MDR provider Huntress expands into EDR with Level Effect acquisition

Level Effect’s technology combines endpoint forensics with sophisticated network traffic visibility, providing network-aware detection of attacker behavior, without the need for an appliance.

Kyle Hanslovan, Huntress co-founder and CEO

Huntress, a Baltimore area-based MDR [managed detection and response] startup has announced their first acquisition, San Antonio-based startup Level Effect. Level Effect has a differentiated network-aware EDR endpoint detection and response (EDR) technology, which will expand the capabilities of the Huntress platform and allow them to offer their MSPs new services.

The acquisition continues the expansion of Huntress’s technology and go-to-market capabilities. Huntress CEO Kyle Hanslovan and his co-founders spent 11 years doing cybersecurity at the NSA before moving into private enterprise, with the idea of providing a breach detection and remediation system to smaller businesses who typically cannot afford this kind of technology, even if they are aware of it.

“In the fall of 2015, when I created the company, I was going to go direct to small businesses,” Hanslovan said. “The first five people I called said that they used MSPs. So I had to learn what they are, or I was going nowhere quick. I wound up spending a day a week with every MSP around Baltimore.” Today they have 1700 MSP partners, which includes a gain of 700 during 2020, no small feat considering the MSP trade shows which Huntress diligently attended pre-COVID were moved to a virtual format which is far less ideal for talking with prospective new partners. In 2020, they also added VAR and system integrator partners for the first time, and also now define their target market as the mid-market down.

Hanslovan said MSP partners do need operational maturity, with MSPs having customers with 100 endpoints or more being an ideal target.

“Our larger MSPs have around 100 employees and target 150-1000 employee companies,” Hanslovan said. “We use algorithms, but we never hype machine learning. We have algorithms that discover that something is 70% likely to be malicious, but you can’t bother an MSP with that. We have humans who look at that data. Any time the algorithms aren’t sure, we send them to a human. We do get false positives, but we don’t let our customers see them. The key to our product is delivering fancy algorithms and awesome humans at a low cost, complementing the gaps in what the algorithms can do with really highly trained humans, at a cost of delivery that doesn’t drive up the service cost.”

Huntress has not had an EDR capability of its own previously, and has not partnered with any company specifically in the past. They have worked with all of the EDR companies in the past in a complementary way.

“For end customers who are highly regulated, we run side by side with an EDR,” Hanslovan said. “We still complement those endpoint detection capabilities. There have been several cases where we actively displaced EDR, but those were cases where it was a budget decision.”

Acquiring Level Effect was a no-brainer for Huntress because of their differentiated technology. Their Recon solution merges endpoint forensics with sophisticated network traffic visibility for enhanced detection of attacker behavior, without the need for an internal appliance.

“Huntress has always looked at the endpoint side, but the big thing about Level Effect is how they protect the extended part of network,” Hanslovan said. “Level Effect has an amazing technology for the network side of the house, which we didn’t.”

Being able to provide this capability without the need for purchasing a complementary solution or an appliance is key in the SMB market.

“The idea of installing another appliance was already dying in the SMB, and now post-COVID, that idea is dead,” Hanslovan emphasized.

“Our big value is that we are able to correlate the network traffic to what the endpoint state is,” said Greg Ake, Level Effect’s co-founder and CEO. “It gives us a wealth of context so we can triage with what’s going on. We don’t need an external hardware appliance because bringing those technologies together lets us correlate that stuff.”

Bringing the Level Effect capabilities into the fold will impact Huntress directly by adding new services to their portfolio.

“Huntress currently provides three major security services, and this will double that,” Hanslovan said. “We can show our partners things they have not seen before.”

Huntress and Level Effect had not worked together previously. Rob Noeth, Level Effect’s other co-founder and COO, worked 50 feet from Hanslovan when they were both at the NSA, but that was just a co-incidence.

“We did, however, have the same vision,” Hanslovan said. “The background of myself and my co-founders at the NSA was offensive cybersecurity. They also have NSA backgrounds, but used a different approach to solve a different problem, It’s still the same passion and the same vision, around the rich telemetry we have from our data and being able to share that.”

“It’s empowering to have the same shared experience,” Ake said.

Both Ake and Noeth will join Huntress. While Huntress has acquired the Recon technology and related IP portfolio, Level Effect will continue to operate as a separate business, providing cyberlearning.

“They have a services side which we did not acquire, and that services entity will continue to run independently,” Hanslovan said.

Hanslovan noted that Huntress, a small company which is not owned by a private equity player, was able to raise the funds for this acquisition because of their extremely strong growth.

“While we do not have massive PE backing, we were able to raise an 18 million Series A round, which we announced at RSA last year,” he said. “We have had phenomenal growth in company revenue, and in our customer base. We went from 18 to 70 employees in COVID and will be over 200 by the end of 2021. We are being courted for a Series B, even through we don’t need the money, which is a cool position to be in. Our company plan is to eventually go public – not to get acquired.”