DTC & Black Talon
DTC & Black Talon
DTC Security Services vs Black Talon Security
A comparison of DTC's security offerings against Black Talon Security for transparent positioning and sales conversations.
Service
Last Comparisonupdated:
ServiceMarch Category | DTC2026 Security| Services | BlackOwner: TalonNate Security |
|---|
Endpoint Detection & Response✅ MDR (Managed Detection & Response) included in base managed services✅ XDR (Extended Detection & Response)
Vulnerability Scanning✅ MDR add-on - Human-led remediation with DTC-scored vulnerabilities; powered by industry-leading MDR platform✅ Internal/external scanning with autonomous remediation
Fleet-Wide Vulnerability Remediation✅ Included in base - If a vulnerability impacts all clients and remediation is realistic with no negative impact, we fix it (it's the right thing to do)❌ Not mentioned
Third Party & OS Patching✅ Included in base - Industry-specific scoring and nuances; custom policies available with consultation❌ Not mentioned
Firewall Management✅ Included in base - DTC-leased or client-managed; policies, config, and updates fully managed❌ Not mentioned
Zero Trust Network Access✅ Add-on - Cloudflare ZTNA platform❌ Not mentioned
Remote Console Access✅ Add-on - MFA/Passkey protected via NinjaOne RMM❌ Not mentioned
Penetration Testing🔜 OpenText partnership planned✅ Human-led penetration testing
vCISO (Virtual Chief Information Security Officer)✅ Included with MDR add-on✅ vCISO as separate offering
M365 / Google Workspace Threat Protection✅ Add-on - Automated account locking, integrated with MDR; powered by multiple security providers❌ Not specifically mentioned
SIEM / Log Management✅ Add-on - AI-Powered SIEM for compliance & incident response❌ Not specifically mentioned
Security Awareness Training✅ Add-on - Powered by Huntress EDU✅ Cybersecurity awareness training
Phishing Simulations✅ Add-on - Included with Huntress EDU✅ Simulated phishing attacks
Email Security✅ Add-on - Microsoft Defender or OpenText Email Threat Protection❌ Not specifically mentioned
Dark Web Monitoring✅ MDR add-on - Powered by MDR platform + 🔜 1Password credential monitoring✅ Dark web scanning
Password Management🔜 1Password as a service (partnership planned)❌ Not mentioned
Incident Response✅ SIEM assists with incident response✅ Dedicated incident response service
Forensic Analysis⚠️ SIEM supports it, not offered as service✅ Forensic investigations offered
Ransomware Recovery✅ Work with client's cyber insurance provider✅ Ransomware recovery service
Device End-of-Life Tracking✅ Via RMM (standard MSP service)✅ Device EOL identification
Unified Dashboard🔜 Customer portal in development✅ EAGLEi platform
Reporting✅ Reports from all services✅ Via EAGLEi platform
Key Differentiators
DTC Strengths
Full MSP relationship - security is part of IT management, not a bolt-on
MDR bundled with base managed services
Proactive patching - Third party apps & Windows OS patched based on industry-specific scoring; custom policies available
Fleet-wide vulnerability remediation - If it impacts all clients and we can fix it safely, we do it as part of standard service
Firewall management - DTC-leased or client-managed; fully managed policies, config, and updates
Zero Trust Network Access - Cloudflare ZTNA platform
Secure remote access - MFA/Passkey protected console access via NinjaOne
M365 & Google Workspace threat detection with automated response
AI-powered SIEM for compliance
Human-led vulnerability decisions - your Account Manager (AM) and our engineers work with you directly
Ransomware recovery through proper channels (cyber insurance)
Upcoming partnerships filling gaps (1Password, OpenText pen testing)
Black Talon Strengths
Human penetration testing (available now)
Forensic investigations as a service
Unified dashboard (EAGLEi) already live
The Bottom Line
Black Talon sells security products. DTC isSmith your MSP - security is integrated into the relationship.
When you work with DTC, you're not just buying a product - you're getting a managed service. Your account manager works with you on vulnerability decisions, compliance requirements, and security strategy as part of the ongoing relationship.
Notes
DTC will not negotiate with ransomware actors - cyber insurance providers make those decisions
All vulnerability scoring is done by DTC; clients work with their Account Manager (what we call vCIOs/vCISOs) on remediation decisions for in-production or unsupported software
Account Managers work directly with our engineers - if a vulnerability can't just be remediated, we'll be on the phone with the client and Account Manager explaining why and working through options together
Working with Black Talon
DTC will collaborate with Black Talon when a client uses their services. However, this work requires engineer time (not service desk) and involves tools outside our standard stack. As such, consulting fees will apply for client-specific issues that require DTC involvement with Black Talon's platform or services.
We're happy to work together - just not for free.
March 2026 Update — Blackpoint CompassOne &— Expanded Comparison
This section reflects updates to Blackpoint's platform (CompassOne, launched April 2025 at RSAC) and expanded competitive intel on Black Talon. Merge into the main comparison table above when ready.
Blackpoint CompassOne Tiers (What DTC Has Access To)
To
Blackpoint rebranded their platform as CompassOne with(launched threeApril 2025 at RSAC). Three tiers:
| Tier | What's Included |
|---|
| Essentials | Endpoint MDR and/or Cloud MDR. 24/7 SOC, patented EDR agent, identity detection & response. Month-to-month available, volume pricing at 50+ endpoints w/ 1-year commitment. This is the ~$20/month tier for budget-conscious clients. |
| Core | Everything in Essentials + Vulnerability Management, Application Control, Asset Inventory, Cloud Posture Management, Security Posture Rating, Tenant Administrator |
| Standard | Everything in Core + LogIC (SIEM with 365-day log storage), compliance mapping, full unified security posture management |
DTC's full security stack clients are on CompassOne Standard (or equivalent feature set via our multi-vendor approach).
New
Service Comparison Rows (Add to Main Table)
| Service Category | DTC Security Services | Black Talon Security |
|---|
Endpoint Detection & Response✅ MDR (Managed Detection & Response) included in base managed services — Blackpoint 24/7 SOC, patented EDR agent (SNAP)✅ XDR (Extended Detection & Response) — AI-powered, brand unclear
Vulnerability Scanning✅ CompassOne Standard — Contextual vulnerability prioritization (correlates vulns with asset criticality, exploitability, and threat activity), internal/external scanning, automated patch deployment. On top of platform scanning, DTC applies its own Patch Priority Score (PPS) formula with human review before any patch is approved.✅ EAGLEi — Internal/external scanning every 4 hours (endpoints) and daily (firewalls), autonomous remediation
Fleet-Wide Vulnerability Remediation✅ Included in base — If a vulnerability impacts all clients and remediation is realistic with no negative impact, we fix it (it's the right thing to do)❌ Not offered — they scan, someone else fixes
Third Party & OS Patching✅ Included in base — Industry-specific PPS scoring and nuances; custom policies available with consultation; all patches rejected by default❌ Not mentioned
Application Control✅ CompassOne Standard — SOC-curated app block rules, global + client-specific policies, zero-trust application enforcement❌ Not offered
Cloud Posture Management✅ CompassOne — Continuous M365 config monitoring, drift detection, policy change alerts, misconfig remediation guidance❌ Not
offered
Identity Detection & Response✅ Included — Cloud + on-prem identity monitoring, automated M365 account locking (Blackpoint locks a compromised account every ~30 minutes across their SOC)❌ Not specifically offered
Security Posture Rating✅ CompassOne — NIST-based maturity scoring per client, benchmarking across attack surface areas (cloud, endpoint, vulnerabilities), maturity stage tracking✅ EAGLEi dashboard provides visual risk scoring
Asset Inventory✅ CompassOne — Full attack surface visibility: devices, identities, applications, SaaS accounts in one view⚠️ Limited — device EOL tracking only
IdentityFirewall Detection & ResponseManagement✅ Included
in base —
CloudDTC-leased +or on-premclient-managed; identitypolicies, monitoring,config, automatedand updates fully managed❌ Not mentioned
Zero Trust Network Access✅ Add-on — Cloudflare ZTNA platform❌ Not mentioned
Remote Console Access✅ Add-on — MFA/Passkey protected via NinjaOne RMM❌ Not mentioned
Penetration Testing🔜 OpenText partnership planned✅ Human-led penetration testing
vCISO✅ Included with MDR add-on — Account Managers serve as vCISO/vCIO✅ vCISO as separate offering
M365 / Google Workspace Threat Protection✅ Add-on — Automated account
lockinglocking, (locksintegrated awith compromisedMDR; accountpowered everyby ~30multiple minutessecurity across their SOC)providers❌ Not specifically
mentioned
SIEM / Log Management✅ CompassOne Standard — LogIC SIEM with 365-day log retention, automated compliance mapping, real-time event collection. Feeds into SOC for unified visibility across firewalls, EDR, and vulnerability scanners.❌ Not specifically mentioned
Security Awareness Training✅ Add-on — Huntress EDU (training + phishing sims)✅ Black Talon Academy (training + phishing sims)
Phishing Simulations✅ Add-on — Included with Huntress EDU✅ Simulated phishing attacks
Email Security✅ Add-on — Microsoft Defender or OpenText Email Threat Protection❌ Not specifically mentioned
Dark Web Monitoring✅ MDR add-on — Powered by CompassOne + 🔜 1Password credential monitoring✅ Dark web scanning
Password Management🔜 1Password as a service (partnership planned)❌ Not mentioned
Incident Response✅ DTC IR SOP (SEC-IR-001) + Blackpoint 24/7 SOC active response✅ Dedicated incident response service
Forensic Analysis⚠️ SIEM supports it, not offered
as standalone service✅ Forensic investigations offered
Ransomware Recovery✅ Work with client's cyber insurance provider (Hartford SOP documented)✅ Ransomware recovery service
Device End-of-Life Tracking✅ Via RMM (standard MSP service)✅ Device EOL identification
Security Risk Assessment✅ Network Assessment & Technology Evaluation SOP v3.0 — standardized intake and scoring✅ Formal SRA offered as a service
HIPAA/Compliance Certifications✅ CMMC policy framework documented, HIPAA operational compliance built into SOPs, cyber insurance SOP (Hartford)✅ HCISPP-certified staff, HIPAA compliance focus
CybersecurityUnified Awareness TrainingDashboard✅
Add-onCompassOne —
Huntress EDU (training + phishing sims)✅ Black Talon Academy (training + phishing sims)
Security Risk Assessment✅ Network Assessment & Technology Evaluation SOP v3.0 — standardized intake and scoring✅ Formal SRA offered as a service
Updated Rows (Corrections to Main Table)
Unified Dashboard: Change from 🔜 to ✅ — CompassOne is live. Security Posture Rating, asset inventory, tenant admin, vulnerability management, and MDR all visible from a single platform. Client-facing portal with reporting is operational.
Vulnerability Scanning: Strengthen the DTC description — "platform
✅
CompassOne Standard — Contextual vulnerability prioritization (correlates vulns with asset criticality, exploitability, and threat activity), internal/external scanning, automated patch deployment. On top ofEAGLEi platform
scanning, DTC applies its own Patch Priority Score (PPS)Reporting formula with human review before any patch is approved."
SIEM / Log Management: Update to reference LogIC specifically — "
✅
Reports from all services via CompassOne
✅ StandardVia —EAGLEi LogICplatform
SIEM
with
365-day log retention, automated compliance mapping, real-time event collection. Feeds into SOC for unified visibility across firewalls, EDR, and vulnerability scanners."
DTC's Patch Priority Score (PPS) — Detail for Sales Conversations
DTC doesn't blindly auto-patch. Every vulnerability goes through a weighted scoring formula:
PPS = (CVSS × 0.6) + (Known Exploits × 1.5) + (Ease of Exploit × 1.5) + (Exploit Age × 1.0)
| PPS Score | Priority | SLA |
|---|
9.0 –— 10.0 | Critical | Patch within 24 hours |
7.0 –— 8.9 | High | Patch within 7 days (cannot exceed 14) |
4.0 –— 6.9 | Medium | Standard patch cycle (30 days) |
| < 4.0 | Low | Patch as needed |
All patches are rejected by default. The Code Commanders team manually reviews every Patch Tuesday release using The Hacker News, Bleeping Computer, 0dayfans, Reddit mega threads, and patchtuesday.com before approving anything. If a patch causes 5+ incident tickets, it becomes a Problem and gets rolled back immediately.
This matters because dental software compatibility is fragile. You can't just auto-approve a .NET update when Dentrix G7 has specific version dependencies. DTC's engineers understand this. Black Talon's "autonomous remediation" doesn't account for it.
Key Differentiators
ExpandedDTC Strengths
Full MSP relationship — security is part of IT management, not a bolt-on
MDR bundled with base managed services
CompassOne Standard — unified security posture platform with vuln management, application control, cloud posture, SIEM, and NIST-based maturity scoring
Proactive patching — Third party apps & Windows OS patched based on industry-specific PPS scoring; custom policies available
Fleet-wide vulnerability remediation — If it impacts all clients and we can fix it safely, we do it as part of standard service
Firewall management — DTC-leased or client-managed; fully managed policies, config, and updates
Zero Trust Network Access — Cloudflare ZTNA platform
Secure remote access — MFA/Passkey protected console access via NinjaOne
M365 & Google Workspace threat detection with automated response
Human-led vulnerability decisions — your Account Manager (AM) and our engineers work with you directly
Ransomware recovery through proper channels (cyber insurance)
Upcoming partnerships filling gaps (1Password, OpenText pen testing)
Black Talon Strengths
Human penetration testing (available now)
Forensic investigations as a service
HCISPP-certified staff for HIPAA compliance consulting
DSO conference presence — endorsed by AAO, OMSNIC, multiple state dental associations
Black Talon Intel
- Company size: ~$22M revenue, 15 employees, HQ in Katonah, NY with Boca Raton office
- Positioning: "Your IT company is NOT equipped to handle threats. You need IT AND a cybersecurity company." They explicitly sell separation of duties between IT and security as a requirement.
- EAGLEi platform: Single pane of glass for vuln management. Scans endpoints every 4 hours, firewalls daily. Autonomous patching. Pen testing, SRA, dark web monitoring, phishing simulation all integrated.
- Pricing model: Not public. Reseller markup of 50-100% for MSP partners. No minimum purchase.
- Dental focus: Claims to secure 35,000+ devices in dental space. Endorsed by AAO, OMSNIC, multiple state dental associations. CEO Gary Salman is visible in the DSO conference circuit.
- Key weakness: They are NOT an MSP. They don't manage infrastructure, backups, servers, workstations, or dental software. They layer on top of whoever is doing the IT work. When their scan finds a vuln, someone else has to fix it. With DTC, the team that finds the vuln IS the team that fixes it.
- DSO play: They target DSOs specifically, offering to audit the MSP. Their pitch to DSO leadership: "Your IT company doesn't know what they don't know. We audit them." DTC's counter: we welcome audits because our stack is documented, scored, and defensible.
The Bottom Line
Black Talon sells security products. DTC is your MSP — security is integrated into the relationship.
When you work with DTC, you're not just buying a product — you're getting a managed service. Your account manager works with you on vulnerability decisions, compliance requirements, and security strategy as part of the ongoing relationship.
Black Talon sells 8-10 separate products/engagements to cover what DTC delivers in two tiers (base MSA + Full Security Stack). And Black Talon doesn't manage the infrastructure, so when they find a problem, someone else has to fix it. With DTC, the team that finds the vuln IS the team that fixes it.
Blackpoint Published a DTC Success Story
Blackpoint published a case study featuring Scott Leister (Senior Systems Engineer at DTC) on their website in September 2025. Title: "DTC Strengthens Cybersecurity for Budget-Conscious Clients with Blackpoint MDR Essentials." This is useful for sales conversations — our MDR vendor publicly validates DTC's approach.
Link: https://blackpointcyber.com/success-story/dtc-strengthens-cybersecurity-for-budget-conscious-clients-with-blackpoint-mdr-essentials/
Notes
DTC will not negotiate with ransomware actors — cyber insurance providers make those decisions
All vulnerability scoring is done by DTC; clients work with their Account Manager (what we call vCIOs/vCISOs) on remediation decisions for in-production or unsupported software
Account Managers work directly with our engineers — if a vulnerability can't just be remediated, we'll be on the phone with the client and Account Manager explaining why and working through options together
Working with Black Talon
DTC will collaborate with Black Talon when a client uses their services. However, this work requires engineer time (not service desk) and involves tools outside our standard stack. As such, consulting fees will apply for client-specific issues that require DTC involvement with Black Talon's platform or services.
We're happy to work together — just not for free.
