Huntress’ Managed Antivirus enables centralized management of Defender across multiple domains, which Defender does not do natively, and gives partners opportunities to strengthen their existing AV management or use the service to recommend customer changes in the use of their budget.
Baltimore area-based MDR [managed detection and response] provider Huntress has a announced that it has released a new service, Managed Antivirus, into Public Beta. Managed Antivirus allows for central management of Microsoft Defender, something that can be highly valuable for MSPs who are on multiple domains. Huntress is providing the new service free to MSPs.
“It was one always one of our goals to help partners manage an AV,” said Kyle Hanslovan, Huntress’s Co-Founder and CEO. “I would have said a year ago this would not fly. We were never going to build an AV ourselves, but Microsoft Defender is very solid unlike their earlier efforts with Microsoft Security Essentials.
Hanslovan said that while Defender is a sound product technically, its management isn’t the most MSP-friendly, however.
“Microsoft still tends to think that managing takes place on a single domain, and they still don’t quite understand multiple tenancy,” he commented. “But some partners are on multiple disparate domains. Managed Antivirus gives them a centralized place to manage it all regardless.” It includes a multi-tenant dashboard that manages and monitors Microsoft Defender across multiple client environments.
Managed Antivirus also leverages the Huntress ThreatOps team, to bring additional analysis and recommend remediation or prevention Defender alone cannot perform. This includes what Hanslovan compared to providing a warning to MSPs against touching a hot stove.
“Our team at Huntress sees a lot of decisions that MSPs do when they manage customers, and sometimes they make dangerous decisions,” he said. He showed an example which was brought to his attention yesterday, where the MSP gave blanket whitelists to whole areas, including Windows 32- and 64-bit systems, and anything coming from Datto, which the MSP uses.
“Whitelisting giant numbers of folders like that is just a gift for a hacker, who will put their malware in directories that are excluded from scrutiny,” Hanslovan stated. “Managed Antivirus will let us warn MSP against doing things which are like touching a hot stove.”
On paper, Microsoft Defender supports the Microsoft browser exclusively, but in practice, it does provide support for competitive browsers as well.
“There is still tight integration,” Hanslovan said, indicating that he recently deliberately uploaded malware through the Google Chrome browser, which Chrome missed, but Defender flagged. “It’s clearly the new Microsoft, with cats and dogs and Linux all living together, and learning from past mistakes like Security Essentials.”
Hanslovan said that some MSPs had been using homegrown solutions to try and solve the issues addressed by Managed Antivirus, including using PowerShell, or trying to do it through an RMM.
“I haven’t seen one service yet that does management this way,” he said. “This is an extension of what it means to be managed, and a little different approach to SOC as-a-service.”
Many partners like the idea because they see it as freeing up budget from traditional AV, particularly in the sub-250 customer market.
“Some see it as a way to free up budget to get customers to adopt things like 2FA, or to upgrade antiquated an OS like Windows 7,” Hanslovan noted. “Some indicate that they will use it to replace traditional AV, while in others, it will be an augmentation.”
Expect more enhancements to Managed Antivirus over the next few months, Hanslovan added.
“We expect features to be added to this for at least a year, because there is so much that we can add,” he said.
The Managed AV Public Beta is now live.