Huntress
The 24/7 human SOC. Analysts triage every alert before it reaches us.
Kootechnikel runs Huntress Managed EDR and Managed ITDR as the human-led 24/7 SOC layer on client endpoints and Microsoft 365 tenants β human analysts triage every alert before it reaches us, so clients get real incident response, not a dashboard.
What it is
Huntress is a managed security platform deliberately built for SMBs rather than the Fortune 500. The product is inseparable from the service β every subscription includes Huntress's 24/7 Security Operations Center, staffed by human threat hunters who triage, investigate, and write the remediation steps for every alert before it's surfaced to the MSP. Huntress describes the model as "human-led, AI-assisted" β AI accelerates the pipeline, but a human makes the call.
The platform has grown past its original "persistent foothold hunting" origin. Managed EDR protects Windows and macOS endpoints (5M+ protected) with industry-leading MTTR. Managed ITDR protects Microsoft 365 and Google Workspace identities (11M+ protected) with a stated 3-minute MTTR for identity incidents. Managed SIEM provides log aggregation and compliance retention at predictable per-seat pricing with smart filtering. Managed SAT delivers security awareness training with a 98% completion rate, and the newer Managed ISPM and ESPM products add posture management for identity and endpoints.
The signature technical components β Persistent Footholds detection, Ransomware Canaries, and External Recon β are designed around the way SMBs actually get breached: not zero-days, but attackers establishing quiet persistence and then returning weeks later.
Key capabilities
Managed EDR with 24/7 Human SOC
Every detection is triaged by a Huntress analyst; MSP receives actionable incident reports with written remediation steps, not raw alerts.
Persistent Footholds Detection
Hunts specifically for attacker persistence mechanisms (scheduled tasks, services, registry run keys, malicious autoruns) β the stuff commodity AV routinely misses.
Managed ITDR for M365 & Google Workspace
Detects BEC, mailbox rule tampering, token theft, impossible travel, and post-auth compromise with a 3-minute MTTR.
Ransomware Canaries
Lightweight tripwire files deployed to endpoints that trigger an immediate SOC-validated alert the moment encryption begins.
External Recon
Continuously scans client-facing attack surface and flags exposed services, open RDP, and misconfigured edge devices.
Managed SIEM
Predictable per-seat log aggregation with smart filtering so clients get compliance retention without paying for every debug line.
Managed Security Awareness Training
Short, story-driven episodes built on threat intel from Huntress's own endpoint/identity telemetry; 98% completion rate.
Incident Reports Written for Humans
Every incident ships with a plain-English write-up: what happened, what Huntress did, what the MSP needs to do next.
Who itβs for
- A 25-person law or accounting firm that can't justify a dedicated security team but needs real eyes on Microsoft 365 BEC attempts at 3am.
- A healthcare-adjacent clinic that needs documented identity monitoring for insurance/compliance without buying a full SIEM stack.
- An MSP client who has already been phished once and needs a human-verified SOC layer on top of whatever EDR is already deployed.
Huntress is the human-verification layer. Our endpoint stack (Bitdefender or SentinelOne) is good, but good prevention still produces alerts, and SMB clients don't have anyone to read them at 11pm on a Saturday. Huntress's SOC does β and they don't just forward an alert, they tell us whether the thing is real, what it did, and what to do about it. The ITDR piece matters even more: the dominant attack on our client base now is Microsoft 365 token theft and BEC, and nothing in the traditional endpoint stack sees that.
Need Huntress deployed, operated, or taken off your plate?
One accountable team. One monthly invoice. One escalation path when something breaks at 11pm.
