Seth Geftic On Securing SMBs With MDR

Small and medium-sized businesses (SMBs) often lack the in-house resources necessary to protect themselves against cyberthreats, making them prime targets for cybercriminals. While the payoff might not match that of breaching a large enterprise, the ease and low risk of attacking a small business makes SMBs an attractive target for threat actors. But with constrained budgets, limited resources, and a shortage of in-house expertise, how can they effectively enhance their cybersecurity?

One solution is to invest in security services that are managed by the vendor.

“At Huntress, everything we do is managed,” says Seth Geftic, Vice President of Product Marketing at Huntress. “We combine the tech with our 24/7 team of experts, so […] we do all the heavy lifting for [SMBs], we apply all the expertise for them, and we only bother them when we need their help to finish rectifying the situation.”

Huntress is a managed detection and response (MDR) provider that caters specifically to small-and-midsized businesses that typically have a small security team, or none at all. While Huntress has historically been focused on managed EDR, they’ve recently expanded their platform to offer managed security awareness training and identity security, and will be introducing a managed SIEM offering in a few months.

In an exclusive interview with Expert Insights at the 2024 RSA Conference in San Fransisco, Geftic discusses why SMBs are just as at risk of cyberattack as large enterprises, how managed security services enable SMBs to benefit from effective protection, the importance of blending tech- and human-centric security—and why AI can’t replace a human SOC team.

Note: This interview has been edited for clarity.

Unlike many other threat detection and response solutions, Huntress caters to small-and-midsized business with under 1,000 users and a small—or no existing—security team. Why are you focussed on helping SMBs? Are they more at risk than larger organizations?

It depends on how you measure risk, but they are more at risk in the fact that a lot of them are defenceless. They experience the same threats as a larger organization—maybe less specifically targeted towards them, but they fall victim to crimes of convenience because they’re “low hanging fruit” for attackers.

But when you walk the showroom floor here, most vendors here could care less about them. They don’t care about SMBs or the MSPs that serve them—they’re really an afterthought. Instead, they’re focused on Fortune 500 and Fortune 1000 organizations with big 24/7 security operations teams and big budgets, so they can buy their expensive products.

But when you look at the mission of cybersecurity—if you’re in it for that mission—the people who are the most underserved, under protected, and under resourced are our target market. So, we built our business to service them, both from a technology and a human standpoint, and make sure that they can stay protected, so they can just focus on what they do.

How does Huntress’ approach—blending technology with human-centric security—enable SMBs in particular to benefit from effective protection?  

Most security products are built for large, well-resourced security teams. So, I could give you an unlimited budget to buy technology, but when you buy it, it’ll become shelfware unless you have a really smart team of humans to operate that technology on the other end.

The providers of these solutions have good intentions, but SMBs and MSPs are different. They can’t build out the talent, they don’t have the resources, and they’re not 24/7. And we see the result of that on the vendor side—when I’ve worked with other vendors, whenever the product didn’t work, the number one reason was that it wasn’t maintained or set up properly. That’s why having the management side is key.

To solve that problem, at Huntress, everything we do is managed. Managed endpoint security, managed identity protection, managed security awareness training, and then soon managed SIEM. We combine the tech with our 24/7 team of experts, so that if you’re a small business, your IT teams and junior IT analysts can use us. We’re going to only inform them of what’s going on when we find something; we do all the heavy lifting for them, we apply all the expertise for them, and we only bother them when we need their help to finish rectifying the situation.

In addition to your core MDR offering, Huntress recently launched a Security Awareness Training product. Could you tell us about the Curricula acquisition, how Huntress SAT came about, and how it will allow you to further support your customers?

A little over a year ago, we acquired Curricula. We’ve since taken our mantra of how we democratize inaccessible parts of security and bring them to people who don’t necessarily have the ability to run them on their own, and applied that to security awareness training.

When you ask people what they think of security awareness training as a general category, you get pretty unenthusiastic answers. The users who have to use it, hate it. You sit through a lecture at the end of the year for three hours, and you learn nothing; it’s not effective. And the admins who have to run it also hate it, because it’s really laborious; it’s hard to set up and maintain.

So, when we looked at security awareness training, we wanted to flip that. The reason we love Curricula is because they have a science-based approach to the way they build their training. They use these great animations from Emmy Award-winning creatives, and users actually like them. Because of that, they remember and retain the lessons. Plus, admins love it too because we manage it completely for them. We set it up, run it, and manage the phishing simulations, so admins can just set it and forget it.

Because we are not a pure training company—most of the providers in the SAT space are training companies or education companies, but we’re a security provider—, all the lessons that we build are informed by our security teams. We have 150,000 customers and 5,000 partners, so we know what real-world threats are and we have the ability to design and deliver our training based on the trends we’re seeing in our SOC.

You mentioned that you also have plans to add managed SIEM to the platform—could you tell us a bit more about that?

Later this summer, we’ll be announcing our managed SIEM offering. SIEM is a technology that mostly hits the top end of the market. It’s extremely hard to use and extremely hard to get value out of. But all our partners and customers either want to use a SIEM, or get rid of the SIEM that they’re using today because they’re not loving it. It’s burdensome, it’s expensive, and it’s not really helping them from a security perspective.

So, once again, we’re going to democratize SIEM and bring it to a broader audience by fully managing it. We know what data needs to be collected from a security standpoint, and we’re the ones in charge of monitoring that data. So, we’ll only collect the security data we need and only collect the compliance data we need to make sure that they can prove compliance, which makes it a much more accessible solution.

We bring the expertise and the management, and we minimize the amount of data.

I’d like to “zoom out” a little now to discuss some wider trends in the cybersecurity landscape. One of the topics we’re hearing about the most here at RSA is generative AI and, in particular, how organizations can use it to identify and respond to cyber threats. What are your thoughts on AI in cybersecurity? Could it really be used to replace a human security team?

If you walk the floor, 75% of the booths have the word “AI” on them. Now, we go through this buzzword phase as an industry every few years. It used to be “big data” for a while, “intelligence driven” and “deep learning” for a little bit, and “machine learning”, and now it’s just “AI” in general. So, when people hear “AI”, they naturally tend to start rolling their eyes.

I think it’s an important technology and it will have a big impact on the industry. We do not believe as a company that it will replace humans anytime soon, and we’re not planning on replacing our humans with AI. We see it as a tool to help our really smart people work faster and more at scale, and find things that they couldn’t have found as quickly on their own. But we are not taking humans out of the loop.

For the overwhelming majority of incidents that we report on, a human has looked at that and reviewed and approved it before we send it to our customers, and that’s how we keep our false positive rates at less than 1%. Having AI being an aid to humans is where we see the world. But having AI replace human expertise? I don’t think we’re anywhere near that point in our industry.

Part of the reason there’s so much hype around AI is that people are struggling to hire and build out security teams. So, they see this promise of AI coming in and solving this problem for them. I think it can solve some of those problems, but it just can’t replace the need for the humans there.

What are your final words of advice to SMBs struggling to secure themselves against some of the complex threats we’re seeing today?

Get help! If you’re trying to do it on your own, it’s a losing battle,” says Geftic. “There is no way as an SMB you could build up the defenses internally to match the attackers’ side. And there’s no way you can compete in terms of hiring, training, and retaining a staff compared to large, well-funded security organization; even if you found that unicorn and you got someone you could afford and you could train, once they prove their value for you, they’re going to get poached by a large organization.

So, you need to work with outsourced vendors like MDR providers who can do that work for you. Don’t try and do it alone.

Thank you to Seth Geftic for taking part in this interview. You can find out more about Huntress’ Managed Security platform via their website.

Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions with confidence.

For more interviews with industry experts, visit our podcast page here.