Huntress Releases First Public Tech Roadmap, Preps For Major SIEM Push

‘Nobody has really done SIEM in a way that's scalable in the MSP space to where, if you had to, you could flip a switch and turn it on tomorrow for all of your clients. Over the last three years, we've gone from about 50 percent of MSPs using SIEM internally to now about 80 percent. But of those MSPs who are using it, rarely do they get it out more than 10 percent of their clientele, and that's only because you get the ‘compliance hand raisers,’ the people who have to have it,’ says Jeremy Young, Huntress’ community growth strategist.

Huntress, an SMB-focused managed cybersecurity vendor, has grown since its founding in 2016 to 450 employees, half of whom have been with the company for less than one year.

Not a bad record for a company that was just one demo away from closing shop.

Jeremy Young, community growth strategist for Columbia, Md.-based Huntress, told an audience of MSPs at this week’s XChange 2025 conference that the company’s founders were close to shutting Huntress down in 2017 after not getting enough traction.

“Honestly, they were broke that year,” Young said. “They decided to go all in at IT Nation, and [CEO and Co-founder Kyle Hanslovan] drove them from Washington, D.C., down to Orlando. [CTO and Co-founder Chris Bisnett] was writing a Windows hacking demo in the back of the car on the trip. To demonstrate it, they bought a TV from Best Buy that they returned after the show, because every penny counted. They ran that hacking Windows demo, and they won the Partner Choice award. That bet paid off. The leads they got converted from that show to revenue and allowed them to raise money.”

And raise they did. Young said the company has raised $309 million and now has a valuation of over $1.5 billion.

“While a lot of things have changed, a lot of things stay the same, and our founders are still here,” he said. “They’re still obsessed with the product. They’re still obsessed with making our partners the heroes, and the Huntress purpose, culture, and community-first approach have remained alive and well.”

The Huntress platform now includes four primary offerings, Young said:

Managed EDR, or endpoint detection and response.
Managed ITDR, or identity threat detection and response, which defends against identity-focused attacks.
Managed security awareness training to help MSPs learn to avoid phishing attacks, malware, and so on.
Managed SIEM, or security information and event management providing secure log storage, intuitive searches, and comprehensive reporting.

Huntress’ managed SIEM technology, while still early in the development cycle, has come farther in the past few months than similar offerings from other vendors have come in the past few years, Young said.

“Trust me when I say Huntress will be the affordable SIEM you need for 95 percent of your clientele,” he said. “Combined with managed EDR, ITDR, and SAT (security awareness training), this solution overall addresses compliance questions while adding security value without breaking the bank.”

Huntress’ platform can also help MSPs and their clients achieve CMMC (Cybersecurity Maturity Model Certification) Level 2 compliance, and the company is working on its shared responsibility matrix, Young said.

A CMMC Level 2 shared responsibility matrix delineates which security controls and responsibilities belong to the customer compliance versus those that belong to the service provider.

Young also said that the company is now making its platform available free of charge to MSPs for internal use.

Young later told CRN that Huntress has published its first public roadmap since the company was founded.

“That’s part of the things that comes with scale,” he said. “We’re finally having enough products, people, and engineers so that every single offering has its own product management group.”

Previously, Huntress would have ideas for future products on its website that MSPs could vote on, Young said.

“But we’re never given the whole, ‘Hey, here’s what we’re going to do in 2025,” he said.

The most important item on that roadmap is Huntress Managed SIEM, which the company started building in August, Young said.

“It’s still in progress,” he said. “It’s available. But it’s not today where it's going to be in a year. Nobody has really done SIEM in a way that's scalable in the MSP space to where, if you had to, you could flip a switch and turn it on tomorrow for all of your clients. Over the last three years, we've gone from about 50 percent of MSPs using SIEM internally to now about 80 percent. But of those MSPs who are using it, rarely do they get it out more than 10 percent of their clientele, and that’s only because you get the ‘compliance hand raisers,’ the people who have to have it.”

For now, a lot of MSPs don’t believe SIEM is a necessity, so they're not going to push it, Young said.

“This means adoption is going to stay in that realm,” he said. “Well, there's a lot of rising tides pointing you in the direction of, you need to have this for compliance. But there's nothing available that you can actually put across your clientele that's not going to drown you in alerts and that will not result in customers’ knee jerk reaction to say no because of the price. Huntress is going to be that solution for the 95 percent of clients that don't want to know understand the acronym SIEM.”

The data from implementing SIEM across a wide swath of MSP clients is also really beneficial for Huntress’ SOC, or security operations center, which can use the SIEM data to improve customer security, Young said.

Huntress’ goal for all of its products is under 1 percent false positives, he said. Log data from EDR, ITDR, firewalls, and so on need to be correlated to have a higher confidence in detection of potential issues, and that data can be fed to the SIEM at no charge, he said.

That, combined with a recent feature that prevents the SOC from taking CUI (controlled unclassified information), makes Huntress’ platform more attractive for MSPs whose clients are concerned with compliance issues under CMMC, Young said.

Tony Balistrieri, CEO of TechhubPS, a San Diego-based MSP that often partners with other MSPs to help with their managed services, told CRN that the history of Huntress that Young presented shows how the company has evolved and where it is heading.

“You can see that Huntress thought it through in terms of developing their technology as well as the company’s solid channel focus,” Balistrieri said. “Their final approach and their final model made it clear what Huntress was doing was built for channel companies. And they’re making their tools so that MSPs can really understand what they’re doing.”