Small and medium businesses are changing their security stance for the better. There are still some stragglers, but they tend to be brought forward by insurance companies requiring at least a shred of security defenses and procedures. It still begs the question: How should your company be improving its security?
Do you see it as a cost center or a necessary evil? Do you have tons of money to spend on hiring the best and brightest in the sector? Or, like most mid-sized businesses, are you looking to operationalize and scale your security?
In this blog, we will look at how today’s businesses are seeking to adapt their security strategies beyond the traditional tools of yesteryear. We will also highlight how mid-sized businesses can actually get baseline protection with Huntress. But first, let’s dive into the common security challenges you might be facing today.
Companies That Bury Their Head in the Sand
There are small and medium-sized businesses that see cybersecurity as a cost center. That mindset has caused them to make choices that are unsustainable and leaves them open to being attacked. They tend not to maintain security updates, maybe only have an antivirus (AV) in place, onboarding and offboarding procedures are non-existent, just to name a few.
The problem with these companies is that there must be a mindset change. Security is imperative to everything. If there is an attack, it could be business-ending or at the very least extremely expensive in terms of cost and reputational damage. This is especially true given that 47% of mid-sized businesses do not currently have an incident response plan, and another 27% have no cyber insurance coverage. It used to be the case that insurance would just pay out when a breach occurred, but because of the billions of dollars paid out over the last decade, insurance has gotten wise in that they can be the change agents to help level up the security at these types of companies.
Companies That Have Money To Burn
The small and medium companies in the market today are probably not in this camp because, in the current market, all costs have gone up (salaries, utilities, COGS, etc). This camp tends to be in the top 1% of businesses, like Google, Microsoft or Apple. They can pay hundreds of staff for “eyes on glass” 24/7, around the world to see what needs to be addressed. Even with the artificial intelligence, machine learning and large language models (AI, ML, LLDs) that they have access to, they STILL need people to contextualize and understand.
We can’t all be in the top 1%, so why not see if there's an enterprise-style solution that can actually be supported by small and medium-sized business budgets and operationalization needs? 👀
Companies Looking To Operationalize Their Security Outcomes
The first two examples are a subset of the market today. I suspect that you more closely align with this example because it is smart to operationalize and scale efficiently.
You understand that you need to harden your endpoints from attacks, as well as have some sort of detection and response after a threat actor gains access to an environment—and you know that no single security tool is 100% effective. If you’re like the 61% of mid-sized businesses who don’t have dedicated cybersecurity experts in their organization, you’re likely facing a talent shortage problem. You might have some people internally that can triage alerts, but they likely aren’t working 24/7 because the hiring pool is limited and expensive, and well… people have to take breaks now and then.
Therefore you have or are looking to have an endpoint solution that’s more than just antivirus. AV is still an important piece of preventing attacks from happening, but it is not the only tool you need in your security toolbox. Endpoint detection and response (EDR) tools have AI and machine learning capabilities, but your team still has to qualify the alerts that get responded to. And worse yet, if there is an automatic playbook that is run improperly, your business can grind to a halt.
So, you look at the 24/7 security operations centers (SOCs), sometimes a third party, and sometimes those associated with the AV and EDR you already use. They will help offload the work that your internal team doesn't have time for. However, we have found that that is rarely the case. Many of these vendors often just send things that look suspicious to the internal teams to confirm as bad or mark them as benign. So, is there really a benefit to the massive additional expense that you are incurring? Likely not.
Huntress Managed EDR Brings You Enterprise Coverage at an Affordable Value
Huntress seeks to protect the small and medium businesses who need cybersecurity the most, and therefore has to have an affordable solution for EDR, that is easy to install and manage, with the backing of a 24/7 security operations center (SOC). The Huntress SOC is staffed by experts who are reviewing suspicious information and only providing your technical or security teams with incident reports that are actionable (and not to mention, it’s not an additional expense). This leaves time for those teams to work on endpoint/network hardening, training, incident response, etc.
The economies of scale don't end there, there are more teams and infrastructure that help the SOC be as efficient as they can be.
The first group is the detection engineering team, they are devoted to making sure that the detections that the SOC team receives are high fidelity and provide contextual information to discern if something is deemed malicious to report on. Since Huntress protects over 2 million endpoints, we can actually run those new detections across our entire environment, so everyone in our ecosystem benefits.
There is a product team to make sure that the dashboards are easy to use for the SOC team to work effectively. The SOC team cannot waste time clicking through pages and need all the necessary information in a single location to report quickly. Not doing so could be the difference between one or two machines having an initial payload to an entire site being ransomed.
Yet another group is our research and development team. They have a couple of different mandates. The first is looking out for novel attack vectors that threat actors use to gain access to customer environments—like the MOVEit or PaperCut vulnerabilities—and see if that information can be operationalized in the Huntress detection engines. Another role they have is to figure out where threat actors' next frontiers are going to be, like business email compromise and see how Huntress can innovate, like we did with introducing Managed ITDR or expanding coverage with Managed Microsoft Defender.
As you can see, it takes more than just an endpoint solution like antivirus or EDR to provide foundational security for your endpoints. You need people. How you get access to those people is up to you, but with Huntress, you can gain security expertise, constant iteration and freedom to work on what makes sense for your team for an affordable price. Isn’t that worth the peace of mind?
