 So I first heard of Huntress Lab a little over a year ago based on their blog where they do a lot of security research and Right away became an interesting product because their security research was a direct result of things they discovered with their tool But I actually myself had a hard time at first grasping what the tool does. So let's start there Huntress Labs is basically an endpoint agent and analysis engine. It is not like an antivirus It is a little bit different than that. It does watch files, but it's not being active in terms of stopping something from happening It's designed to alert you if there was a change and why would they do that? Well, this is a complement to the antivirus stack and this is one of the reasons we use it So we have our antivirus on there and we hope that nothing gets by it But as anyone knows in security, it's not about guarantees of nothing getting by it's about threat mitigation and Sometimes antivirus companies fail. Sometimes there is something out there in startup that gets by those antivirus Systems and that's where Huntress comes in. So their target audience is not end-users We'll start there too. It is for people in the MSP space where maybe you are an IT director And you have several thousand machines to manage This is a small basic application basic in terms of how it installs basic in terms of very small Advanced in terms of what it does. It's really watching for threats to come in and gain a foothold advance persistent threats specifically And this sounds like too simple and maybe it's not as advanced. You're saying I already have this with my antivirus Let me tell you that this has been an enlightening experience using this product because we still occasionally find things that may get by the Antivirus especially when we're onboarding new clients it gives you an extra layer of security that is Basically second guessing almost that your antivirus might have missed something But it goes a little bit deeper because they're doing very specific threat analysis On what those startup files are and that has turned into several we start as incidents and investigations So an incident is when I actually find something an investigation is when they see something suspicious And this is the sauce that makes their system so effective So basically if there's some type of startup file that starts in there It's going to you know alert them because it goes I seen something change in startup and that's what we have this running on Um a lot of our well pretty much all of our endpoints that are on our managed services So even though we have the full solar wind stack This is complimenting that by having one more tool and one more layer that someone has to get through now When you're onboarding a new client, this is amazing because it starts discovering things right away and starts Finding if there's something in there that maybe just looks suspicious. And that's what's important is it's not A automated system in terms of it's just some magic Uh heuristic system with a bunch of signatures, which would make it more like an antivirus No, they have a team of engineers behind it. So what you're buying isn't a product That's just another magic ai system in the cloud that's going to magically determine everything Until someone games the system and gets by it Which is unfortunately what happens with them. This is an actual group of security researchers now and like I said That's why their security research posts about things they found and how they found information They found things like the kasaya psa problem Last year that I did a video on hunter slabs was the people who found that so it actually found a problem With the rmm tool itself as the delivery mechanism So it's really interesting when you have people involved that are actively doing this and I will link back to I interviewed the CEO of hunter slabs I did that interview first because this is a people-centric product as far as the way I look at it What I mean by that is having a bunch of really high level engineers You know, they do have automated systems that is filtering so not everything's going to the engineers But anything that the system can't determine what it is comes to their engineering team Who researches it and that may even require interaction with us the msp to go What is this file we've seen here and this has happened a couple times because we have a couple clients using some special software They didn't have A clear understanding of what that was and one of the softwares All my client was used was very custom. So the signature on there Did not match anything known So they're like, why does this run at startup and that level of interaction of them making sure they understand it And are watching it and if any changes occur they notify you because like I said, this is all about notification Not about active blocking which makes it much less disruptive to your client And lets you kind of investigate and understand things a lot better Now one of the things I want to share with you here We on boarded a client that had a pretty severe virus And I want to show you what the incident report looks like because this is something I found fascinating with the way they Write up their incidents is really good And it gives you remediation steps that are very very clear and specific to the workstation they found it on So this is an actual one for a client. We're onboarding I've got to blur out some of the personal identifying information about the client Hunters detected the following malware on one of your managed hosts iced id and emotet the banking trojan So these are obviously two really bad things Considering the high risk post to your clients We strongly recommend you wipe the host and restore from backups as soon as possible And this is something that I like that they're not saying. Oh just delete it or just quarantine it No, they're saying very specifically here that you're going to want to you know, wipe in nuke and pave Which is awesome because I absolutely agree with that statement myself and it is the solution Sometimes when we onboard clients and we find something severe nuke and pave is the solution But they also give you exactly how to uninstall it Highlighted here So you can read them here by running the following commands from an elevated command prompt performing the actions below And it goes on from there And like I said, these are customized to this specific workstation And this is that above and beyond I think that I've seen I don't see what some of the other ones are like Oh, yeah, I hit this to remove it locks up. It doesn't do they talk about how to remove things What registry keys are related to that and specifically how to get rid of something even if it's a minor You know potentially unwanted program or pop as they may have identified basically a low severity Like how did this stupid thing get on here like coupon printer or whatever? And they give you instructions how to remove it and this is that level of interaction that the engineers are actually sending these emails It's not some automated system Doing all this and like I said, this makes hunter slabs a extra security blanket on our security stack So we have everything from our solar wind system and we have this right here Now the other thing I'll add about you know, having used this for several months is The reports they give you are really nice. The dashboard is super simple and clean But I don't want you to take my word for it and there's no need for me to share it here Go to the free trial. Um, I am doing this review because it's a product I use I think it will bring value to others, but I have no offer codes I have no discount codes and as far as pricing goes That would only date the video because they may change pricing and and you're someone will point out in the comments But you said it was this much and they said it's this much That's all on their website. Uh, that is something you can go over start the free trial and contact them No credit card necessary jump in there for a free trial and test it out Matter of fact, if you're interested in just kicking the tires and seeing what it finds That's a fun way to do it. It doesn't cost anything to sign up for a hunter slabs account They do want a valid email address to set up your account, but you know Figure that out. That's not that's a pretty low ask in terms of there I found their sales team to be very easy to deal with very pleasant and watch the interview with kyle because the He's an interesting background the people that are working there are not Just somebody who went through, you know some type of training course kyle himself is a winner of the writing some offensive software black hat champion for CTF you're talking about people who are top of their game And the team is really tight like that. This is something that even working with them They know their stuff on this and kyle has built the team like that And that matters a lot to me who runs a company and how they run it and you know who they are So when you take a bunch of people who you know are at black hat or the hacker conferences Speaking at them dumping their research because they're very open about everything they do They do not obscure about what they find how they found it They've you know, like I said that matters a lot when I look at how a company's run and the people involved in it Because it that matters still so like I said, I'm not As someone makes a page shill for this product I'm letting you know it is a product we use and for those of you that Watch this and buy msp services through us. You know, this is on your system Deployment is really simple Most of the rm tools have levels of integration to easily script and deploy it to all the systems It's minimally invasive minimal in terms of size. So it's not like it's Dragging down the system like some of the larger antivirus programs definitely are a little bit more resource intensive This is very resource light, but that's because it's only doing analysis on things in startup And just you know keeping an eye on things and alerting the knock team who then in turn contacts you if there's a problem So go ahead and give it a try My opinion of it after running it for the last about four months has been it's awesome And I do still enjoy the blog posts and everything else from kyle And we'll probably do another interview because when I talked to him Prior to even you know getting more in depth on the product He's he's a interesting person watch some of his talks. You can find some of his blog posts Uh, I love people who are deep into security research more so than the business side of things It's much more like refreshing to talk to him And it's funny how the interview came about was like we had such a great conversation talking about the product There's like we should just hit record next time We started talking about security in general and if you watch the video It's all about hunting mail where has really nothing to do with the product But he kind of gives you the idea the mental state of the people that are working in here and where they're coming from And what makes this product good Thanks for watching if you like this video Give it a thumbs up if you want to subscribe to this channel to see more content Hit that subscribe button and the bell icon and maybe youtube will send you a notice when we post If you want to hire us for a project that you've seen or discussed in this video head over to laurencesystems.com Where we offer both business it services and consulting services and are excited to help you with whatever project you Want to throw at us? Also, if you want to carry on the discussion further head over to forums at laurencesystems.com where we can keep the conversation going And if you want to help the channel out in other ways we offer affiliate links below Which offer discounts for you and a small cut for us that does help fund this channel And once again, thanks again for watching this video and see you next time