Multi-vendor managed security
Huntress is our default platform for greenfield deployments. If you've already standardized on CrowdStrike, SentinelOne, Microsoft Defender, Zscaler, Wiz, or another enterprise security tool, we operate it for you — deployment, tuning, alert triage, incident response coordination, and the executive reporting that turns the platform into a program. No rip-and-replace, no commission for swapping tools, no generic SOC ticket queue.
TL;DR
Most managed security firms make their money pushing you off your existing tools and onto the platform they happen to resell. We don't. Obsidian Ridge runs two distinct lanes: a Huntress lane for greenfield deployments and clients who want a single bundled platform, and this multi-vendor lane for clients who already invested in their stack and want it operated correctly.
Both lanes are the same practitioner, same response model, same accountability. The only difference is which platforms sit underneath. If you've already deployed CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, or anything else listed below, the right answer is usually to operate it — not replace it.
What we operate
Each layer below reflects platforms with active engagement experience, vendor certification, or both. If your stack includes a tool not listed, ask — the honest answer comes back on the briefing, not after you sign.
Agent deployment, policy tuning, alert triage, response coordination, and the executive reporting layer on top of whichever EDR you already standardized on.
CrowdStrike is operated by a CCFH-certified practitioner — threat hunting on Falcon, not just alert acknowledgement.
Policy review, allow / block tuning, suspicious-mail investigation, and BEC-targeted detection for whichever email security stack sits in front of your inbox. Covers traditional gateway products, ICES (integrated cloud email security) layered on Microsoft 365 / Google Workspace, and the browser-and-collaboration extensions that have become the new attack surface.
Fortinet MSSP partnership submitted (May 2026) to enable FortiMail Workspace Security delivery; certification status confirmed during the briefing.
Microsoft 365 identity hardening — Conditional Access policy review, Privileged Identity Management (PIM) configuration, and ongoing review of admin role assignments and sign-in risk.
Zero Trust architecture, policy deployment, and ongoing operation — practitioner-led, not handed off to a portal you have to learn.
Identity-side detection across Microsoft 365 and Google Workspace tenants — break-in attempts, malicious inbox rules, OAuth abuse, and adversary-in-the-middle phishing.
Training rollout, phishing simulation cadence, completion reporting for audit and insurance evidence — using whichever platform fits your culture and budget.
Scan ownership, finding triage, remediation prioritization, and the practical reporting that turns a scan output into a fix list your IT team will actually act on.
Cloud security posture management and cloud-native application protection across AWS, Azure, and Google Cloud — misconfigurations, identity-permission risk, and runtime exposure.
Continuous validation of detection-and-response coverage against MITRE ATT&CK — used to prove the security stack actually catches what it's supposed to, not just that it's deployed.
Continuous discovery of every device, identity, and SaaS app touching the environment — the prerequisite layer most security programs assume and most don't actually have.
Why this lane works
We don't earn rip-and-replace commission. If you've already invested in CrowdStrike, SentinelOne, Defender, Zscaler, or anything else on this list, the right answer is usually to operate it correctly — not to swap it for a different tool.
CISSP for the security leadership baseline. CCFH (CrowdStrike Certified Falcon Hunter) for CrowdStrike threat-hunting engagements. ZDTA (Zscaler Digital Transformation Administrator) for Zscaler deployments. Credentials map to platforms, not to a generic alphabet soup.
Same model as the Huntress side of the practice: one senior practitioner runs your program end-to-end. No ticket queue, no generic SOC handoff for anything that needs context.
Honest fit check
Most clients land on this page because they've already invested in a tool. A real chunk of them, after the briefing, end up on the Huntress laneinstead — because it's the better economic and operational fit. Pick that lane if any of these are true:
We'll tell you on the call which lane fits. If it's neither, we'll tell you that too — and point you somewhere honest.
FAQ
Each platform listed has either active engagement experience, vendor certification, or both. CrowdStrike is operated under a CCFH (Falcon Hunter) certification. Zscaler is operated under a ZDTA certification. Island Browser is currently deployed at a Fortune 500 airline as the lead practitioner. The other platforms have been deployed and operated in prior engagements. If you ask about a platform we haven't worked with, we'll tell you on the briefing — not after you've signed.
The published tier pricing ($15 / $32 / from $55) is for environments where Obsidian Ridge deploys and operates the Huntress platform end-to-end. Multi-vendor engagements are scoped per environment — the right structure depends on how many tools are in scope, how many users, and how much remediation work the current state actually needs. Quoted in writing during the briefing.
Yes. Many multi-vendor engagements involve sitting alongside an internal IT team or an existing MSP. The practitioner side handles security operations — detection tuning, alert triage, incident response, compliance evidence — while the IT side keeps doing what they do. Roles are written into the Statement of Work before the engagement starts.
No. The Huntress side of the practice is its own offering for clients who want a single platform. The multi-vendor side is for clients who already invested in their stack and want it operated properly. If we ever recommend a platform change, it's because the current stack genuinely can't do what you need — and the recommendation is in writing with the reasoning, not buried in a quarterly review.
No. The Huntress × Acrisure $0-deductible program is contingent on Huntress Managed EDR + Managed ITDR being live in the environment. Multi-vendor engagements (CrowdStrike, SentinelOne, Defender, etc.) don't qualify for that specific program. For traditional cyber insurance via your existing carrier, the Cyber Insurance Readiness Sprint helps you prepare the evidence packet regardless of which security stack you run.
Ask on the briefing. The list reflects platforms with active engagement experience or named certifications — it's not exhaustive of every product the practitioner has touched over a decade of work. The honest answer is delivered before any engagement is scoped, not after.
Next step
The briefing is free and 30 minutes. Come with your stack list, your pain points, and your current SLA expectations. We'll come back with a written scope, a fixed-fee proposal, and an honest answer on whether this lane is the right one for you.
