Keeping up with today’s cybersecurity threats can seem difficult, but what if you could you fight back against the hackers? With the right tools, managed service providers (MSPs) can adopt a more proactive approach to cyber defence.
During the summer, Huntress hosted a series of webinars to show you how their cybersecurity solutions help you to defend your clients’ businesses.
The 30-minute virtual event featured a swift demonstration and tour of the Huntress platform, followed by an ‘Ask Me Anything’ Q&A session.
Huntress Security Platform: Demo and AMA (Ask Me Anything)
These webinars give attendees a quick look at some of the features that the Huntress platform has to offer.
The speakers for the session that took place on the 7th August 2024 were:
- John Brennan, Sales Engineer at Huntress
- Henry Washburn, Manager, Sales Engineering at Huntress
Jesse Nine, another Sales Engineer at Huntress spoke at some of the other sessions, but wasn’t present in this particular virtual presentation.
The Huntress platform provides protection and threat intelligence to managed service providers and their clients.
Webinar: Meet Huntress: Demo and AMA Replay
If you want to catch a replay of this webinar, you can find it here.
A Tour of the Huntress Platform
John logged into the system and showed us the Command Center. This is a hub where all the Huntress products converge.
- MDR for Microsoft 365
- Managed EDR
- Security Awareness Training
Imagine a sort of home page dashboard where key information is displayed to the MSP about users and endpoints. This page displays the triage feed for incidents and escalations, alongside widgets that provide key metrics at a glance.
From here you can drill further into the detail and select information on individual hosts.
Host surveys are carried out every fifteen minutes revealing up-to-date information and providing context for any incidents as and when they occur.
Incidents and Alerts in the Huntress Security Platform
Incidents are shown on the dashboard as either active or resolved, and also reported are the number of EDR signals that have been investigated.
When an alert comes into the EDR platform an agent assigns it to themselves to it and begins an investigation. They always prioritise the most critical alerts first.
If an incident is critical, the analyst can isolate the host to prevent any further egress or escalation of the problem. This could include:
- Lateral movement across the network
- Elevation of privileges
- Setting new email mailbox rules
The MSP partner may release the host from isolation if they believe the activity that was marked as suspicious is, in fact, legitimate.
Huntress agents won’t release an isolated host without speaking to the MSP partner first.
An Example of an Alert: Business Email Compromise
When looking into an alert, the agent knows what to look out for if ‘Business Email Compromise’ is suspected.
Key signs include: unauthorised access, new mailbox rules, added users and privilege escalations.
Remedial actions against the incident can be manual or automatic, and then follow-up action suggestions will recommend things like policy changes and password resetting.
Unwanted Access Microsoft 365
You can set rules for what can access your M365 accounts and from where.
This can be as granular as you want it to be and can be set at the user level or organisation level.
For example, you can allow access from specific countries only, while also make an exception for users who may require access while they’re on holiday.
Security Awareness Training to Help Educate Users on Today’s Relevant Threats
Huntress create episodic education content in the form of short animations called Curricula. The purpose of these animations is to be insightful, short and entertaining and to be accessible to users who might not be very technical in their jobs.
‘Curriculaville’ is the setting for the characters in these animations, and the episodes all create an ongoing story. Henry explained that having a familiar group of characters helps users to learn and retain the information more easily.
Phishing Simulations
To test what users have learned, you can send out phishing simulations as part of a campaign.
Phishing Defence Coaching (PDC) is another tool Huntress SAT employs to reinforce learning in end users. PDC comes into play if users are caught out in the phishing simulation.
If this occurs, the simulation will issue a warning and then explain what you’ve done wrong. It will also explain why the email link you’ve clicked on is suspicious and what the attacker is trying to do to pressure you into action.
Question and Answers about the Huntress Security Platform
Q1: If we want to find out more, where can we go or who can we speak to?
A1: You can start a free trial or schedule a demo at Huntress.com
Q2: Do users receive certificates for completing Curricula modules, and can you see which users have completed specific modules?
A2: Curricula will notify users of new episodes to complete and keep a record of which episodes they’ve completed. The system notes the episodes that each user has completed, so that you can see at a glance who has viewed the content and who has not.
Conclusions About the Huntress Security Platform Demo
As a short webinar, the demo was a very quick tour of the platform’s features and the potential it shows to MSP partners.
The constant monitoring of endpoints, as well as M365 identity access, gives businesses piece of mind. While the security awareness training helps users to spot and react to suspicious phishing emails. Helping you to build a robust human defence for your business.
Have you been considering a change to your cybersecurity provider? Perhaps you’re thinking about moving to a cloud-based platform that covers threats attacking your network? Or improving the security awareness of your end-users? We would love to hear about it in the comments.
You Might Also Be Interested In
I'm a small business owner, technical writer and blogger, with 15 years experience in corporate IT. I frequently attend MSP peer groups and create content relevant to IT service providers and business owners.
All PostsYou might like:
Comments