Security Stack with your environments

kim

Let's talk security stack and layered defenses. What type of combinations do you use for your client environments for a layered security approach? I currently use SentinelOne and I want to either add Huntress for network monitoringand maybe swap SentinelOne for CrowdStrike. There are so many companies out there that claim to have a great EDR or XDR, but I just want my environment protected the best possible way it can. Do you all use a multilayered security approach?

tanderson

@kim We use Windows Defender paired with Huntress and Threatlocker. We have had great success with this lineup. Huntress can control the Defender settings so your settings are set across all PCs without manual setup.

Huntress is fantastic at finding things traditional anti-virus misses and is very automated these days. The best part is the automation comes in the form of real people from Huntress responding and resolving most issues, freeing up your team.

Threatlocker is epic in its control. It takes time to set up and train users, but when running well, it is unstoppable. Also, it has a fully managed license so their techs can respond instead of your team.

Also, all these tools are relatively lightweight processing-wise on devices. I have used SentinelOne in the past, and sometimes it cripples lower-end devices because of how much processing power it uses.

DP

I've also been using Huntress for the last 4 months as an added layer on top of Trend micro - Email protection is paramount - only allowing Docx, PDF, etc.

@tanderson have you had any incidences with Huntress?

tanderson

@DP Yes, we onboarded a new client that was using SentinelOne previously, and it found malware on the server. It has also alerted us to two instances where Windows Defender stopped on two servers.

DP

Yes I haven't had anything major either, but it's a good insurance polity. Recently, it looks like they are searching for password documents saved on computers. I hope they keep on improving and adding features.