DTC & Black Talon
DTC Security Services vs Black Talon Security
A comparison of DTC's security offerings against Black Talon Security for transparent positioning and sales conversations.
Last updated: March 2026 | Owner: Nate Smith
Blackpoint CompassOne — What DTC Has Access To
Blackpoint rebranded their platform as CompassOne (launched April 2025 at RSAC). Three tiers:
| Tier | What's Included |
|---|---|
| Essentials | Endpoint MDR and/or Cloud MDR. 24/7 SOC, patented EDR agent, identity detection & response. Month-to-month available, volume pricing at 50+ endpoints w/ 1-year commitment. This is the ~$20/month tier for budget-conscious clients. |
| Core | Everything in Essentials + Vulnerability Management, Application Control, Asset Inventory, Cloud Posture Management, Security Posture Rating, Tenant Administrator |
| Standard | Everything in Core + LogIC (SIEM with 365-day log storage), compliance mapping, full unified security posture management. Note: DTC uses Blumira for SIEM rather than Blackpoint's LogIC. |
DTC's full security stack clients are on CompassOne Core for vuln management, app control, cloud posture, and asset inventory — plus Blumira for SIEM ($25/device/month).
Service Comparison
| Service Category | DTC Security Services | Black Talon Security |
|---|---|---|
| Endpoint Detection & Response | ✅ MDR (Managed Detection & Response) included in base managed services — Blackpoint 24/7 SOC, patented EDR agent (SNAP) | ✅ XDR (Extended Detection & Response) — AI-powered, brand unclear |
| Vulnerability Scanning | ✅ CompassOne — Contextual vulnerability prioritization (correlates vulns with asset criticality, exploitability, and threat activity), internal/external scanning, automated patch deployment. On top of platform scanning, DTC applies its own Patch Priority Score (PPS) formula with human review before any patch is approved. | ✅ EAGLEi — Internal/external scanning every 4 hours (endpoints) and daily (firewalls), autonomous remediation |
| Fleet-Wide Vulnerability Remediation | ✅ Included in base — If a vulnerability impacts all clients and remediation is realistic with no negative impact, we fix it (it's the right thing to do) | ❌ Not offered — they scan, someone else fixes |
| Third Party & OS Patching | ✅ Included in base — Industry-specific PPS scoring and nuances; custom policies available with consultation; all patches rejected by default | ❌ Not mentioned |
| Application Control | ✅ CompassOne — SOC-curated app block rules, global + client-specific policies, zero-trust application enforcement | ❌ Not offered |
| Cloud Posture Management | ✅ CompassOne — Continuous M365 config monitoring, drift detection, policy change alerts, misconfig remediation guidance | ❌ Not offered |
| Identity Detection & Response | ✅ Included — Cloud + on-prem identity monitoring, automated M365 account locking (Blackpoint locks a compromised account every ~30 minutes across their SOC) | ❌ Not specifically offered |
| Security Posture Rating | ✅ CompassOne — NIST-based maturity scoring per client, benchmarking across attack surface areas (cloud, endpoint, vulnerabilities), maturity stage tracking | ✅ EAGLEi dashboard provides visual risk scoring |
| Asset Inventory | ✅ CompassOne — Full attack surface visibility: devices, identities, applications, SaaS accounts in one view | ⚠️ Limited — device EOL tracking only |
| Firewall Management | ✅ Required — DTC-leased or client-managed UniFi; policies, config, and updates fully managed | ❌ Not mentioned |
| Zero Trust Network Access | ✅ Add-on — Cloudflare ZTNA platform | ❌ Not mentioned |
| Remote Console Access | ✅ Add-on — MFA/Passkey protected via NinjaOne RMM | ❌ Not mentioned |
| Penetration Testing | 🔜 OpenText partnership planned | ✅ Human-led penetration testing |
| vCISO | ✅ Included with full security stack — Account Managers serve as vCISO/vCIO | ✅ vCISO as separate offering |
| M365 / Google Workspace Threat Protection | ✅ Add-on — Automated account locking, integrated with MDR; powered by multiple security providers | ❌ Not specifically mentioned |
| SIEM / Log Management | ✅ Blumira SIEM — $25/device/month. AI-powered SIEM for compliance & incident response, real-time event collection, automated threat detection, log retention for audit requirements. | ❌ Not specifically mentioned |
| Security Awareness Training | ✅ Add-on — Huntress EDU (training + phishing sims) | ✅ Black Talon Academy (training + phishing sims) |
| Phishing Simulations | ✅ Add-on — Included with Huntress EDU | ✅ Simulated phishing attacks |
| Email Security | ✅ Add-on — Microsoft Defender or OpenText Email Threat Protection | ❌ Not specifically mentioned |
| Dark Web Monitoring | ✅ Full security stack — Powered by CompassOne + 🔜 1Password credential monitoring | ✅ Dark web scanning |
| Password Management | 🔜 1Password as a service (partnership planned) | ❌ Not mentioned |
| Incident Response | ✅ DTC IR SOP (SEC-IR-001) + Blackpoint 24/7 SOC active response | ✅ Dedicated incident response service |
| Forensic Analysis | ⚠️ Blumira supports it, not offered as standalone service | ✅ Forensic investigations offered |
| Ransomware Recovery | ✅ Work with client's cyber insurance provider (Hartford SOP documented) | ✅ Ransomware recovery service |
| Device End-of-Life Tracking | ✅ Via RMM (standard MSP service) | ✅ Device EOL identification |
| Security Risk Assessment | ✅ Network Assessment & Technology Evaluation SOP v3.0 — standardized intake and scoring | ✅ Formal SRA offered as a service |
| HIPAA/Compliance Certifications | ✅ CMMC policy framework documented, HIPAA operational compliance built into SOPs, cyber insurance SOP (Hartford) | ✅ HCISPP-certified staff, HIPAA compliance focus |
| Unified Dashboard | ✅ CompassOne — Security Posture Rating, asset inventory, tenant admin, vulnerability management, and MDR all visible from a single platform | ✅ EAGLEi platform |
| Reporting | ✅ Reports from all services via CompassOne + Blumira | ✅ Via EAGLEi platform |
DTC's Patch Priority Score (PPS)
DTC doesn't blindly auto-patch. Every vulnerability goes through a weighted scoring formula:
PPS = (CVSS × 0.6) + (Known Exploits × 1.5) + (Ease of Exploit × 1.5) + (Exploit Age × 1.0)| PPS Score | Priority | SLA |
|---|---|---|
| 9.0 — 10.0 | Critical | Patch within 24 hours |
| 7.0 — 8.9 | High | Patch within 7 days (cannot exceed 14) |
| 4.0 — 6.9 | Medium | Standard patch cycle (30 days) |
| < 4.0 | Low | Patch as needed |
All patches are rejected by default. The Code Commanders team manually reviews every Patch Tuesday release using The Hacker News, Bleeping Computer, 0dayfans, Reddit mega threads, and patchtuesday.com before approving anything. If a patch causes 5+ incident tickets, it becomes a Problem and gets rolled back immediately.
This matters because dental software compatibility is fragile. You can't just auto-approve a .NET update when Dentrix G7 has specific version dependencies. DTC's engineers understand this. Black Talon's "autonomous remediation" doesn't account for it.
Key Differentiators
DTC Strengths
- Full MSP relationship — security is part of IT management, not a bolt-on
- MDR bundled with base managed services
- CompassOne — unified security posture platform with vuln management, application control, cloud posture, and NIST-based maturity scoring
- Blumira SIEM — compliance-grade logging and incident response at $25/device
- Proactive patching — Third party apps & Windows OS patched based on industry-specific PPS scoring; custom policies available
- Fleet-wide vulnerability remediation — If it impacts all clients and we can fix it safely, we do it as part of standard service
- Firewall management — DTC-leased or client-managed; fully managed policies, config, and updates
- Zero Trust Network Access — Cloudflare ZTNA platform
- Secure remote access — MFA/Passkey protected console access via NinjaOne
- M365 & Google Workspace threat detection with automated response
- Human-led vulnerability decisions — your Account Manager (AM) and our engineers work with you directly
- Ransomware recovery through proper channels (cyber insurance)
- Upcoming partnerships filling gaps (1Password, OpenText pen testing)
Black Talon Strengths
- Human penetration testing (available now)
- Forensic investigations as a service
- HCISPP-certified staff for HIPAA compliance consulting
- DSO conference presence — endorsed by AAO, OMSNIC, multiple state dental associations
Black Talon Intel
- Company size: ~$22M revenue, 15 employees, HQ in Katonah, NY with Boca Raton office
- Positioning: "Your IT company is NOT equipped to handle threats. You need IT AND a cybersecurity company." They explicitly sell separation of duties between IT and security as a requirement.
- EAGLEi platform: Single pane of glass for vuln management. Scans endpoints every 4 hours, firewalls daily. Autonomous patching. Pen testing, SRA, dark web monitoring, phishing simulation all integrated.
- Pricing model: Not public. Reseller markup of 50-100% for MSP partners. No minimum purchase.
- Dental focus: Claims to secure 35,000+ devices in dental space. Endorsed by AAO, OMSNIC, multiple state dental associations. CEO Gary Salman is visible in the DSO conference circuit.
- Key weakness: They are NOT an MSP. They don't manage infrastructure, backups, servers, workstations, or dental software. They layer on top of whoever is doing the IT work. When their scan finds a vuln, someone else has to fix it. With DTC, the team that finds the vuln IS the team that fixes it.
- DSO play: They target DSOs specifically, offering to audit the MSP. Their pitch to DSO leadership: "Your IT company doesn't know what they don't know. We audit them." DTC's counter: we welcome audits because our stack is documented, scored, and defensible.
The Bottom Line
Black Talon sells security products. DTC is your MSP — security is integrated into the relationship.
When you work with DTC, you're not just buying a product — you're getting a managed service. Your account manager works with you on vulnerability decisions, compliance requirements, and security strategy as part of the ongoing relationship.
Black Talon sells 8-10 separate products/engagements to cover what DTC delivers in a handful of line items. And Black Talon doesn't manage the infrastructure, so when they find a problem, someone else has to fix it. With DTC, the team that finds the vuln IS the team that fixes it.
Blackpoint Published a DTC Success Story
Blackpoint published a case study featuring Scott Leister (Senior Systems Engineer at DTC) on their website in September 2025. Title: "DTC Strengthens Cybersecurity for Budget-Conscious Clients with Blackpoint MDR Essentials." This is useful for sales conversations — our MDR vendor publicly validates DTC's approach.
Notes
- DTC will not negotiate with ransomware actors — cyber insurance providers make those decisions
- All vulnerability scoring is done by DTC; clients work with their Account Manager (what we call vCIOs/vCISOs) on remediation decisions for in-production or unsupported software
- Account Managers work directly with our engineers — if a vulnerability can't just be remediated, we'll be on the phone with the client and Account Manager explaining why and working through options together
Working with Black Talon
DTC will collaborate with Black Talon when a client uses their services. However, this work requires engineer time (not service desk) and involves tools outside our standard stack. As such, consulting fees will apply for client-specific issues that require DTC involvement with Black Talon's platform or services.
We're happy to work together — just not for free.