DTC & Black Talon

DTC Security Services vs Black Talon Security

A comparison of DTC's security offerings against Black Talon Security for transparent positioning and sales conversations.

Last updated: March 2026 | Owner: Nate Smith

Blackpoint CompassOne — What DTC Has Access To

Blackpoint rebranded their platform as CompassOne (launched April 2025 at RSAC). Three tiers:

Tier	What's Included
Essentials	Endpoint MDR and/or Cloud MDR. 24/7 SOC, patented EDR agent, identity detection & response. Month-to-month available, volume pricing at 50+ endpoints w/ 1-year commitment. This is the ~$20/month tier for budget-conscious clients.
Core	Everything in Essentials + Vulnerability Management, Application Control, Asset Inventory, Cloud Posture Management, Security Posture Rating, Tenant Administrator
Standard	Everything in Core + LogIC (SIEM with 365-day log storage), compliance mapping, full unified security posture ~~management~~management. Note: DTC uses Blumira for SIEM rather than Blackpoint's LogIC.

DTC's full security stack clients are on CompassOne ~~Standard~~Core for vuln management, app control, cloud posture, and asset inventory — plus Blumira for SIEM (~~or equivalent feature set via our multi-vendor approach)~~$25/device/month).

Service Comparison

Service Category	DTC Security Services	Black Talon Security
Endpoint Detection & Response	✅ MDR (Managed Detection & Response) included in base managed services — Blackpoint 24/7 SOC, patented EDR agent (SNAP)	✅ XDR (Extended Detection & Response) — AI-powered, brand unclear
Vulnerability Scanning	✅ CompassOne ~~Standard~~ — Contextual vulnerability prioritization (correlates vulns with asset criticality, exploitability, and threat activity), internal/external scanning, automated patch deployment. On top of platform scanning, DTC applies its own Patch Priority Score (PPS) formula with human review before any patch is approved.	✅ EAGLEi — Internal/external scanning every 4 hours (endpoints) and daily (firewalls), autonomous remediation
Fleet-Wide Vulnerability Remediation	✅ Included in base — If a vulnerability impacts all clients and remediation is realistic with no negative impact, we fix it (it's the right thing to do)	❌ Not offered — they scan, someone else fixes
Third Party & OS Patching	✅ Included in base — Industry-specific PPS scoring and nuances; custom policies available with consultation; all patches rejected by default	❌ Not mentioned
Application Control	✅ CompassOne ~~Standard~~ — SOC-curated app block rules, global + client-specific policies, zero-trust application enforcement	❌ Not offered
Cloud Posture Management	✅ CompassOne — Continuous M365 config monitoring, drift detection, policy change alerts, misconfig remediation guidance	❌ Not offered
Identity Detection & Response	✅ Included — Cloud + on-prem identity monitoring, automated M365 account locking (Blackpoint locks a compromised account every ~30 minutes across their SOC)	❌ Not specifically offered
Security Posture Rating	✅ CompassOne — NIST-based maturity scoring per client, benchmarking across attack surface areas (cloud, endpoint, vulnerabilities), maturity stage tracking	✅ EAGLEi dashboard provides visual risk scoring
Asset Inventory	✅ CompassOne — Full attack surface visibility: devices, identities, applications, SaaS accounts in one view	⚠️ Limited — device EOL tracking only
Firewall Management	✅ ~~Included in base~~Required — DTC-leased or client-~~managed;~~managed UniFi; policies, config, and updates fully managed	❌ Not mentioned
Zero Trust Network Access	✅ Add-on — Cloudflare ZTNA platform	❌ Not mentioned
Remote Console Access	✅ Add-on — MFA/Passkey protected via NinjaOne RMM	❌ Not mentioned
Penetration Testing	🔜 OpenText partnership planned	✅ Human-led penetration testing
vCISO	✅ Included with ~~MDR~~full ~~add-on~~security stack — Account Managers serve as vCISO/vCIO	✅ vCISO as separate offering
M365 / Google Workspace Threat Protection	✅ Add-on — Automated account locking, integrated with MDR; powered by multiple security providers	❌ Not specifically mentioned
SIEM / Log Management	✅ ~~CompassOne~~Blumira ~~Standard~~SIEM — ~~LogIC~~$25/device/month. AI-powered SIEM ~~with 365-day log retention, automated~~for compliance ~~mapping,~~& incident response, real-time event ~~collection.~~collection, ~~Feeds~~automated ~~into~~threat ~~SOC~~detection, log retention for ~~unified~~audit ~~visibility across firewalls, EDR, and vulnerability scanners.~~requirements.	❌ Not specifically mentioned
Security Awareness Training	✅ Add-on — Huntress EDU (training + phishing sims)	✅ Black Talon Academy (training + phishing sims)
Phishing Simulations	✅ Add-on — Included with Huntress EDU	✅ Simulated phishing attacks
Email Security	✅ Add-on — Microsoft Defender or OpenText Email Threat Protection	❌ Not specifically mentioned
Dark Web Monitoring	✅ ~~MDR~~Full ~~add-on~~security stack — Powered by CompassOne + 🔜 1Password credential monitoring	✅ Dark web scanning
Password Management	🔜 1Password as a service (partnership planned)	❌ Not mentioned
Incident Response	✅ DTC IR SOP (SEC-IR-001) + Blackpoint 24/7 SOC active response	✅ Dedicated incident response service
Forensic Analysis	⚠️ ~~SIEM~~Blumira supports it, not offered as standalone service	✅ Forensic investigations offered
Ransomware Recovery	✅ Work with client's cyber insurance provider (Hartford SOP documented)	✅ Ransomware recovery service
Device End-of-Life Tracking	✅ Via RMM (standard MSP service)	✅ Device EOL identification
Security Risk Assessment	✅ Network Assessment & Technology Evaluation SOP v3.0 — standardized intake and scoring	✅ Formal SRA offered as a service
HIPAA/Compliance Certifications	✅ CMMC policy framework documented, HIPAA operational compliance built into SOPs, cyber insurance SOP (Hartford)	✅ HCISPP-certified staff, HIPAA compliance focus
Unified Dashboard	✅ CompassOne — Security Posture Rating, asset inventory, tenant admin, vulnerability management, and MDR all visible from a single platform	✅ EAGLEi platform
Reporting	✅ Reports from all services via CompassOne + Blumira	✅ Via EAGLEi platform

DTC's Patch Priority Score (PPS)

DTC doesn't blindly auto-patch. Every vulnerability goes through a weighted scoring formula:

PPS = (CVSS × 0.6) + (Known Exploits × 1.5) + (Ease of Exploit × 1.5) + (Exploit Age × 1.0)

PPS Score	Priority	SLA
9.0 — 10.0	Critical	Patch within 24 hours
7.0 — 8.9	High	Patch within 7 days (cannot exceed 14)
4.0 — 6.9	Medium	Standard patch cycle (30 days)
< 4.0	Low	Patch as needed

All patches are rejected by default. The Code Commanders team manually reviews every Patch Tuesday release using The Hacker News, Bleeping Computer, 0dayfans, Reddit mega threads, and patchtuesday.com before approving anything. If a patch causes 5+ incident tickets, it becomes a Problem and gets rolled back immediately.

This matters because dental software compatibility is fragile. You can't just auto-approve a .NET update when Dentrix G7 has specific version dependencies. DTC's engineers understand this. Black Talon's "autonomous remediation" doesn't account for it.

Key Differentiators

DTC Strengths

Full MSP relationship — security is part of IT management, not a bolt-on
MDR bundled with base managed services
CompassOne ~~Standard~~ — unified security posture platform with vuln management, application control, cloud posture, ~~SIEM,~~ and NIST-based maturity scoring

Blumira SIEM — compliance-grade logging and incident response at $25/device Proactive patching — Third party apps & Windows OS patched based on industry-specific PPS scoring; custom policies available Fleet-wide vulnerability remediation — If it impacts all clients and we can fix it safely, we do it as part of standard service Firewall management — DTC-leased or client-managed; fully managed policies, config, and updates Zero Trust Network Access — Cloudflare ZTNA platform Secure remote access — MFA/Passkey protected console access via NinjaOne M365 & Google Workspace threat detection with automated response Human-led vulnerability decisions — your Account Manager (AM) and our engineers work with you directly Ransomware recovery through proper channels (cyber insurance) Upcoming partnerships filling gaps (1Password, OpenText pen testing)

Black Talon Strengths

Human penetration testing (available now)
Forensic investigations as a service
HCISPP-certified staff for HIPAA compliance consulting
DSO conference presence — endorsed by AAO, OMSNIC, multiple state dental associations

Black Talon Intel

Company size: ~$22M revenue, 15 employees, HQ in Katonah, NY with Boca Raton office
Positioning: "Your IT company is NOT equipped to handle threats. You need IT AND a cybersecurity company." They explicitly sell separation of duties between IT and security as a requirement.
EAGLEi platform: Single pane of glass for vuln management. Scans endpoints every 4 hours, firewalls daily. Autonomous patching. Pen testing, SRA, dark web monitoring, phishing simulation all integrated.
Pricing model: Not public. Reseller markup of 50-100% for MSP partners. No minimum purchase.
Dental focus: Claims to secure 35,000+ devices in dental space. Endorsed by AAO, OMSNIC, multiple state dental associations. CEO Gary Salman is visible in the DSO conference circuit.
Key weakness: They are NOT an MSP. They don't manage infrastructure, backups, servers, workstations, or dental software. They layer on top of whoever is doing the IT work. When their scan finds a vuln, someone else has to fix it. With DTC, the team that finds the vuln IS the team that fixes it.
DSO play: They target DSOs specifically, offering to audit the MSP. Their pitch to DSO leadership: "Your IT company doesn't know what they don't know. We audit them." DTC's counter: we welcome audits because our stack is documented, scored, and defensible.

The Bottom Line

Black Talon sells security products. DTC is your MSP — security is integrated into the relationship.

When you work with DTC, you're not just buying a product — you're getting a managed service. Your account manager works with you on vulnerability decisions, compliance requirements, and security strategy as part of the ongoing relationship.

Black Talon sells 8-10 separate products/engagements to cover what DTC delivers in ~~two~~a ~~tiers~~handful ~~(base~~of ~~MSA~~line ~~+ Full Security Stack).~~items. And Black Talon doesn't manage the infrastructure, so when they find a problem, someone else has to fix it. With DTC, the team that finds the vuln IS the team that fixes it.

Blackpoint Published a DTC Success Story

Blackpoint published a case study featuring Scott Leister (Senior Systems Engineer at DTC) on their website in September 2025. Title: "DTC Strengthens Cybersecurity for Budget-Conscious Clients with Blackpoint MDR Essentials." This is useful for sales conversations — our MDR vendor publicly validates DTC's approach.

Link: https://blackpointcyber.com/success-story/dtc-strengthens-cybersecurity-for-budget-conscious-clients-with-blackpoint-mdr-essentials/

Notes

DTC will not negotiate with ransomware actors — cyber insurance providers make those decisions
All vulnerability scoring is done by DTC; clients work with their Account Manager (what we call vCIOs/vCISOs) on remediation decisions for in-production or unsupported software
Account Managers work directly with our engineers — if a vulnerability can't just be remediated, we'll be on the phone with the client and Account Manager explaining why and working through options together

Working with Black Talon

DTC will collaborate with Black Talon when a client uses their services. However, this work requires engineer time (not service desk) and involves tools outside our standard stack. As such, consulting fees will apply for client-specific issues that require DTC involvement with Black Talon's platform or services.

We're happy to work together — just not for free.