Technology Advisory Group

Big incidents don’t always make a dramatic entrance. Often, it starts with a subtle feeling that something’s wrong. Maybe a machine starts behaving erratically, or you spot unusual activity on a critical system. What happens next depends on your ability to swiftly diagnose the issue and prevent it from escalating. For a managed service provider (MSP), your response in these instances defines your reputation with clients.

Technology Advisory Group (TAG) is beloved by their clients because they’ve spent the past 30 years thriving in those moments. Gary Harlam, Owner and President of TAG, describes the company as “an extension of each client’s team,” a role they fill by emphasizing proactive support and getting ahead of problems before they happen.

Challenge | Stronger security had to become the standard

For years, TAG relied on traditional antivirus software and offered stronger protection only to customers who chose it. Over time, that stopped feeling like the right move.

“It wasn’t enough protection based on the threat levels that we were seeing,” says Harlam. “The move to an EDR-based product was going to be a better baseline for everyone.”

Harlam points to another practical reason for the shift: cyber insurance questionnaires starting to ask whether businesses are running endpoint detection and response (EDR) solutions.

But Huntress wasn’t the first solution Harlam deployed. Despite looking to an EDR from a prominent vendor, only about 30 percent of customers had chosen to adopt it. Clients pushed back on the pricing, and the administrative overhead made it too hard to manage. Harlam knew he could do better.

TAG didn’t need another security tool that looked good on paper but added more friction later. They needed something they could deploy broadly, manage without constant tuning, and, most importantly, trust when a situation turned serious. So TAG decided to find a new EDR vendor.

Solution | A rollout the team could manage without extra drag

In 2023, TAG standardized on the Huntress Security Platform, deploying Huntress Managed EDR across all workstations. The platform is easily integrated with Microsoft Defender Antivirus, helping TAG raise the security baseline across their client base.

“The deployment was easy,” says Harlam. The bigger lift was removing the old EDR and migrating customers. The TAG team spent about four months completing the transition for all clients, creating a mandatory deadline and an early adopter incentive to help drive adoption.

With Managed EDR in place, TAG's team found their tedious day-to-day tasks significantly reduced. “One of the things that we love about Managed EDR is it’s managed by the Huntress team,” says Harlam. “Unlike other tools, it doesn’t require lots of tweaking.”

TAG no longer had to constantly chase best practices or closely manage the platform as they did with previous solutions. “With Huntress, we don’t have to deal with any of that,” says Harlam. TAG also connected Huntress reporting into their PSA workflow, helping turn alerts into action more quickly.

Results | When ransomware pressure hit, the SOC moved fast

Since partnering with Huntress, TAG has tackled multiple compromises, including three VPN-related incidents. Harlam says the Huntress Security Operations Center (SOC)—a 24/7 team of elite threat analysts backed by AI—has been consistent across all of them. “The response times and actions of the SOC have never been a question.”

In one incident, an attacker used a compromised account with VPN access to reach a primary domain controller over RDP. After WinRAR was executed, Microsoft Defender flagged a Qilin ransomware binary. The Huntress SOC then mass-isolated the environment before encryption could begin.

That kind of response matched what Harlam says he’d seen more broadly. When attackers gain access to an environment, Huntress moves quickly to isolate affected machines and, when needed, contain the wider environment to stop lateral movement. The SOC also helps TAG investigate the incident and work back toward the likely entry point.

Harlam knows that no security product is perfect, but he believes Huntress comes very close. He says the platform has allowed his team to act swiftly, reducing the potential damage from threats. That matters to clients. “People have thanked us and said, ‘Thanks for doing what you had to do, and doing it so quickly,’” says Harlam.

With Huntress behind them, TAG has set a higher security standard for their clients and can now respond even faster when things go wrong.