed EDR had an antivirus engine in it, even if that antivirus engine was simply as good as Windows Defender or piggybacked on top of Windows Defender, something that we could market as an antivirus, that would actually be a big benefit to us and push it to a 10.

To improve Huntress Managed EDR, I would probably ask for more integrations with other antivirus solutions. They have recently done integration with SentinelOne and have a deep integration with Defender for Endpoint, but offering that integration into the other market leaders in antivirus would increase the product scope.

Huntress Managed EDR can be improved in that right now it can only support Windows Defender and not other third-party antivirus software. If it could support other third-party antivirus solutions, that would be great. I would also suggest that adding more AI features would be beneficial.

I cannot say anything, even something small, that could make Huntress Managed EDR even better for my organization, as not having any experience with other products like CrowdStrike or SentinelOne MDR makes it hard to determine what could be improved. We are very happy with the features it provides and the security and the partnership in general.

It would be nice if Huntress Managed EDR started adding additional features that some of the other competitors have, but obviously, to keep it lightweight, they cannot pack too much into it. Quality of life improvements could be made. I think some device control, such as USB ports in general or maybe being able to do privileged access management via Huntress Managed EDR would be nice. We use another tool for that, so it would be great if they had their own module for it that would work via the agent that they are already installing.

Improvements for Huntress Managed EDR really come down to the user interface online, which is less polished than I would like. However, I am more focused on the functionality of the product, and that is where it already shines, and I find they deliver incredible value.

Regarding Huntress Managed EDR, they could add more features when compared to another EDR platform, SentinelOne. Huntress Managed EDR can evolve further because SentinelOne has better integration with their own SIEM. Although Huntress Managed EDR has SIEM, they still need better integrations.

There are some drawbacks in Huntress Managed EDR, particularly with the security awareness training aspect which is more manual than expected compared to something like KnowBe4. It could be improved in terms of campaign setup in the security awareness training section of Huntress Managed EDR. The campaign setup in Huntress Managed EDR could be easier, as it requires more manual configuration than anticipated.

We would love for Huntress Managed EDR to ingest logs from Microsoft Sentinel. Microsoft Sentinel is another SIM tool that produces logs, and we would want Huntress to be able to ingest those so that we can watch our clients through Huntress using the Huntress tools. I also would love for them to make their new SIM tool reports much more robust. They are currently way too simplified, and we need to have something better to send to our compliance clients.

I would request that they make it an agent for Linux because we need it on Linux.

There should be more engagement with the MSP group or their largest clients. They should have focus group discussions on what they can do to improve the product. A more transparent way for the support team at Huntress and our IT team to collaborate to make it faster and easier would be beneficial. It does not mean that the current support team is not doing its job, but if you look at the marketplace, the selling point of one of the competitors Blackpoint Cyber is a more cohesive work-as-a-team approach when it comes to support. I have heard that other MSP businesses using Blackpoint find it to be a much better experience in comparison to Huntress. While we are happy with Huntress, that is one area that everybody is saying can be improved.

One thing they could improve is evolving from an EDR to an MDR, like Blackpoint. This transition would enable automatic remediation of anything that looks dangerous, including within Microsoft 365. For instance, when one of my clients' Microsoft 365 account was breached, Blackpoint identified suspicious activity and disabled the account. It was in Dallas, and we are in California. Blackpoint knew something was wrong there, and they went in and disabled the account. Developing more automated remediation features would elevate them to an MDR level, but I understand that it might affect pricing. They are trying to keep it at a good price point because once they go to MDR, it is probably going to double the price. For now, I find the current features satisfactory, as they continue to add improvements. They have added security awareness training and then log collectors. They are adding pillars as they move along, and I assume they are going to have an option for MDR.

Installing Huntress on a Mac presents a challenge for end users due to the operating system's security features, which require administrator privileges for installation. Ideally, remote installation through an RMM tool would be seamless, but current limitations necessitate direct user intervention and admin rights. Streamlining this process for a more user-friendly experience would significantly enhance the product's appeal to Mac users.

The integration with Autotask could be improved. Currently, it doesn't classify the "installed product" or "configuration item," as they are called in Autotask, preventing automated handling. Additionally, updates could flow more seamlessly to Autotask. Overall, a more enhanced integration would be beneficial.

We have been working on it, but their Rio agent has been having some issues trying to repair itself. I do not know how much of that is on their agent versus some of the things that we have had in place which might have complicated things. It could be due to our existing setups. Additionally, the alert emails differ in format, making automated processing in our PSA more challenging. The alert emails that they send out with the different portions of their product sometimes are not similarly formatted, which makes automatically processing those alerts a bit more difficult in our PSA.

Huntress has a cyber education platform, but it lacks all the languages we need. Since we support customers in different countries, expanding the language options for their training would be beneficial.

One issue is the managed antivirus. Huntress takes control of the antivirus built into Windows Defender, but it doesn't if, for some reason, Defender isn't working properly and doesn't attempt to fix it. We have to fix it with some scripts so that Defender reports correctly to Huntress. It would be nice if they took that action on our behalf. If they saw a problem with Defender, they should roll out a fix.

I had been requesting Huntress support for macOS for a while, and they recently rolled it out, making it generally available within two months. Having a regular support line would be good.

The existing features are perfect. However, I think they could add a more robust set of security features like dark web scanning, penetration testing, and risk assessment for clients. We would have one tool for everything. We wouldn't have to go to multiple vendors to pull something together. That would be more beneficial for us.

Huntress should have a more user-friendly interface because it takes some understanding to work our way through the interfaces. When you log in to the portal, there are many different categories to investigate. It would be good if the solution had a central alerts page to go to first rather than checking into all the categories to see if something needed to be addressed.

The integration with our RMM could be better. That's been one of the tougher things. Having more availability to integrate with RMM is what we need right now. Even though we can create a script, it doesn't always work as seamlessly as it should.

Not every time, but sometimes when we click on the remediation, the auto-resolution of the alert, the screen gets stuck, and I need to contact support so they can confirm the remediation was applied, and they have to close the ticket. Maybe they can add a way to remove unresponsive agents. For example, if I have a client with ten devices, and I deploy Huntress in those ten devices, and for some reason, one device has maybe two or three months offline or not running, maybe they can add automation to remove the agent after a certain amount of time. That way, I will not be paying for a device that has been offline. We do have audits to avoid this. However, it would be useful if the process was automated. In the beginning, we used other antiviruses. If you install SentinelOne or WebRoot, if you check the device, you will see Huntress is installed, however, you will see it is not doing anything since he other antivirus is installed. I know that Huntress has a beta version for Macs, so it is not fully deployed or released. We're waiting for the final version to use it on our Macs.

The pricing could always be lower, however, it already is good value for money. It would be ideal if they could create some incentives to help more partners get clients to onboard it. They should grow their market and spend a bit more time and effort on South Africa.

The product could be improved in terms of customization options available for reports. Specifically, there should be more granular control over report scheduling and the ability to include more specific information.

I'd like it if Huntress could scan for software that's out of date or has open vulnerabilities. That would be useful for us. Scanning for vulnerable software would be helpful. Also, we've set it up to create a ticket in our ticketing system when there's an alert. It would be nice if closing that ticket would also close the Huntress alert. It doesn't do that right now, but they're working on adding that feature.

Their EDR can have increased coverage for Macintosh. They do not fully secure Macintosh computers.

The application control system could benefit from improvements in identifying and managing both whitelisted and blacklisted applications. Additionally, it would be valuable to have the ability to automatically lock down applications identified as potential threats.

We need an API to automatically retrieve metrics and data about backend activity so we can generate client reports. We believe in comprehensive reporting and actively inform our clients about our efforts. Our daily, weekly, and monthly activity reports demonstrate our proactive approach. Currently, Huntress lacks an API to pull this data, hindering our ability to efficiently convey what happened in the past week, month, or quarter, and how it was addressed. An API solution would streamline reporting and enhance client transparency. In addition, we require an external recon report generation system. Ideally, we should be able to select a client and instantly generate a report with a single click. I expressed this need to one of Huntress' developers, emphasizing the importance of user-friendly report access. Such a system would significantly improve our workflow and communication with clients.

The solution's UI is an area with certain shortcomings that need improvement.

The Huntress is not a standalone solution. It really needs to be used with something else such as Microsoft Defender or another antivirus solution. It would be nice to see the product fleshed out by the Huntress team and include the antivirus solution part as well. I want it to be a full-fledged XDR product. It would push the tool to a higher price range but it would be nice to see the fleshed out features. I want them to integrate more features from the XDR realm.

In the next release, I'd like to see more intuitive dashboards.

Some of Huntress' reporting could be improved. Specifically, when we get a notification that something has been investigated and found benign, we don't get any information about which devices the issue was on. It's not until we get an actual action plan for a threat above a certain threshold or representing a certain compromise that we know exactly what device is involved. In the next release, Huntress should include better integration with AV or endpoint detection and other response solutions than Windows Defender.