Interview with Huntress Labs CEO, Kyle Hanslovan — Detecting advanced threats in small companies


Kyle Hanslovan — CEO Huntress Labs

Gula Tech Adventures recently participated in Huntress Lab’s seed round. This portfolio company brings the power of modern threat detection to managed service providers. I was able to catch up with their founder and CEO, Kyle Hanslovan, before he headed out to BlackHat 2017 and asked him a few questions.

Q1 — Huntress Labs is focused on automated breach detection for managed service providers and IT outsourcers. How prepared are law firms, doctors offices and SMB business served by MSPs to detect and stop modern malware and detect breaches?

Managed Service Providers layer preventative security products to defend their customers. For years, this adequately protected SMBs against most unsophisticated threats. Unfortunately, the threat landscape dramatically shifted in 2016 when hackers realized small businesses could be as lucrative as well-guarded enterprises. As a result, most businesses served by MSPs are not prepared to detect the advanced techniques which inevitably slip past their preventive security. Left unchecked, SMBs risk their productivity, their reputations, and―in extreme cases―their businesses.

Q2 — How easy is it to bring Huntress monitoring into an MSP’s operation who are already supporting dozens to hundreds of customers?
MSPs have deployed Huntress to hundreds of their clients in less than 10 minutes using their existing Remote Monitoring and Management (RMM) software. We’ve built our endpoint agent to seamlessly integrate into the workflows MSPs know and expect. After deploying our software, MSPs return to the tasks that support their customers and grow their businesses. When our managed service discovers a breach, we create a detailed remediation recommendation directly within their existing ticketing system. No need to hire cybersecurity rockstars. No extra pane of glass to monitor.


Q3 — How does the Huntress technology compare to other modern end point security detection and remediation tools?

The endpoint detection and remediation market is a crowded space with several great options for large organizations. However, most require analysts with security expertise, only integrate with enterprise products, and come at a steep price point. For MSPs, these products aren’t reasonable options. Instead of replacing our partners’ existing security investments, we designed Huntress to complement them. To do this, our breach detection service hunts for the unaddressed techniques hackers use to maintain access to their victims. Our technology gives our partners’ the same attention as a dedicated security analyst at the price of a product.



Example Evasive Malware detections in the Huntress GUI and tickets created in ConnectWise

Q4 — The Huntress 
blog has some great examples of new malware and customer compromises found through your service. What is the most sneaky or interesting attack you’ve been able to observe with your platform?
We frequently discover infections where hackers abuse legitimate/trusted applications for nefarious purposes. Within the past three weeks, we’ve seen three Microsoft applications (InstallUtil.exe, mshta.exe, regsvcs.exe) and two third-party applications (javaw.exe, php.exe) leveraged to execute malicious payloads anytime a user logs into their computer. By abusing trust, hackers easily slip past even the best preventative security products. The creativity of these attacks make them our favorite to discover.


Q5 — Do you only sell through partnerships with MSPs or do you allow customers to purchase Huntress directly to complement their existing anti-virus strategy?

Selling Huntress through MSPs allows us to leverage their existing technology stack and their intimate familiarity with their client’s networks. This makes them an ideal go-to-market partner. However, we also partner directly with mid-market companies who do not outsource their IT needs. These relationships require additional support to ensure smooth deployments and proper incident remediation. In these instances, we charge an additional fee for the premium support we provide.

Q6 — What is the best way to get a demo?

We’ve discovered breaches in 88% of our large trials (on 200+ laptops, computers, and servers). Rather than tell our partners’ that Huntress works, we prefer to show them. Our 21 day free trial makes this easy. Register at

With managed breach detection, your clients/employees remain productive while you remain profitable.

  • No credit card needed or host limit.
  • Silently deploys via your RMM.
  • Reports directly to ConnectWise or Email.
  • Complements your existing security investments