 The video you're about to watch was recorded on June 19th, 2020. Today is June 22nd, and tomorrow, June 23rd, 2020, is when the new features come out for Huntress. I wanted to put that clarification here as I wasn't sure that we were completely clear on the dates, so I figured I'll put that right at the beginning here so you know when the new Huntress Labs features are coming out. Yes, I'll be doing a video on there. Second, I did at the end, to my own confusion, somehow misunderstand what Kyle had asked me about the ports being open, and I answered about why there's so many people leaving ports open and some of the poor security practices we've seen, but I think he'd actually asked the question, well, he did actually ask the question about why no one else is doing some of the things that Huntress are doing. Somehow I conflated the two answers, but I wanted to at least address that ahead of time right now. Still a great interview, other than my answer at the end, if you're wondering where my head was, because I am right now. But I'm very open to admitting when I make a mistake. Still a great interview talking about where Huntress is going, new product stuff, and once these new features are off and I have time to review them, I will be doing an updated video on the Huntress Labs product that we're still using. I'll also leave a link below to my previous review of Huntress Labs if you're not familiar with what their product does. Alright, thanks and enjoy the video. Tom here from Lauren Systems, and I'm with Kyle from Huntress Labs, and they've been working on the product, but I figured I wanted to hear from him. Me and Kyle talk offline, but I figured one of these times we should, we always say we just got to hit the record button when we're having a conversation like this. We wanted to talk about where Huntress is going, where they've been, which is, you know, fold disclosure, I'm not just wearing a shirt, I used their product, been using it for a while, it's one of our, of all the different tools we use in our MSP stack. We've always loved the simplicity of it, and so Kyle's going to catch us up with, you know, since I've been there, some of the more features that are going to be added, some of the places the company's going, and kind of Kyle's perspective on security because he doesn't just write the Huntress stuff, he actually spends his time, heads down in a lot of cybersecurity stuff. I even ran into the people at DNS Filter and thought highly of you because apparently you've added a lot of threat intelligence to some of the same shared repositories. It's just in general, just being a good person in security, I guess you could say, by sharing out this knowledge. So go ahead. Yeah, so what's funny about it, you and I have caught up, we'd be asked about insert threat du jour, right? Yeah. But not a lot of people know the whole Huntress story. They'll hear the, yes, we had a background in offensive cybersecurity. A lot of people dig that we used to work at NSA, but the real stories are like the failures that happen or the hard decisions you have to make as a founder. That's probably my favorite, Tom. And one of those cases is like, when we came out of that world, that Intel world and said like, look, we wanted to make a difference on finding things that are slipping past the prevention products. Everybody knows that we went after like hacker footholds and long-term persistence. We probably had like 15 or 20 different ideas. And some of them were so bad, Tom, they're just bad. Some of them were actually like worth merit, but the problem like no one ever tells you as an early entrepreneur, you just have to get some traction, some success and some trust or you're just not going to make it, right? Your company's never going to get to the level where you can make a big enough difference at scale. And so we did, we ended up choosing the one that had the most I guess most likelihood of success, which was these hacker footholds that we were finding. And thankfully we built a security platform that 1,000 plus 1,300 MSPs are using right now. So clearly we did something okay. Yeah. It's been interesting because of, it's almost weird that that gap was there and at the rate it was there, because when I looked at the product, at first I was like, okay, it's a little bit hard to understand. And then I started digging into it. And then actually, I think I met you after we signed up for the product and I did the video on it. Cause once you start using it, you're like, oh, this is actually a pretty clever idea. Just simply watch, look for these footholds. And it's not the same as looking or doing a heuristic analysis. Like a lot of other, your traditional like antivirus, it's not an antivirus product. It's different. And knowing your indicators of compromise, having that knowledge, especially because they're there before they're activated. So this gets you ahead of the curve. Yeah. So we were stoked, right? Cause that was my job was long-term access. We solved long-term access. It made, it was just a really solid story, but you could imagine as we started getting further along, I mean, 2019 was just murder, right? We had all those MSPs that were ransom and mass. We, I had a spreadsheet. I stopped tracking at 100 MSPs that I was aware of when all of their clients were encrypted all at once. So you can kind of became like a really, you know, sore subject of like, all right, I don't need another reminder. Security's bad. But by that time we had good traction. The company finally got to the point where like a lot of startups, we just are infamous for like running at like a burn rate or, you know, losing cash month, month over month. And if you go with the traditional VC route and just raise tons of money, you know, on an idea, they expect that for years. But for us, we didn't take real, you know, our series A was four and a half years after the company got started. And the reason for it is we were cash flow neutral. You know, we could essentially choose when we wanted to make profit and when we didn't. At the same time with the company, we said, you know what, I think we can start doing more. And so we took with all those incidents, about about a hundred that I tracked, we worked directly with about 60 of them. And I think for a bono, we gave out over 500 hours of incident response time, labor helping people recover just really quick or helping them figure out how the heck, you know, did somebody get into my network in the first place. And a lot of people just assumed like, Hey, you were doing that out of the kindness of your heart or maybe you're doing it for marketing. And to be real, those are both like real things. The marketing helped our company get to where we're at. The kindness of your heart is just something like, we're huge on giving back to the community. But the more important reason and a lot of people that were our long-term partners started to ask us and call us out on it. They're like, you're going to chance to look at all the major incidents and all the problems that are happening on some of the biggest incidents in the community. Are you guys building like new features, product services around it? And I was like bingo, like if we listen and understand your problem, like startups are so guilty of building products, you know, or solutions for problems that don't exist. Oh, yes. Yes. That is a kind, and that's what drives me nuts. And sometimes, you know, when, especially when the times are good and the VCs have a little bit of extra spending, people think ideas are good because VCs threw money at it. That's not exactly, they're doing the spray. Hope a few of these succeed because we'll find the unicorn in here. We sprinkled it all over the place. So we all know bad ideas get funded sometimes. Yeah. Yeah. And so on top of it, there was two of them that taught me a little bit of humility. One was what were the technology problems, right? And that stuff that us as geeks, we all want to talk about where our hackers get it in. But the one that rocked me was I started learning from more and more MSPs that were more operationally mature. And I'm like, look, Kyle, I see a dozen new vendors that I want to play and try, like DNS filters there. You know, you've got your ID agent, you name it. All kinds of new emergent security technology. But they came and told me, they're like, look, every time I got, that's a new point product, but I got to figure out how to add it to my stack. And then I got to figure out how to go to market. Do I eat the cost just to be a good MSP? But I am in business to make money. Do I then just like raise the prices later? Well, crap, I just raised the prices three months ago. Do I now have to raise the price again to my clients? And how many times do I do this? So all those kind of like gave me the biggest serving of humble pie, like, yes, you need to do something, but you need to do it in a way that works for, like, our partner's business model. So for all the terrible stuff and all the late nights, early morning, like phone calls, like last Friday, our team was calling till four o'clock Saturday morning about, you know, the connect-wise automate vulnerability, right? Just warning people, like, it is a vulnerability. It is being exploited with ransomware, and you hadn't patched. Or if you did patch, it just didn't take for whatever reason. But with all of that out of the way, all those late nights, I'm now sitting on like a treasure trove of, I know where the biggest problems are. So maybe the biggest thing that we ended up realizing that we were pretty crappy at was, not only do we know the problems, like our partners didn't know where our vision was, and we didn't really completely know, other than we knew we wanted to be more than just, you know, a feature, right? Or more than just a product, we wanted to be this bigger platform. And so Tom, like some of the stuff I'm most excited, our partners don't even know, like, I mean, to be honest, if they're watching this beforehand, Monday, we're not even telling, not messaging, not anything. We're going to flip a switch, and everyone's going to automatically get the rest of the Hunter's platform, which is all kinds of these new, you know, we have persistent footholds, which is a service, but we're going to add four new services, two of them related to cybersecurity, and two of them related to, like, partner enablement and sales enablement for our partners. No cost. It's just something we're going to flip on the switch. That's amazing because I'm, you know, everything, like you said, is when you want to add something to your stack, it's like, hey, it's only $3 more, $4 more. It doesn't sound like much until you add it up. And like you said, you got 20 separate vendors trying to assemble your stack. You're like, okay, I've been $2 to death. Or my favorite was I'm going to give it to you for the next 90 days. And if you get on early, I'll give it to you a little bit cheaper, but then it's going to be this price later. And upon renewal, we're going to get you like, it makes business sense for some of those companies who do it because a lot of them tend to, they'll license somebody else's technology. So they're having to pay the piper first, then they're having to support it with their staff, and then they've got to make the money back. So I get why some people raise the prices, but the whole Huntress mantra is like, we got a whole bunch of awesome engineers at the company. We build everything ourselves, the agent, everything, the telemetry, and even these new services are 100% Hunter's own. So our cost of goods sold didn't go up. And so as a result, I'm not pressured to have to raise my prices because it really isn't, you know, I mean, you could, you'll put your sinister hat on and say like, well, you could have more profit, but like, how about you just do the right thing, especially now with like economic recession, like this is the perfect time to give more for less. And to be honest, this is what we plan on doing five years ago. I just didn't have the resources five years ago when I was a snot-nosed startup that didn't necessarily even have, you know, hardly any partners, let alone 20 plus thousand SMBs that use our software. And I think an important aspect too, when you look at it from a business perspective, is one of the challenges is finding a really solid team, putting them together and maintaining and growing that team over time. It's a long-term play. It's not something you can even easily throw money at it. That's why so many companies just get aqua hired because they go, hey, those got a smart team. And we've seen that with, we're using Zoom, by the way, and they bought that smart team that was building the Keybase product because they know they have a track record of, you know, implementing security. And, but because that brain trust you have there of talent that's allowed you with your own threat feeds and everything else, I've met some of them. I've got to see behind the curtain a little bit and talk with your threat ops people when I was down there last. And it's just, yeah, you've got this really cool ground up build and saves you a lot because you're not trying to negotiate a constant renewal of license fees for knowledge. And all the experience you gain by going out and gaining knowledge from looking at incidents and going, that's how they're doing it. This is how we modify the product to stop that from happening. That's just, it's a cool cycle. So we're preparing for a lot of like, you know, when you do this, we know that we're going to have a flood of questions. And to be honest, like there's probably about 50% of our team that doesn't even know completely what's going on. Part of this is the benefit of still being technical founders, we can come out and you got to imagine, like the same way you got to sell partners to make sure they're bought in, you know, when your team starts to scale and get bigger, you have to like resell your team, right? That we are still just as cool and hip and agile as we were five years ago. We aren't the Silicon Valley startup that raised money and now we're five years later. Like we just raised our series A back in February. And what was funny is some of the, even the employees, they were like, you know, I read the press release and you said you were doubling down on R and D. You were doubling down on partner enablement and you made this like real big jab about, we're not looking to get bought by private equity. They're like, are you guys trying to be the security platform for like everyone? And I was like, now we're talking like, now you see the bigger vision and even internally, your own employees who are working their butts off, you got to make sure that they're biting off. And you know, if you say some of these things too crazy, like, I mean, imagine who was sitting around like at Netflix and was like, we're sending DVDs and now we're going to move to a whole digital platform. Like they did not have the skills to stream, you know, terabytes of video per day. Like they didn't have those skills. So I bet they had to do some of the same, like make sure that they internally evangelize and then obviously they committed to it. Thankfully for us, we committed to this about a year ago, hardcore that we were going to do this. So for a lot of partners, it's going to feel like we're just going to flip a switch on and now everybody has, by the way, the problems that I ended up going to solve are ransomware, discovering ransomware early, like hunters would sometimes find it because hackers would make like a persistent foothold. That is a problem that I wanted to slay. So we're one of our services called ransomware canaries. And so when our teammates caught wind of this, they were like, wait, so now even if it's like Sunday at 7pm, somebody gets encrypted, they're going to know it gets encrypted before their clients come in at, you know, seven o'clock in the morning on Monday and know about it. And I was like, yes, that's where this is going. The other one, I think, you know, Tom, you and I did a webinar where we talked about show Danby and so important of looking at your external attack surface. So we're taking of, you know, for every endpoint agent, those half million computers were cross-referencing some of the data and more or less our own equivalent of show Dan, gathering what does your external attack service look like and warning you like, oh snap, you didn't think you enabled SMB for the outside world, but you did. Are you sure you want that opened? And the goal is to mature the sucker to the point of just like we do with the assisted remediation, like when you get an incident, click the button and it does it for you. Like how sexy is it going to be when we can say like, ooh, remote desktop's open and this computer doesn't have a, you know, a minimum lockout period of, you know, X number of failed attempts. So click this button for you, we'll lock down RDP or maybe we won't lock down RDP. We'll just set that password policy in GPO for you. That's the bigger vision that we're going to is the Huntress platform is going to move to wherever the heck hackers are moving since they're always like adapting cat and mouse. If we, if our defense technology can't move faster than the hackers trade craft, how can we ever keep up? So that's the idea of one platform that adapts to wherever they go. And I think that's great because I, you see, if you spend time in any of the forums, um, us as MSPs, we spend a lot of time like, Hey, here's a script to fix this problem, fix that problem. And then we deploy it through our own tools and everyone says, why isn't this built into the arm tool? And everyone goes, I don't know, why can't they do that? They clearly have plenty of money funding and they keep raising our rates. So it's kind of exciting to see that, you know, you're actually going ahead and doing it as a product and coming up with those things going because it's like you said, it's just a GPO policy. And I'm sure someone wrote a PowerShell script to run around doing it, but why didn't someone else do it? But that's also what makes Hunter such interesting thing to me because we have someone, a technical founder, um, which I do appreciate greatly as someone technical myself going, Hey, let's do smart things. We have all this data. We have all this end pointability. I mean, scanning the IP addresses externally, not rocket science to do, um, you know, there are some technical challenges in it, but you have all the data. It's been done before, right? Even the ransomware canaries idea that we've run with. And then what we kind of came to our conclusion last year was, look, maybe in the enterprise, everybody could buy a solution for that, right? What's five bucks here, three bucks there, eight bucks there, you know, in this SMB, we're like, Oh gosh, that's crushed all my profitability. I can't do that. So we've more or less anywhere that we don't run into issues with, uh, you know, maybe patents or we think that, you know, it's just clearly open source or our technology can solve it. We said, look, what's the 80% of that solution that matters the most to the SMB? And then how can we build on our existing framework? So the, obviously the benefit we have at huntresses, we really have humans in the data. So how do I go about this and 80% say this is ransomware, but when I'm not sure, I use my same pipeline that was going, you know, the humans that we're looking for footholds and say, look, the automated system thinks this is ransomware. Can you check? Yep. Any places that we know that it's ransomware, well, why not just report it to you right away? And so that's silly little things. Like those were like ideas that five years ago, we thought at a high level, we knew the technology, but now it's really the implementation level of how do I just make you be able to do that without requiring like a security rock star? Like how can somebody super junior be like, all right, huntress saying ransomware, I looked at, yeah, that's ransomware. Click a button. Why couldn't huntress theoretically like integrate into that backup software and say, please restore these files automatically. That's the crazy place that we're trying to go in by having a platform that can move wherever hackers go. That now frees me up from the shackles I kind of put on myself in the beginning with only doing footholds. Right. It's in, it's like you said earlier, it's you're going where the threats are and that's really what's important. So your core vision really is all encompassed in that. And it's just proof that you're doing all of those things versus everyone says they're doing it. But, you know, we can see the results here for good. That's really excited. I can't wait till Monday when the switch turns on. I'm equally stoked. So especially knowing that some of my own teammates don't know, you got to imagine like internally we're all fine. So I got to ask Tom, you usually get to, you know, you get to grill a whole bunch of the folks on this end. One of the questions that someone asked me and I still, I want to ask you the same thing, but investor type folks, they said, why has not, you know, why hasn't someone fixed this problem to begin with? Or why wasn't this, you know, why wasn't somebody already alerting over remote desktop? And obviously I gave them the technical answer of the business and it just kind of made them snooze. Do you have a more elegant, like why aren't some of these? Cause you and I know that there's PowerShell or SSH and there's a lot of these things that could have been done. You want to take a stab or guess it like why, like why now? Why is this finally getting solved? I think one of the challenges is, you know, and one of the things we do is MSP and we take over from bad MSPs, which unfortunately gives you a skewed perspective as if, oh, they're all bad. No, we're only taking over from bad ones. So I always remind my staff that you wouldn't take over from a good one so you can't use that staff. But it's a lot of people who I think just think there's money in this or they're, I don't know, self-trained without awareness. Like they don't spend time in forums. They don't spend time in a marketplace. So they go, well, this is a secure way to do it. The only advantage we do find from that is we just had another one. We didn't have access to a firewall, but we used it to fly just to try to default cred. And the guy goes, really? Oh, come on, they can't be, oh, they're that bad. I'm like, yeah. Oh gosh, no, it's on the firewall and we're able to get in. So I don't really know if there's an elegant reason other than just a lot of people who start out with, you know, tinkering with computers, start up, go all the way into being an MSP but don't have a deep understanding of technology. Combine that with a lot of companies. Don't look at technology as something that will help and enhance, but instead it's just a cost center for their business. And, you know, I've seen people go around and literally say, we have auditors coming in. They want us to check this box in the craziest one. It'll scare you is the companies that are doing government contracts and they have to be under that. And they're looking. We tell them prices for stuff. They go, that's too much. Who can we call? We just need to get this auditor off our button. Someone to sign off on this. I'm like, well, that's not us. Like you're not following this. You're not following guidelines. So because they keep looking at technology as a cost center and an overblown thing, their lack of value on it is putting them at risk. So it's some market combination of it. I don't know if there's a more elegant way to say it though, but yeah. I can get it, man. I mean, the reason I was asking, because it's nice to hear from the other end, right? I've got similar hypothesis that I've wondered, but thanks for humor in me a little bit and like at least giving me your two seconds. So as I mentioned, Tom, like this sucker is going to be in your portal on Tuesday. If you want, you know, we've got some like early access features that we didn't enable because this was supposed to be a surprise. Or you can give me a whole or afterwards and maybe I'll give you some earlier access than Monday. That'd be exciting. So that's very cool. Well, and the good news is I will say I have met through peer groups and you have known some, they're not all bad. All the MSPs, not all tech is bad. There are some people doing solid. They're the ones though, not in the news though, because it's actually a well run company with everything done right. It's kind of boring that they're not in the news or doing something weird. They follow all the proper security procedures. That's why you don't hear about them. They exist, but there's not, they're not worth covering because they're like, oh, they do everything right over here. Makes sense. Their files aren't for sale on the internet, you know, so. Yeah. So I've got sadly, I've got to wrap up because the team like, yo, we know you have products to release today and tomorrow and Saturday Sunday types of scenario. Thank you for taking the time. It was awesome speaking with you. Well, I'm looking forward to a couple of days from now and that's, that's going to be on what date? Cause right now it's, it's June 19th. 20 seconds. So we're talking Monday, literally like three days from now, 22nd of June, 2020. This is something to look forward to in 2020. There we go. Right. If there's one thing at least one thing it's, it's that I'll get some new features for you. Thank you for joining me. You can learn about Kyle leave links below where to find out about Huntress, but it's Hunter Slabs and they have a blog and they have a cool product. You can read all about their stuff there. So hey, thanks again, man. Awesome. Huge thanks, Tom. This is sweet. All right. And thank you for making it to the end of the video. If you liked this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon. If you like YouTube to notify you when new videos come out. If you'd like to hire us, head over to LawrenceSystems.com. Fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you want to carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, videos or other tech topics in general. Even suggestions for new videos, they're accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching and see you next time.